1

Responsible Not Restrictive

Mike Brannon

Dir. Infrastructure & Security, National Gypsum

2

National Gypsum Company is a fully integrated building products manufacturer

Headquartered in Charlotte, NC with mines and quarries, and manufacturing plants across

North America

3

National Gypsum and MobileIron

MobileIron - Confidential 3

Nov 2009 (National Gypsum buys MobileIron)

7MobileIron customers

2300

2… countries 32

June 2012(M2)

0iPads sold by Apple

>70 million

39… employees 320

4

National Gypsum Mobile Requirements

Business users pick devices they want (not Blackberry)

SECURE process to enable / allow BYOD phones, iPads

ActiveSync and Juniper VPN connections

DEVICE level security and respect for “employee data”– PIN/passcode, device / backup, encryption– NO jailbreaks, MDM and SW inventories

Elected NOT to use most “mobile intel” – employee issues– Using last location / international warning message

Next: PKI SCEP mgmt, app deployment coming, iOS domination

5

Evolving Mobile Strategy

NOW:

Connect our data/processes with employees, partners, customers

• NGC4ME is .NET custom web app – one-stop shop

• SharePoint is private cloud/content manager/etc.

Connecting data

NEXT:

Leverage the app store for personal tools

• Sales/service, office, plant, engineers – DIVERSITY

Personal tools

FIRST:

It’s all about email all the time

Email

6

Principles / Learning…

Do not custom develop unless absolutely required– Leverage smart devices and off-the-shelf components– Stay away from super customized work – takes resources– Approach as “Systems Integrator” – assemble proven components

Keep focused on USABLE solutions to business issues– “Voice of the Customer” as the priority guide!

Remember technically simple solutions are better (Agile/Nimble)– Cannot assume that “best” will always be “best”

Leverage existing technology components– Microsoft AD/PKI, Servers; Juniper VPN; .NET Development

Security cannot just say NO – offer the secure option

7

What we implemented

ActiveSync email access – Exchange 2007/ISA then; – Now Exchange 2010 and Juniper/Junos Pulse– All devices “under management”; all users

Juniper – Junos Pulse VPN access (iPad/iOS) – SharePoint and .NET web applications delivered (“NGC4ME”) -- SharePlus and Colligo Briefcase

Field sales / customer svc / marketing deployment– Collection of apps (BrainShark/SharePlus/Concur)– Now working on custom app / deployment / one click (NGC4ME)

Legal / security issues with some approaches – DropBox NOT permitted – Box.Com and SharePoint in use instead– Avoid “personal accounts” in favor of more “enterprise ready”

answers

8

High Level Architecture

NGC AD Servers

Exchange CASMailboxesMI Sentry

MobileIron

Juniper SSL VPNiPhone,Android

iPad

Mainframe

SQL Databases

PKI Server,HSM

SharePoint / .NET

MobileIron Enrollment• Policy Checking

MDM Configuration• WiFi, VPN, Certs/Apps

Exchange CAS Sentry• Email is ‘User Driver”

Juniper VPN as Proxy• AD Integrated

SharePoint Portal/.NET• Windows Servers SQL• XML Interfaces M/F

9

App Challenges - Responses

Challenge Response

Beyond email, our employees leverage shared content

SharePoint is open, web oriented content manager

Apps deliver data into SharePoint (Reports, Search-BCS)

Users save data into team sites, workflow and email ties

“Personal Cloud” based upon MySites and user profiles

Simple web forms SharePoint Lists – Mobile Safari OR Apps (see below)

Surveys, pictures and easy analysis (More complex!)

Colligo, SharePlus, Filamente and Docs2Go provide great tools

10

Core philosophy – Responsible but not restrictive

Vision: “Do the right thing for the right reason” (Security, risk & compliance – collaboration with the business)

Security cannot just say NO … Must offer a secure option

Business Need Options Proposed Response / Solution

Easy-to-use cloud storage

DropBox, iCloud, various “personal” storage

accounts and services

Internal users: SharePoint MySitesExternal: Box.Com

Full-fidelity presentations with animations

Keynote conversion, personal Slideshare,

SlideShark

Business account: BrainShark

11

Thank you