-
1
Enterprise Mobility Roadmap
Brian Uffelman Dir. Product Management, Enterprise Mobility
-
SYMANTEC VISION 2014
Disclaimer
“Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.”
Presentation Identifier Goes Here 2
-
SYMANTEC VISION 2014
Agenda
3
Upcoming Releases and Priorities
Near-Term Mobile Roadmap
Symantec App Center Solution
Top Mobility Goals
2
3
4
1
-
SYMANTEC VISION 2014
Welcome to Vision… Day 4!
4
-
SYMANTEC VISION 2014
Ultimate Goal of the Mobility
Address immediate
concerns about
MDM/MAM/BYOD/CY
OD
While providing
Security, Protection,
Control
To increase User and
organization
productivity
9
-
SYMANTEC VISION 2014
Customer Jobs in User-Control Era
6
Reconciling conflicting IT and end user desired outcomes
Users
• Choose my device(s) and use them for business and personal
• Gain access to email and network • Provision my own apps • Collaborate with others • Avoid calling help desk
“Help me maximize productivity on any device”
IT
• Configure and secure all endpoints accessing the corporate network
• Protect critical business data • Minimize risk of attack • Reduce cost of ownership
“Help me maximize user productivity and protection”
-
SYMANTEC VISION 2014 Presentation Identifier Goes Here 7
-
SYMANTEC VISION 2014
Enterprise Mobility Management (EMM)
8
-
SYMANTEC VISION 2014
Mobile Use Cases
9
Base = 2,317 North American and European information workers who use a smartphone for work
Source: Forrsights Workforce Employee Survey, Q2 2013
“What smartphone/tablet applications do you currently use for work?"
15%
18%
19%
20%
21%
25%
25%
28%
32%
36%
39%
40%
58%
73%
85%
Wikis for internal information sharing
Microblogging (e.g. Twitter)
Web meeting or webconferencing
Team document sharing sites (e.g., SharePoint)
Data dashboard or business intelligence application
Expense tracking and/or approval
Travel planning and status
Employee intranet or company portal
Specific line of business applications (e.g. sales)
Social networks (e.g. LinkedIn, Facebook)
Note taking application
Instant messaging/chat (not SMS/texting)
SMS (texting)
Calendar
Email
-
SYMANTEC VISION 2014
Focus on Four Key Customer “Jobs”/Goals
10
Manage Access & Identity
Data Management & Protection
Manage & Protect Any Device
Leverage Mobility to Maximize Productivity
-
SYMANTEC VISION 2014
Cloud Applications
Cloud Storage
Private Cloud
Mobile Workforce Productivity Vision – “The What” Information protection across three control points
APPS Core
Apps
Email
Browser
Synch And
Share
App
Protection
AppStore
Apps
Today: ”Mobile Devices”
Tomorrow: ”Convergence”
1
1
NETWORK / USER ACCESS
Mail Inspection App VPN Identity, Info GW
DLP/Enc, PKI.
DEVICE
Control Secure Insight
STOP
-
SYMANTEC VISION 2014
Mobile Workforce Productivity Vision
User: ”Joe”
1
2
? What is required to make the vision happen?
Cloud Applications
Cloud Storage
Private Cloud
-
SYMANTEC VISION 2014
Mobile Workforce Productivity Vision – “The What” Information protection across three control points
DEVICE
App Center Mobile Security App Insight
APPS
NETWORK / USER ACCESS
Secure App
Proxy (beta)
Portfolio
Integrations
1
3
Secure App
Ecosystem
Productivity
Apps
Secure
Workspace
Coming Soon
Secure Email
Gateway
mPKI
Support
Today: ”Mobile Devices”
Tomorrow: ”Convergence”
Cloud Applications
Cloud Storage
Private Cloud
Coming Soon
-
SYMANTEC VISION 2014
What We’ve Accomplished…
18
4.1
• Integrated MDM and MAM Console
4.2
• iOS 7 MDM Support
• MDM Mobile Core Technology Integration
• MPKI Integration
4.3
• Symantec Sealed Launch
• App Proxy (Beta)
• Secure Web Browser
• Bundled Encryption
4.4
• Norton Mobile Security Integration
• Email Proxy
• App Proxy
• Partner API’s
5.0
• Samsung SAFE support
• Windows Phone 8/8.1 support
• Multi-tenancy
• Performance, Scalability & UX enhancements – ACA and platform
1H 2013 Dec 2013 Jan 2014 Apr 2014 Q3CY201
4
-
SYMANTEC VISION 2014
Symantec Sealed Program – 72 Partners, 147 Apps!
