huawei anyoffice mobile security solution datasheet

8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet

1/12

Huawei AnyOfce Mobile

Security Solution

HUAWEI TECHNOLOGIES CO., LTD.


2/12

Huawei AnyOfce Mobile

Security Solution

Huawei AnyOfce MobileSecurity Solution1


3/12

In 2012, 20% of global employees brought their own mobile devices to work, such as the iPhone, iPad, or Android based devices.

Along with huge IT consumption, Bring Your Own Device (BYOD) is gradually becoming the new norm. Originally thought to be just

a trend concept, BYOD is now changing the way people work with quite an unstoppable momentum. With our own devices, we can

exchange emails, conduct research and follow-up on potential sales opportunities more exibly, promote information management

over enterprise, atten user interfaces, increase response times, and enhance decision-making efciency. However, the openness

of BYOD comes with enormous security and management risks. Therefore, is your enterprise ready for today's BYOD challenges?

1 Overview

BYOD makes an ofce borderless. Users can simultaneously work and play Web games on the same mobile devices. Personal

and ofce applications are crossing the boundary in between. For most enterprises, prohibiting the use of BYOD is just not

practical. Majority of today's working staff (especially new entrants) are quite familiar with handling mobile technologies and

have urged for BYOD support from enterprises. This need is forcing enterprises' IT management teams to not only adopts

BYOD technologies but change the way they conduct business and operate in the workplace. At the same time, BYOD brings

various problems and risks where an open and intelligent mobile platform leads to critical issues, including malicious code

embedding, data leakage, mix of both personal and enterprise applications, and multiple platforms with different structures.

IT departments are nding themselves in a rather unsettling position where standards policies and conguration rules of the enterprise

and those of the mobile devices are overlapping. Moreover, it is fairly difcult to graft security and management policies based on

traditional PCs onto mobile devices, especially mobile devices belonging to employees. Enterprises must employ strategies for BYOD,

including policy dening and management, and what mobile device to allow access to company information or levels of clearance.

Intelligent mobile devices function very much like PCs. However, they are completely without protection when accessing

company information through web pages, downloading applications, or sending emails. So far, there are more than 20,000

types of malicious mobile software, 30% of which are Trojan horses, aiming to steal privacy and sensitive data. With the abuse

of the root permission and the development of hack technologies, mobile devices are becoming the new hotbed for security-

related risks. 71% of enterprises consider mobile devices, especially android devices, as a key security hazard.

Migrating enterprise applications to various mobile devices is a nightmare for IT departments. These challenges include: how

to seamlessly and quickly transfer business to a mobile environment, how to avoid the high cost of in-house development,

and how to cope with a highly complex mobile environment.

With the thriving use of mobile applications, enterprises are in short of corresponding management measures. Employees can

download and install whatever application they want, which may reduce system availability, create huge security risks, or even

disable the device.

2 Trend and Challenge

Huawei AnyOfce MobileSecurity Solution 2


4/12

Mobile devices are mostly of a small size and are prone to loss or theft. 47% of the companies interviewed say that large amounts

of data are stored on mobile devices, including sensitive client information and classied data from emails. The loss of a single mobile

ofce device not only indicates the potential leaking of condential business information, but also possibly incurs law violations.

Targeting on the conict between employee needs and company policy compliance, Huawei provides a balanced solution.

The solution not only enables employees to access their company's intranet at any time, at any location, from any device,

but also ensures strong security protection. Huawei is dedicated to providing an end-to-end mobile security solution and

exible application launching. Paying high regards to mobile device security, network transmission security, application security,

sensitive data security, and security management, Huawei offers a unique balance between high efciency and security of

mobile ofce. Huawei provides a simple platform that supports the migration of all applications with excellent expandability

and low cost to help companies cope with the complex mobilization.

3.1 Architecture and Key Components

Mobile security and management essentially resolve three issues: identity, privacy, and compliance. Focusing on these three key

issues, Huawei provides enterprise clients with the most secure and user-friendly management solution in the industry today.

