SAMSUNG. CLOUD. MANAGEMENT. SECURITY
WHY AND WHAT
MICHAILAS TRAUBAS SAMSUNG ELECTRONICS BALTICS
B2B SOLUTIONS PRE-SALES
AGENDA
• MOBILITY IN EUROPE
• THE PLAN FOR 2014
• MOBILITY IN THE BALTICS
• HOW DO WE WORK AND HOW DO WE LIVE?
• SECURITY AND MOBILITY IN THE CLOUD – SAMSUNG SOLUTIONS
ENTERPRISE MOBILITY IN EUROPE – 2013/14
ENTERPRISE MOBILITY – WHAT IT IS?
ENTERPRISE MOBILITY TODAY
• A set of solutions, enabling mobile technologies in the organizations
Mobile device
Horizontal enablers:
Email Web
security
Vertical solutions
MOBILE DEVICES IN EUROPEAN ORGANIZATIONS
0,0
20,0
40,0
60,0
80,0
100,0
120,0
2012 2013 2014 2015 2016Millions Smartphones Featurephones Tablets
Source: Canalys European BYOD Market Landscape Analysis (April 2013)
IT MANAGERS ABOUT MOBILITY REQUIREMENTS
CALENDAR AND CONTACTS
VPN ACCESS IMPROVED DATA SECURITY
FASTER ACCESS TO CONTENT
MORE STABLE ACCESS TO CONTENT
WORKFLOW OPTIMIZATION
MUST HAVE WISH LIST
Source: KAE Enterprise Mobility ITDMs Research (April 2013)
VOICE AND TEXT
ENTERPRISE MOBILITY 2014: TRANSITION FROM REQUIREMENTS TO SOLUTIONS
33% 33% 34% 35% 36% 36% 36% 37% 37% 40% 40% 41%
51%
MOBILE APPLICATIONS
IAM SOLUTIONS
VIRTUAL NETWORKS AND …
NETWORK BASED SECURITY
NETWORK MANAGEMENT AND …
CUSTOM APPLICATION …
BACKUP FOR VIRTUAL SERVERS
MOBILITY
BI/BA/DATA WAREHOUSING
SMARTPHONES
DR/BC
TABLET PCS
SERVER VIRTUALIZATION • 36% OF THE COMPANIES PLANNED MOBILITY BROAD INITIATIVES
• MORE THAN 25% OF RESPONDENTS WERE DOING MOBILE ENDPOINT SECURITY, MOBILE DEVICE MANAGEMENT, MOBILE SECURITY PROJECTS
• MOBILITY-RELATED PROJECTS
MADE 4 OUT OF 14 HIGHEST PROFILE PROJECTS PLANNED
2014 Priorities Europe. TechTarget/Computer Weekly, 2014
THE BALTIC OUTLOOK
SAMSUNG LIVING BUSINESS
• RESEARCH COMPLETED IN AUGUST 2014
• TARGET GROUP:
• EMPLOYED PEOPLE IN THE AGE FROM 18 TO 65
• INTERNET USERS
ESTONIA: 545 RESPONDENTS
LATVIA: 559 RESPONDENTS
LITHUANIA: 565 RESPONDENTS
WORK WITHIN PRIVATE LIFE
EE
LV
LT
66%
78%
77%
WORK/LIFE BLEND
58% 48% 43% 47%
TRAVELING TO/FROM WORK
ON HOLIDAYS (FOR EXAMPLE,
CHRISTMAS, EASTER)
IN THE SUPERMARKET
SPENDING TIME WITH
FRIENDS
45%
ON A TRIP
HIGHER POSITION = MORE WORK
84% 60%
MANAGERS SPECIALISTS WORKERS
53%
91% 76% 71%
91% 76% 67%
EE
LV
LT
PERSONAL TASKS DURING WORK TIME
EE
LV
LT
88%
86%
86%
INTERNET BANKING
NEWSREADING
NEWS
PERSONAL E-MAILS/
MESSAGES
SMARTPHONE IS THE WORK/LIFE BLENDER
78%
ORGANIZATIONS ARE EMBRACING NEW TECHNOLOGIES SLOWER THAN CONSUMERS
EE
LV
LT
41%
31%
32%
ORGANIZATIONS SEEM NOT TO BE READY FOR PERSONAL DEVICES
62% 38%
Don’t know or there is no security policy
Know security policy
SECURITY OFTEN UNDERSTOOD AS RESTRICIONS
EST LV LT
20% 30% 30%
PERCEIVED SECURITY
62% 61% 42%
SMARTPHONE PC TABLET
MOST COMPANY DATA IS JUST A PASSWORD AWAY
********* 44%
SINGLE DEVICE || MULTIPLE USERS
42% somebody else uses devices, which I
also use for work
EVERY 10TH EMPLOYEE IS A ‘HIRED HACKER ’
10% 17% 17%
EST LV LT
KEY FINDINGS
