Embed Size (px)
DESCRIPTION
Securing enterprise data becomes more challenging with each new device. From smartphones and tablets to wearable technology, employees are demanding flexibility and privacy while corporate, regulatory, and legal imperatives require precise policy enforcement. Chris Hobbs and Olli Linnainmaa from Samsung Mobile and Mobile MaaSter Chris Isbrecht outlinehow Samsung Knox with enhancements on the Galaxy S5 and MaaS360 will deliver the mobile security you need, without compromising the privacy of your employees. Samsung devices have been validated through Common Criteria and FIPS and can be managed conveniently with MaaS360. Learn what's new and see how you can: - Benefit from the new technology available on Samsung Galaxy S5 with MaaS360 - Provide devices to employees within either a COPE or BYOD program - Enable centralized control and management of IT policies for mobile devices - Remotely control, monitor, and administer Knox for mobile devices - Enhance security to shield your network from hacking, malware, viruses, and unauthorized access - Protect enterprise data and employee privacy with separate business and personal modes - Actively manage all aspects of the Knox container
Citation preview
Samsung Knox™ on Galaxy S®5 with MaaS360 for Business
#MaaS360Knox
IntroducBons
Olli Linainmaa Director of Strategic Alliances
Samsung
2
Chris Hobbs Technical Account Manager
Samsung
Chris Isbrecht Product Manager
Fiberlink, an IBM company
#MaaS360Knox
Agenda
• Market trends • Samsung Knox on Galaxy
S5 • MaaS360 by Fiberlink, an
IBM company • Demo • Q&A
3
#MaaS360Knox
Poll QuesBon
4
Are you looking to migrate off legacy devices:
a) This year
b) Next year
c) I already have a plan and am rolling it out now
d) I am not planning to at this Bme
#MaaS360Knox
Market Trends
5
#MaaS360Knox
Protect sensiBve corporate data
Deploy public and enterprise apps
Provide access to work content
Top Enterprise Mobility IniBaBves
6
Embrace Bring Your Own Device (BYOD)
Migrate from Legacy Devices to mulB-‐OS
#MaaS360Knox
Embrace The New Normal
7
EMM is becoming THE IT pla^orm
Go beyond enabling these new devices Mobile uBlizaBon of corporate network/resources SeparaBon of corporate & personal apps/data App management & security (and app dev assist) IdenBty, context and more sophisBcated policy
#MaaS360Knox
Enterprise Mobility Success Factors
8
Support device diversity
Separate work from personal
Simple onboarding & familiar user experience
MulB-‐OS management and
security
Data containerizaBon & privacy sebngs
OTA deployment & naBve app-‐like UX
#MaaS360Knox
Samsung Knox™ on Galaxy S®5 Olli Linainmaa and Chris Hobbs
9
#MaaS360Knox
Employee CIO
I like the device to have high security
I want to control employees’ devices for security
I want to use my personal device
for work
I want to protect my privacy on my device
The ConflicBng Needs of Work and Play
10
The Conflicting Needs of Work and Play
#MaaS360Knox
Business
ONE DEVICE
§ Read personal email § Surf the web and shop on the Internet § Watch YouTube videos § Access Facebook and upload pictures § Listen to your favorite songs
§ Secure email and web § Secure contacts and calendar § Secure document sharing § Access to company network through VPN § Manage devices § Remote wipe and anB-‐thej
Personal
Samsung KnoxTM – Comprehensive Mobility Solution for Work and Play
#MaaS360Knox
Access applica;ons and KnoxTM Apps Store in the
completely secure Container Single Sign-‐On capability allows
you to securely sign-‐in for mul;ple apps
at once
Re-‐log into Container aEer leaving
(IT Admin determines ;me dura;on requiring password
re-‐entry)
Exit Container through No;fica;on bar or by
selec;ng “Personal Home” icon
Securely access data within the calendar that is not available outside of it
KnoxTM Container User Experience
#MaaS360Knox
Samsung KnoxTM – The Secure Enterprise Mobile Platform
§ Dual Persona KnoxTM Container
§ Security Enhanced Android (SE for Android) Developed by US government
§ Hardware-‐Supported OperaBng System Security TrustZone based Integrity Monitoring Trusted Boot
§ 540+ IT policies and 1,090+ MDM APIs More than twice as many policies than our compeBBon’s latest offerings
#MaaS360Knox
KnoxTM Pla^orm Security
14
1. Ensures that the enterprise security in not compromised if the boot loader and/or Android Kernel (OS) is replaced with an unauthorized version.