3 Overview of Huawei AnyOfceMobile Security Solution

* indicates a feature to be supported by later versions of Huawei AnyOfce Mobile Security Solution.

Terminal

Office-based

Non-Office-based

AnyOffice client

AnyOffice client

Firewall/UTM

AnyOffice security platform

Identity Privacy Compliance

Firewall/UTM MEAP

D ev i c ei n

t er f a c e

Development platform

Supporting platform

Workflow

Business object

A p pl i c

a t i on

i n t er f a c e

Unified policyManagement

Platform*

Mobile SecurityAccess GatewayAnyOffice SVN

EnterpriseWiFi

3G/4G

SSL

LDAP

Email

OA and otherserversPublic Wi-Fi

Access Intranet

Management securityApplication securityData protectionThreat defenseLink securityAccess controlAuthentication

and authorization

DMZ

UI designApplicationintegration

ApplicationdistributionIT services

SecuritymanagementAssetmanagement

Application compilationApplication release andmaintenance

Strong mobileauthentication

Mobile NAC* SSL or UDP tunnelencryptionL3/L4 VPN

Security managementApplication managementAssets managementIT services

DDoSNetwork antivirusNetwork IDS/IPS

Mobile sandboxWeb, email, and DLPAnti-theft

ApplicationControl



5/12

3.2 AnyOfce Intelligent Mobile Access Client

AnyOfce is the only mobile client that connects the user and the network/application. A simple client facilitates management

and maintenance capabilities.

AnyOfce is a secure mobile ofce platform. In one-agent mode, it integrates a series of security applications, including

security sandbox, security email client, security browser, MDM software, L3VPN client, and virtual desktop. This meets universal

mobile ofce requirements and ensures secure, convenient, and efcient intranet access.

In addition, AnyOfce senses the access mode. With the interworking between the Mobile Security Access Gateway SVN

(SVN has the SSL VPN and Radius Proxy Function) of the company, AnyOfce intelligently changes security policies based

on user location (Intranet or the Internet), offering a sound user experience.

3.3 Whole Lifecycle Mobile Device Management

Huawei MDM can manage the mobile device based on the device’s whole lifecycle. Discover the new asset and

register it. Check the security status of the device during the deployment phase, such as password complexity, jailbreak

status and so on. Ensure the security of corporate data in the operational phase. In the retirement phase, the recycled

device can be re-registered and deleted enterprise’s data. Ensure the security of corporate data in BYOD devices.

3.4 Secure VPN Access

VPN mobile security access gateway SVN2000/5000 series is based on Huawei's high-availability hardware platform and

employs dedicated real-time operating system. The gateway provides industry-leading performance, security, and availability,

provides customers with exible and controllable E2E link encryption, and ensures VPN access security.

3.5 Carrier-Class Mobile Threat Prevention

At the border of the enterprise network, Huawei carrier-class USG rewalls provide in-depth protection at the network side. The

USG rewalls integrate Symantec's advanced intrusion prevention and anti-virus technologies, employ industry-leading Application

identication technologies, and provide content security capabilities, including Anti-virus, IPS, Anti-DDoS, and content ltering.

3.6 Unied Security Policy Management

Huawei AnyOffice solution implements a unified and highly intuitive security policy management platform simplifying

operations and management (O&M) and substantial IT cost savings. Security policies can vary with users, device types,

locations, and time zones, therefore implementing ne-grained security access control.



6/12

4 Highlights

Compliance

Whole lifecycle devicemanagement

Privacy

Comprehensivedata security andthreat prevention

Identity

Unifed network

access control

C

P

I

4.1 Identity: Unied Access Control

4.1.1 Environment-Sensitive Network Access Control

AnyOfce can identify any device, user, location, time, and access mode through use of ne-grained access control.