MOBILE WORK – THE NEW REALITY
~70% OF RESPONDENTS CAN USE THEIR PRIVATE DEVICES FOR WORK
BYOD HAS COME TO BALTIC STATES
MOBILE WORK – THE NEW REALITY
~70% OF RESPONDENTS WORK DURING THEIR PERSONAL TIME EVERYDAY THE HIGHER THE POSITION AND SALARY – THE MORE WE WORK
USUALLY THIS IS PROFILE OF THE EMPLOYEE, WORKING WITH SENSITIVE AND CONFIDENTIAL DATA – OUR RISK EXPOSURE GROUP
MOBILE WORK – THE NEW REALITY
45% OF RESPONDENTS STATE, THAT THEY ARE SHARING THEIR DEVICES, USED FOR WORK
ARE WE SECURED FROM UNSANCTIONED DATA ACCESS?
SECURITY BASICS
• 62% OF EMPLOYEES DON’T KNOW THE SECURITY POLICY OR THERE IS NO SECURITY POLICY AT ALL
• AND HOW MANY % ARE COMPLYING WITH THE SECURITY POLICY?
MAJOR THREAT VECTORS
• STOLEN, LOST OR REPLACED DEVICE
• DE FACTO REMOTE DATA STORAGE
• FREE APPLICATIONS AND “INTERESTING” WEB PAGES
• MALWARE ON THE DEVICE
• UNSANCTIONED ACCESS
• UNCONTROLLED NETWORK ACCESS
SAMSUNG SOLUTIONS FOR ENTERPRISE MOBILITY
2013
2014
MOBILE DEVICE MANAGEMENT
• KNOX EMM – SAMSUNG ENTERPRISE MOBILITY MANAGEMENT SOLUTION
• USER, DEVICE AND APPLICATION MANAGEMENT
• INTEGRATION WITH ACTIVEDIRECTORY -> BY UTILIZING AD MANAGEMENT TOOLS
• ANDROID AND iOS DEVICES SUPPORTED
DEVICE MANAGEMENT IN THE CLOUD
KNOX EMM CLOUD PROXY
SERVER
FIR
EW
AL
L
ADMIN PORTAL USER
PORTAL
SAMSUNG KNOX EMM KEY USE CASES
• Provision
• Monitor
• Manage
• Secure
[1] DEVICE ASSIGNMENT AND INVENTORY
• ASSIGN DEVICE TO THE USER
• COLLECT DEVICE INVENTORY DATA AND STATUS INFORMATION
• BYTES SENT/RECEIVED
• CREATE WIFI PROFILES
[2] ENFORCE SECURITY “BASICS”
• REQUIRE USING SCREEN PASSWORD OF CERTAIN COMPLEXITY
• RESET PASSWORD OR FORCE PASSWORD CHANGE
• TURN ON DEVICE ENCRYPTION
• LOCK DEVICES AND WIPE DEVICE DATA FROM ADMIN CONSOLE
*********
[3] APPLICATION MANAGEMENT
• CENTRALIZED APP DISTRIBUTION IN ANDROID AND IOS
• REMOTE DEPLOYMENT OF APPLICATIONS TO SELECTED USERS AND USER GROUPS
• AUTOMATICALLY UPDATE APPS
[4*] SECURE NETWORK AND DATA
• CREATE WIFI PROFILES
• MANAGE WIFI SETTINGS
• CREATE VPN PROFILES
• MANAGE VPN SETTINGS
[5*] MANAGE MOBILE WORKPLACE
• APPLICATION MANAGEMENT
• FIREWALL MANAGEMENT
• ENCRYPT MICROSD
• CONFIGURE MICROSOFT EXCHANGE AND IMAP/POP EMAIL PROFILES
[6*] DEVICE SETUP
• CONFIGURE DEVICE SETTINGS REMOTELY, FOCUS ON SECURITY
• PREVENT 3RD PARTY APP INSTALLATION
• STOP WIFI TETHERING
• DISABLE USB STORAGE AND MICROSD
• DISABLE FACTORY RESET
• PREVENT CHANGING SETTINGS
• SET ROAMING RULES
• MANAGE BLUETOOTH
[7*] DEDICATED DEVICES
• KIOSK-MODE DEVICES = SINGLE-PURPOSE DEVICES
DATA SECURITY
DATA SECURITY
• KNOX WORKSPACE – CORPORATE DATA SECURITY SOLUTION
• YOUR SOLUTION FOR PRIVATE DEVICE USAGE AND DEVICE SHARING CHALLENGES
THE MOST SECURE SOLUTION FOR ANDROID DISA MOS SRG
Compliance
FIPS 140-2 Certification
Common Criteria Certification
CESG End User Devices
Security Guidance
DISA MOS SRG Compliance
CESG End User Devices Security Guidance
Australian Signals Directorate
KNOX WORKSPACE – WHAT IS IT?