19
Mail
•Native app
•Symantec Secure Email
•Ikonic Mail+
Calendar
•Symantec Secure Mail
•Readdle Calendars 5
•LookeeLoo Meebles
File sync/share
•Norton Zone
•Box
•Accellion
Secure text/messaging
•TigerText
•Medigram
•Gryphn ArmorText
Document reading/editing
•GoodReader
•Quickoffice
•Polaris Office
Note Taking
•Notes Plus
•NotePad Pro-iTech
•Tapose
Forrester Advisory Day | Confidential: Do Not Distribute
-
SYMANTEC VISION 2014
Symantec App Center 4.4 Release
• Email Proxy for access control and compliance
• App Proxy GA for sealed apps and internal enterprise apps
• Mobile Security integration – entitlement and reporting of
Android mobile security with Norton Mobile Security App
• Platform usability and performance – Performance and
usability improvements for user agent, App Center dashboard
• Enhanced platform integration capability – wrapping APIs,
additional app management, tenant creation API (in multi-
tenancy mode)
20
-
SYMANTEC VISION 2014
5.0 Release Summary
• MDM - Address SAFE and Windows Phone 8.1 with basic MDM capabilities
• Mobile Security – Standalone product support
• Platform/Server - Performance/scalability, Multi-tenancy and selected UI improvements
• Platform/ACA – UI usability and performance improvements
• MAM - App Management Command APIs; Advanced App Configuration
• Product re-naming and EOL of older products
-
SYMANTEC VISION 2014
Upcoming Releases and Key Priorities
22
-
SYMANTEC VISION 2014
H3 Deliver on Convergence - Devices, Apps, Data
H1 Broaden Platform Support
Complete Android and Windows 8 integrations
Email Gateways
Enterprise platform capabilities
H2 Accelerate Symantec Technology Integration
Content management with Zone, integrated with Mobile
Integrate device security & App Insight
Differentiated SYMC integrations – DLP, PKI, Identity and Security Gateways
Multi-tenancy and scalability advancements
Deliver and protect corporate apps and content on any endpoint - Mobile, Mac, PC – with single policy
Control point for content inspection and access across cloud services and mobile, integrated with endpoint
Product Priorities - 3 Horizons
PC
23
-
SYMANTEC VISION 2014
Longer Term Areas of Investigation – Horizon 2 and 3
24
Focus Area Area of investigation
• Identity and Access • Biometric based authentication to device, app or workspace integrated with corporate AD / Identity
• Eliminates the need for a corporate password
• Data Protection and Productivity enablement
• Enable free flow of data to any environment while maintaining security by embedding data policies at the content level
• Requires ability to tag, track and enforce policy across any app – leverage Encryption and DLP assets
• Intelligence
• Provide the enterprise with a rich set of actionable intelligence allowing them to have complete visibility into usage patterns, risks, etc.
• Leverage Symantec’s rich set of big data assets including Mobile Insight, Norton Mobile Security, Wrapped Apps, etc
• Converging Endpoint Management and Protection
• One solution to manage and protect any endpoint • Federated App Store across any device based on user role
and access
-
SYMANTEC VISION 2014
CY2015
5.1 / 5.2 (preliminary)
January 2014
4.3
Norton Mobile Security (NMS) Integration
Email Gateway
Secure App Proxy
Multi-tenancy
Partner API’s
Norton Zone
Q3CY2014
5.0
Samsung SAFE Support
Android MDM Core
Windows Phone 8.1 for MDM/MAM
Performance, Stability and Usability Enhancements – ACA and Platform
External API enhancements
Expanded multi-tenancy support
Short Term Product Roadmap
* Planned but not committed
25
April 2014
4.4
Symantec Sealed Launch
Secure App Proxy (Beta)
Secure Browser
Bundle Encryption
Productivity Apps
Device Mgmt.