Enterprise IT staff can congure multiple policy templates for one user on the unied policy management platform and

send them to AnyOfce. AnyOfce intelligently senses the network environment and triggers the corresponding security

module. The security module works with SVN to implement precise network access control. From an airport lounge to

the company's branch, users can from the SVN L4VPN channel switch to the internal plaintext automatically. This whole

process is transparent to users. AnyOfce therefore provides a simple and seamless user access experience.

4.1.2 Unied Security Policy Management

The unied policy management platform ensures that all policies come from the same source, which ensures the security

policy compliance. With AnyOfce, literally, anyone can access a company's intranet using any authorized smart phone or

tablet PC over any network (enterprise wireless network or remote wireless network). Furthermore, AnyOfce intuitive and

user-friendly UI not only enhances work efciency, but also provides visibility and control into of employee mobile devices.

3.7 Simple Enterprise Mobile Application Launching Platform

Enterprises are having difculties in transplanting and launching mobile applications. Huawei Mobile Enterprise Application

Platform (MEAP) moves enterprise applications smoothly by providing a more simple and easy integrated development

environment and supporting various application types, such as HTML5, Native, or Hybrid, and realizes multi-platform

launching per one development. This signicantly simplies the development process and tremendously lowers costs.



7/12

• Data during transmission

The mobile security access gateway SVN VPN provides strong Layer-3/Layer-4 encryption, ensuring data privacy and

preventing malicious data snifng and tampering.

• Data on the server

Mobile devices are vulnerable to theft and loss. Each year, the list of data leaks caused by mobile device loss or theft grows.

AnyOfce, interworking with the management back end, provides functions, including remote lock, remote data wiping,

data backup and restoration, GPS, and auto-alarm, to ensure data security in case of device losses.

4.2.2 Carrier-Class Mobile Threat Prevention on the Network Side

• At the border of the enterprise network, Huawei carrier-class USG rewalls provide protection at the network side.

• Prevent threats from the Internet: DDoS attacks, illegitimate access control, hacker intrusion, virus, Trojan horses, and

malicious mails.

4.2 Privacy: Comprehensive Data Security and Threat Prevention

4.2.1 End-to-End Data Leak Prevention

Data on the device: AnyOfce client creates a secure zone between personal and company affairs all on one mobile device

using sandbox technology. This considerably minimizes the risks associated with data leakage, network viruses, and malicious

intrusions brought by the mix of personal and corporate information, and strikes a balance between employee daily use of

technology and enterprise policies. When a user logs in to the AnyOfce platform, all company data assets, applications, and

services are encrypted and kept in a secure environment away from personal applications. The AnyOfce process functions as

the core of the system, monitoring all running applications. Personal applications cannot access company applications. Data

access, copying, modifying and saving between personal and company applications are blocked. Users/Administrators can alsocustomize policies to enable or disable applications from being uploaded or downloaded. AnyOfce can also erase temporary

or condential les upon logoff to prevent data leakage.

Forcible separation

Storage encryption

Behavior monitoring Trace cleaning after logoff

Personal Application

Personal Data

Create Operate Log off

Enterprise Data

Enterprise Application

Mail CRM…OA



8/12

4.3.1 Acquire

Huawei AnyOffice mobile security solution complies with the ITIL Asset Management Standards, supports the discovery,

registration, and password initialization of standard devices and personal devices, and provides the customized templates of

the letter of commitment of mobile device usage.

4.3.2 Deploy

Enterprises must ensure the level of security and standard compliance of mobile devices. Huawei AnyOfce mobile

security solution supports and enforces security policies, conguration and management delivery over a host rewall,

VPN, and WiFi network.

The core of the solution is the secure allocation of mobile applications. Huawei AnyOffice mobile security solution

integrates company App stores and secures allocation, installation, and configuration of applications. Moreover,

companies can use AnyOfce to dene policies for whitelisted and blacklisted applications, ensuring that the right person

accesses the right application and data. AnyOffice provides signature authentication. Authorized services cannot be

tampered or uninstalled, which adds extra protection and maintains the application integrity on the mobile device.

