Dell Secure Mobile Access solutions · •Mobile Devices Usage and Future ... Secure Mobile Access appliances SMA 7200 SMA 6200 Virtual Appliance VM Ware, Hyper-V SRA EX9000 ... desktop

Dell Secure Mobile Access solutions Mobile Connect app E-class Secure Remote Access appliances Colin Wu [email protected]

2 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Agenda

• Mobile Devices Usage and Future • BYOD challenge and hidden costs • Evolution of SSL VPN • Dell SonicWALL SMA Solution & Modules • Demo (Per-app VPN for Mobile Devices) • Q&A



41% of smart phone users use personal devices for business*

*IDG Mobile Survey 2013

Mobile Devices Usage and Future



Gartner predicts by 2017, half of employers will require employees to supply their own device for work purposes

Mobile Devices Usage and Future



1. Data loss from lost, stolen devices

2. Information-stealing mobile malware 3. Data loss, leakage through 3rd party apps

4. Vulnerabilities with devices, OS design and 3rd party apps

5. Insecure wifi (data loss)

Mobile security pain points*

Data Loss

Big Data Loss



The Mobile Devices challenge

Personal Business

Increased business risk:

Corporate data loss Malware attack Personal data privacy compliance



Mobile Devices hidden costs Corp Issued PC

• Multiple solutions from different vendors required for a complete service • Each new device type or application requires new specialist technology and skill • Managing users access and protecting corporate data involves new assessments

$ $ $ $ $ $ $ $ = + + +

Corp Issued Mobiles

BYO Mobiles BYO Desktops

Future Devices and applications



Evolution of Access The Remote Access Service

o Dial Up – RAS – Remote Access Service o Complex telephony and un-reliable modems o White gloves managed service



Evolution of Access – Full VPN

SMA

Locked Down Perimeter

o Tunneled internet connection over IPSEC o Extends corporate network to mobile laptops o Perimeter protection around network edge and laptop



Evolution of Access – SSL VPN

SMA

User Device Port Subnet

a b x y

ACL : Access Control List

Routing table 1.1.1.x 10.15.x.x 10.20.30.x

Granular selective access



Evolution of Access – App Level VPN

SMA

o Core plumbing provided by the OS vendor o Perimeter reduced to the application o Only corporate apps allowed to access data over the VPN



Evolution of Access – App Access Control VPN

SMA


a b x y App

z

Granular selective access refined with application variables



Evolution of Access – App Instance VPN


a b x y App

z

SMA

Instance

c

o Containers provide DLP instance of user normal productivity apps o Normal user workflows maintained



Trusted user? Trusted device? Trusted mobile apps?

Trusted user Trusted device Trusted mobile apps

Secure access – personal device

Dell Secure Mobile Access (SMA) Solution

Web Apps Client/Server Apps

File Shares Databases

VoIP VDI Infrastructure

Applications Directories

Corporate perimeter

LDAP AD

RADIUS

LDAP

Authenticate user Validate device and mobile app integrity Enforce BYOD policy acceptance Connect only authorized apps to VPN and resources



Device Profile Attribute Types

Device identity • Mapped directory • Domain membership • Watermark/certificate • Any resident file • Device ID

Device integrity • Anti-virus • Registry key • Windows O/S level • Personal firewall • Anti-spyware • Jailbroken/rooted

Device profile • Android • iOS • Windows • Windows mobile • Macintosh • Linux

With data security • Cache control • Secure desktop



Defining EPC Zones Connectio

n request

Any Deny

zones

matched?

User

placed in

Deny

zone

Any

Standard

zones

matched?

User

placed in

Standard

zone

yes

User

placed in

Quarantine

zone

no User

placed in

Default

zone

no

yes



End Point Control for iOS Devices

End Point Control • Determine Jailbreak status

• DeviceID

• Certificate enforcement

• OS version control



End Point Control for Android Devices

End Point Control • Determine if the device has been “rooted”

• DeviceID (Enforced based IMEI of the Android device)

• Certificate enforcement

• OS version control

• Enforcement of Anti-Virus (Requires Aventail 10.6.1)



Simplify per app VPN access control • Restrict VPN access to mobile apps authorized by

IT to reduce threat risk.