PRIVATE ENVIRONMENT
CORPORATE ENVIRONMENT
3 KEY FEATURES
• SECURE PLATFORM
• APPLICATION SECURITY
• MOBILE DEVICE MANAGEMENT
SECURE PLATFORM
ARM TrustZone Hardware
Trusted Boot / Secure Boot
TIMA
SE for Android
SE for Android Management Service
KNOXTM Android Framework
KNOXTM Workspace
PLATFORM SECURITY: ARM TRUSTZONE®
• KNOX USES ARM TRUSTZONE® HARDWARE THAT ENABLES HARDWARE ENFORCED ISOLATION.
• ARM CORTEX-A PROCESSOR LINEUP REQUIRED
PLATFORM SECURITY: TRUSTED BOOT
PLATFORM SECURITY: SE FOR ANDROID
• SE FOR ANDROID CAN ISOLATE ATTACKS, HOWEVER, IT RELIES ON THE OS KERNEL INTEGRITY
TIMA REAL-TIME KERNEL PROTECTION
• INTERCEPTS CRITICAL EVENTS HAPPENING INSIDE THE KERNEL, WHICH ARE INSPECTED IN TRUSTZONE.
PLATFORM SECURITY: TIMA REAL-TIME PROTECTION
PLATFORM SECURITY: TIMA PERIODIC PROTECTION
KEY FEATURES OF KNOX WORKSPACE
PRIVATE ENVIRONMENT
CORPORATE ENVIRONMENT
DATA PROTECTION
PRIVATE ENVIRONMENT
CORPORATE ENVIRONMENT
• AUTOENFORCED DATA ENCRYPTION
• AREA INACCESSIBLE BY THE ROOT
SAME BUT DIFFERENT APPS
ASMENINĖ ERDVĖ
• ISOLATED APPS WITHIN CONTAINER
• MANAGED USAGE OF CUSTOM APPS, GOOGLE PLAY AND APPS FROM PRIVATE ENVIRONMENT
CONTROLLED DATA EXCHANGE
ASMENINĖ ERDVĖ
• DATA EXCHANGE BETWEEN PRIVATE AND CORPORATE ENVIRONMENT FULLY MANAGED BY ADMINISTRATOR
RESTRICTED WORKING ENVIRONMENT
ASMENINĖ ERDVĖ
• APPLICATION RULES
• FIREWALL
• SETTINGS MANAGEMENT
• MAIL ACCOUNT RESTRICTIONS
SECURING DATA IN-TRANSIT: VPN
• GRANULAR VPN CONTROL
• DEVICE-LEVEL VPN
• CONTAINER-LEVEL VPN SETTINGS
• PER-APPLICATION VPN INSIDE CONTAINER
MANAGEMENT VIA MDM
KNOX WORKSPACE AVAILABILITY
S5, S5 MINI S4, S4 MINI NOTE 4, NOTE 3, NOTE 3 NEO GALAXY ACE 4
TAB S TAB 4 TAB 4 ACTIVE NOTE 10.1 2014 EDITION TAB PRO NOTE PRO
DEVICE FOR LIVING BUSINESS
SHOCK RESISTANCE
IP67 WATER AND DUST
RESISTANCE
LONG BATTERY
LIFE
+ 60°C - 20°C
WORK IN COLD AND HEAT
DISPLAY FOR BUSINESS
NEEDS
SECURITY SIZE AND
WEIGHT
NFC AND
BARCODE
PEN SPECIAL 3RD YEAR
WARRANTY
BY