Threat Protection
App Protection
Identity
Productivity Apps
Device Mgmt.
Threat Protection
App Protection
Identity
Productivity Apps
Device Mgmt.
Threat Protection
App Protection
Identity
Productivity Apps
Device Mgmt.
Threat Protection
App Protection
Identity
Network Network Network Network
Convergence Convergence Convergence Convergence
DLP Integration*
Identity Gateway Integration*
Expanded Symantec Productivity App Suite*
Mobile Insight*
Cloud Data Security *
VIP integration with ACA*
Private Cloud Offering*
Data Tagging and Monitoring*
Zone for Content Center*
Converged Management and Protection - Mobile, Mac, PC*
= No Capabilities = Below Competition = Parity with Competition = Better than Competition = Sustained Differentiator
-
SYMANTEC VISION 2014
Focus on Four Key Customer “Jobs”/Goals
26
Manage Access & Identity
Data Management & Protection
Manage & Protect Any Device
Leverage Mobility to Maximize Productivity
-
SYMANTEC VISION 2014
Symantec Mobility Roadmap
27
Manage Access & Identity
Data Management & Protection
Manage & Protect
Any Device
Leverage Mobility to Maximize Productivity
• Track and Monitor Data Flows
• Data Protection via Integration with Symantec DLP
• Enforce Data Policies
• Data Classification
• Virtualized Content Access
• Data Rights Management
• Cloud Data Policies
• Application Reputation
• Integrated Network Threat Prevention
• Email Security
• Application Management and Protection for Traditional Devices
• Context Aware Application Policy
• Traditional Device Support
• Mobile OS Support Support
• Support for Operational Devices
• Managing Next Gen Connected Devices
• Blacklisting/Whitelisting of Apps based on App Insight
• Managing Attachments
• Integration of One-Time Passwords
• Multi-Account SSO
• Federated Identity
• Certificate management at the device, apps, and workspace with delegate authority
• Simplified Agent Experience
• Symantec Sealed Personas
• Productivity Apps: PIM (Email; Calendar; Contacts)
• Productivity Apps: Secure Browser (Intranet Access)
• Productivity Apps: File Sync & Share
• Productivity Apps: Secure Messaging (SMS)
• Productivity Apps: SharePoint/Network File Share/Cloud Connector
• IT Productivity: Providing Deployment Best-Practice
• IT Productivity: Ensure Business Compliance
• IT Productivity: Simplified Admin Experience
-
SYMANTEC VISION 2014
SYMANTEC MOBILITY CENTER: Beyond 5.0+
28
-
SYMANTEC VISION 2014
Top Mobile DLP Use Cases
• Monitor and restrict email data flows to and from mobile endpoints (attachments, content, mail flow policies, etc)
• Protect information/data flowing to and from an app on a mobile endpoint
• Monitor on-device data and enforce data sensitivity policies on mobile endpoints (similar to PC/Desktop functionality)
– Monitor/Restrict/Enforce data flow between apps
– Monitor/Restrict/Enforce data from the device to attachments (USB, Datacard, Bluetooth)
• Classify data based on sensitivity or confidentiality
• Enforce Data Confidentiality Policies
29
-
SYMANTEC VISION 2014
Internet
Future Vision: End-to-End Data Protection
30
DMZ Cloud Services
Data Policy Controls Encryption IAM DLP Endpoint Management eDiscovery
Data Policy Controls IAM DLP eDiscovery
Gateway
= Next Gen Mobility Agent
-
SYMANTEC VISION 2014
Why do I need App Reputation?
• With BYOD, user and corporate data live together – so when apps ask the users for permission to access data it impacts your organization as well.