4.3.3 Run

Much attention must be paid to the security of data and applications during daily business operations. Huawei

AnyOfce supports password policies, jail breaking detection and isolation, and control over possible data leaking

channel, including the SIM card, SD card, camera, Bluetooth, WIFI, USB, GPS, and recording. Mobile device is

vulnerable to loss. AnyOfce provides key data encryption, remote data backup/recovery/synchronization, and remote

lock and data wiping options. What's more, IT departments can enhance application security by remote upgrading

and patching. On the management back end, IT departments can query and audit the model, operating system, and

DeviceLifecycle

A c q

u i r e

D e p l o y

R e t i r e R u n

• Prevent threats between mobile devices at the LAN and the server side: Control over unauthorized access to the intranet

server, malicious intrusion of employees, and the spread of network viruses, worms and Trojan horses.

• Prevent information from being leaked between the mobile ofce terminal and the Internet

4.3 Compliance: Lifecycle-Based Mobile Device Management



9/12


10/12

5.3 Security SDK

The sheer variety of mobile devices and complexity of enterprise application pose enormous difculties for secure

mobile application development. Huawei AnyOfce solution has powerful security SDK, provides application-level data

encryption interfaces for enterprise self-development mobile applications, supports mainstream operating systems such

as iOS, Android, make the mobile applications more secure.

6 Choosing HuaweiHuawei provides enterprise and industry clients with a leading mobile office security solution. Mobile office involves the

terminal device, lower layer rmware, system software, and applications. It is an integrated ecological chain that requires

the cooperation between the upstream and downstream vendors. Huawei, with great openness, works with OEM vendors,

integrators, and mobile and wireless carriers to realize the unique value of AnyOfce, provide device-based and application-

level security, facilitate enterprise mobile ofce, and enhance ROI.

With Huawei AnyOfce, you can:

• Create a secure zone that separates the enterprise and personal environment, reaching the equilibrium between the

security and efciency of mobile ofce.

• Prevent E2E leak of sensitive data that is stored, transmitted, and accessed.

• Employ the industry-leading secure access and unied security policy management platform.

• Implement device-based and application-level security control.

• Manage mobile devices through the whole lifecycle, including the acquisition, deployment, running, and recycling.

Components

Component Product

Mobile client AnyOfce Agent

Mobile security access gateway AnyOfce SVN2000-M /SVN5000-M Series

Intelligent mobile terminal Huawei MediaPad and Ascend Phone

Unied threat management gateway (UTM) USG 2000/5000

MDM data server MDM business server

Unied policy management platform* AnyOfce Manager



11/12


12/12

Copyright © Huawei Technologies Co., Ltd. 2014. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademark Notice

, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.

Other trademarks, product, service and company names mentioned are the property of their respective owners.

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Industrial Base

Bantian Longgang

Shenzhen 518129, P.R. China

Tel: +86-755-28780808

Version No.: M3-035026-20140101-C-4.0

www.huawei.com

General Disclaimer

THE INFORMATION IN THIS DOCUMENT MAY CONTAIN PREDICTIVE STATEMENTS

INCLUDING, WITHOUT LIMITATION, STATEMENTS REGARDING THE FUTURE FINANCIAL

AND OPERATING RESULTS, FUTURE PRODUCT PORTFOLIO, NEW TECHNOLOGY, ETC.

THERE ARE A NUMBER OF FACTORS THAT COULD CAUSE ACTUAL RESULTS AND

DEVELOPMENTS TO DIFFER MATERIALLY FROM THOSE EXPRESSED OR IMPLIED IN THE

PREDICTIVE STATEMENTS. THEREFORE, SUCH INFORMATION IS PROVIDED FOR REFERENCE

PURPOSE ONLY AND CONSTITUTES NEITHER AN OFFER NOR AN ACCEPTANCE. HUAWEI

MAY CHANGE THE INFORMATION AT ANY TIME WITHOUT NOTICE.

huawei anyoffice mobile security solution datasheet

Documents