2. Prevents access to Knox features and corporate data if a compromised is detected in the boot loader or Android Kernel (OS)
2. TrustZone-‐based Integrity Monitoring Arch. (TIMA) § Protect the integrity of the kernel during run Bme § Monitor, assert and verify the integrity state of the kernel § Run in the protecBon of TrustZone § “First line of defense” against malicious aqacks
3. Security-‐Enhanced (SE) for Android OS § US Government DoD-‐developed technology § Apply mandatory access control (MAC) § Properly isolate apps and data in different domains
App Layer KnoxTM Container
KnoxTM Framework
SSO
Integrity Management
Enhanced MDM APIs
FIPS VPN
Linux Kernel
TrustZone
Boot Loader
SE for Android
TIMA
Customizable Secure Boot
Value Added Services
Samsung KnoxTM – Security Starting at the Hardware Level
#MaaS360Knox
KnoxTM Framework
15
§ Support more than 460+ IT policies § Policies to comply with the US DoD Mobile OS Security Requirements Guide (MOS SRG) § Container management § VPN and Wi-‐Fi provisioning § Management via AcBveDirectory § 1,030+ MDM APIs
§ Per-‐app VPN: IT admins can force all data traffic for an individual applicaBon through a VPN connecBon
§ FIPS 140-‐2 cerBfied with NSA Suite B Algorithms, RSA Token and CAC (Common Access Card) support
§ ExisBng Best-‐In-‐Class SSL and IPsec based VPN support
Samsung KnoxTM – Enhanced Features on Existing Android
App Layer KnoxTM Container
KnoxTM Framework
SSO
Integrity Management
Enhanced MDM APIs
FIPS VPN
Linux Kernel
TrustZone
Boot Loader
SE for Android
TIMA
Customizable Secure Boot
Value Added Services
#MaaS360Knox
The KnoxTM Container
16
The Samsung Knox™ Container is an isolated Android environment within the mobile device, complete with its own home screen, launcher, and applicaBons
§ IT admins can manage enterprise apps and data in a secure AES 256-‐bit encrypted environment (container data encrypted by default)
§ IT admins can also easily convert market apps into containerized apps
Samsung KnoxTM – The Container Enhances Application Security and Usability
App Layer KnoxTM Container
KnoxTM Framework
SSO
Integrity Management
Enhanced MDM APIs
FIPS VPN
Linux Kernel
TrustZone
Boot Loader
SE for Android
TIMA
Customizable Secure Boot
Value Added Services
#MaaS360Knox
MaaS360 Overview
17
#MaaS360Knox
Poll QuesBon
18
Select the opBon that best describes your organizaBon’s BYOD program:
a) We currently support BYOD
b) We currently have a mixed environment of BYOD and COPE
c) We are evaluaBng our BYOD program right now
d) We are not currently supporBng BYOD
#MaaS360Knox
MaaS360 Provides Comprehensive EMM
19
User Content & CollaboraXon
Secure Mobile Containers
Comprehensive Mobile Management
Seamless Enterprise Access
#MaaS360Knox
MaaS360 for Android
Gain Mobile Insight – Hardware informaBon – Network informaBon – Security & compliance – LocaBon details
Set Security Policies – Enforce passcode requirements, device encrypBon – Distribute Wi-‐Fi, VPN & email profiles – Restrict device features – Restrict network features – Restrict naBve apps – Restrict locaBon detecBon with GPS or
wireless networks/Google’s locaBon service – Single and MulB-‐app Kiosk modes
20
Manage Mobile Apps – Blacklist, whitelist or require apps – Distribute private enterprise apps – Publish updates to apps – Delete an apps & its data on-‐demand – AutomaBcally remove corporate apps if user deletes
MDM profile
#MaaS360Knox
MaaS360 for Android – Samsung SAFE™ A SAFE device delivers security & management capabiliBes above & beyond standard Android features
AddiBonal Security Policies – Firmware Upgrades – Granular Bluetooth controls – Browser controls – Restrict device, security, network features – … and more
AddiBonal ConfiguraBon Sebngs – Email & Wi-‐Fi Network ConfiguraBon – Whitelist and Blacklist SSID's – ConfiguraBon of naBve email client – CerBficate AuthenBcaBon – Internal & External EncrypBon
21
Advanced SAFE Features – Pure HTML5 Remote Control console – Advanced Single and MulB-‐app Kiosk support
AddiBonal App Management – Silently Install & Delete Apps – AutomaBc malware removal
#MaaS360Knox
MaaS360 supports Samsung KNOX, which is a comprehensive mobile soluBon for work & play, uBlizing a separate container to manage & secure business data – Comprehensive management of apps, content &
devices for the KNOX pla^orm – Complete containerizaBon of personal &
work data on devices – Over-‐the-‐air (OTA) configuraBon & management of KNOX container level
security policies – Enhanced email & browser configuraBon – Remote lock, unlock & selecBve wipe of
KNOX container data
MaaS360 for Android – Samsung KNOX™
22
#MaaS360Knox
Maas360 Current Samsung IniBaBves • Samsung product support and deployments
– We have 3,000+ customers acBvely leveraging Samsung specific features – Samsung devices make up 63% of all Android devices under management – Top models under management are: Galaxy S3 (21%), S4 (20%), Tab 2 10.1 (9%) – Samsung Gear support being prototyped
• Knox 1.0 GTM – Product launched – In pilot phase at customers – Enabling sales globally in 2Q, 2014
• Knox 2.0 Product Development
– Expanding our Knox capabiliBes to include 2.0 policies – Exploring with Samsung a shij to using the new “universal mobile client” (UMC)
23
#MaaS360Knox
MaaS360 Demo
24
#MaaS360Knox
Poll QuesBon
25
Would you like to hear from us?
a) Yes, please have Samsung reach out
b) Yes, please have MaaS360 reach out
c) Yes, please have both Samsung and MaaS360 reach out
d) No, not at this Bme
#MaaS360Knox
For more informaBon
• Forum – announcements, discussions and quesBons
• Blog • Webinars • Resources • Social media
Request a Samsung Knox Trial: [email protected] Visit the MaaSters Center to discuss IT in the cloud: MaaS360.com/maasters