• Support any mobile app, secure container or MDM solution.

• Validates mobile app integrity with app signature



Mobile device policy enforcement protects from BYOD business risk

• End-user required to accept policy terms to gain access

• Administrator can customize policy

• Support for per group policy

• Policy acceptance reporting



WorkPlace access: Access to web-based and client/ server applications from virtually any device.

WorkPlace Portal Easy-to-use clientless browser based access



Global Management

What is it? Centralised management of SMA Known as: CMS Customer Benefit: Lower TCO Central view of their global service



License Distribution – Normal Operations

Normal operations

- Fairly normal distribution of users across 3 managed appliances - Shanghai, Bangalore and Seattle

- Alerts panel: No Alerts

- Appliances panel: Table view shows appliances statistics

- Current users panel: Pie chart view shows distribution of users



License Distribution – Normal Operations

Normal operations with different view selections

- Appliances panel: Geographic view of CMS and appliances

- Current users panel: Dial gauge view of users on appliances - relative to max licensed setting (5000) for each appliance



License Distribution versus Consumed

Dynamic distribution of leased licenses depends:

- Number of users on the appliance

- Appliance capacity

- Max license setting

NOTE: All available licenses (10k total) are made available. CMS does not hold back any licenses.



License Distribution – Snowstorm in Seattle!

High usage of Seattle appliance

- Leased license distribution adjusts accordingly as more users connect on the Seattle appliance

- Alert generated as Seattle appliance’s max licensed capacity is close

- Alert generated as CMS pooled license consumption is close to max



License Distribution – Snowstorm in Seattle!

Dynamic distribution of leased licenses:

- More licenses are made available on Seattle appliance to cope with the demand



SMA v11.0 Feature Benefits

• Per-app VPN for Android

• Per-app VPN for iOS and MAC OSX

• Dell vWorkspace integration

• EMM integration with MobileIron and Dell DMM

• Hyper V support • Pooled licensing

• HTML5 new clients….



Enable efficient administration with centralized access policy management

Object-based policy management: easy to setup and manage access control rules

Access rules

Users/groups

Device security posture Allowed mobile apps

Corporate resources



Secure Mobile Access appliances

SMA 7200 SMA 6200 Virtual Appliance VM Ware, Hyper-V

SRA EX9000 Simple, policy-enforced per-app VPN access to corporate data and resources without

compromising security

Secure mobile access for all users, devices, apps and resources

Spike License

Secure Virtual Assist Advanced Reporting Native Access Modules Mobile Connect

End Point Control

The Product Range

New New New



Secure Remote Access (SRA) Appliance Comparison matrix



Dell secure mobile access solution

• Only per app VPN solution that can support any mobile app or container without modification and support iOS, Mac OSX, Android and Kindle Simplify per app VPN

• Mobile device policy enforcement and management Achieve BYOD compliance

• Per app VPN access controls, mobile app and device integrity validation and user authentication Protect from threats

• Scalable, network-level access to more resources including web, client/server, hosted virtual desktop and back connect such as VoIP

Access more resources

Enable mobile worker productivity while protecting from threats



Demo (Per-app VPN for Mobile Devices)

• Android – Use Chrome access internal HFS service. – Use RDP-2x apps Connect Remote Desktop. – UC Browser cannot access internal HFS Service. – RD client apps cannot Connect Remote Desktop

• iOS – From EMM Server Push Chrome app and Use Chrome access internal HFS service. – Use RDP-2x apps Connect Remote Desktop. – UC Browser cannot access internal HFS Service.

Thank you

Documents

Dell Secure Mobile Access solutions · •Mobile Devices Usage and Future ... Secure Mobile Access appliances SMA 7200 SMA 6200 Virtual Appliance VM Ware, Hyper-V SRA EX9000 ... desktop