• Cost to determine if each individual app is safe is prohibitively expensive - Mobile Insight provides a behavior-based malware detection along with risk management approach to screening mobile apps
• Helps enterprise users really understand what the mobile apps are really doing and what Enterprise data they have access to
31
-
SYMANTEC VISION 2014
Malware Isn’t The Only Concern
32
Even legitimate apps can…
Read and collect private data from the device
Embed annoying ad libraries to monetize free apps
Drain battery and consume bandwidth, costing money and decreasing device lifespan
Users demand more from mobile security – malware detection is the table stakes
-
SYMANTEC VISION 2014
Mobile Insight Statistics
33
Malicious APKs 1,066,611
APKs w/Privacy Leaks
5,751,964
APKs 10,732,318
App titles 3,413,556
APKs w/ Ad Libraries 4,069,030
APKs w/ High Severity Privacy Leaks
1,423,876
1,200,456 Signers (Publishers) Majority of Bad Actors
Russia
China
Stores Crawled Continuously
200+
30 Thousand new apps processed every 24 hours 1 trillion rows of metadata
-
SYMANTEC VISION 2014 34 Symantec Confidential
How Mobile Insight will work for you
SECURITY Classifies apps as trusted, unknown or malware
PRIVACY Identifies apps that put your Enterprise information at risk
GREYWARE Stops annoyances like Madware and other intrusive behaviors
PERFORMANCE Identifies apps that can excessively drain battery or use large amounts of data
REAL WORLD INFORMATION We run apps to reports on unusual observed, actual behavior
NOISE & FEAR REDUCTION Accurate reporting of the highest potential privacy risks and most intrusive apps
1. App Center
sends request for app
information
2. Mobile Insight
retrieves information about
the app
3. Information is fed back to confirm if the app poses any
threat or annoyances
4. App Center
provides application
details back to admin to make policy decisions
-
SYMANTEC VISION 2014
Leveraging Mobile Insight
• Providing necessary intelligence for your enterprise users
• Allowing admins to inspect apps for malware and policy compliance prior to distributing the apps into Enterprise
• Using mobile insight intelligence to blacklist apps with harmful characteristics like ad network, data leakage risks, etc
36
-
SYMANTEC VISION 2014
• Near term
– Samsung SAFE and Windows Phone 8.1 BYOD – Enrollment, inventory, Actions (locate, lock, wipe, etc.)
– SAFE delivery/removal of apps
– SAFE & Windows Phone 8.1 Exchange ActiveSync, passcodes, restrictions and WiFi profiles
Device Management for BYOD & Corp End User Devices
37
• Medium term
– Extending ‘services’ cert uses to SAFE, WP8.1 and cert delivery from Microsoft Certificate Authorities
– Extend BYOD MDM settings to
– iOS 8, Android 5.0, Windows Phone 8.2 MDM updates
Enabling personal connectivity to corporate services
-
SYMANTEC VISION 2014
Enhancing App Center for Operational Device Management
• Near-term App Center device management handling
– Improve licensing and device targeting to support operational device scenarios
– End-end operational lifecycle designed into App Center
– Multi-user support for App Center enrollment/management
38
• Medium-Long Term - Operational MDM feature improvements
– iOS & Android operational device simplification
• Simplified operational device setup, including Apple Device Enrollment program
• Full OTA profile handling
• Kiosk/Supervised device improvements
– Longer Term
• Extended Android manufacturer APIs
• Windows Phone operational APIs
-
SYMANTEC VISION 2014 39
TODAY Symantec is viewed as a collection of products and brands, and is known as an AntiVirus company.
FY15 Symantec is the brand of choice and is the information protection authority that instills the confidence to do anything
FY16-19 Symantec is viewed as a thought leader making the world a safer place by delivering innovative, integrated solutions to customers most critical technology and information problems.
Brand Strategy
-
SYMANTEC VISION 2014
Seamless Embedded Mobile User Authentication
• Seamless Certificate Management & Usage
– Near term:
• Extending WiFi, VPN and EAS certificate delivery to new platforms
– Medium term:
• Cert lifecycle automation
• Certs for app wrapping connectivity
– Longer term:
• Simplified authentication
40
• Embedded Two Factor User Authentication
– Near term:
• User and Admin portal VIP integration
– Medium term:
• VIP integrated into wrap layer
• Hardware root of trust
• Biometric authentication
• Integrated Access Manager Support
– Near term:
• Wrapped browser access to SAM
• App Center SAML SSO to web apps via SAM
-
SYMANTEC VISION 2014 Presentation Identifier Goes Here 41
Q&A
-
SYMANTEC PROPRIETARY/CONFIDENTIAL – INTERNAL USE ONLY Copyright © 2014 Symantec Corporation. All rights reserved.
Thank you!
Presentation Identifier Goes Here 42
• Brian Uffelman
• 408-420-6250