saam2294bu simplify management and security of your mobile ... › vmware › vmworldus17 › sess...

Vikas Jain, Product Management

Vinay Jain, Product Management

SAAM2294BU

#VMworld #SAAM2294BU

Simplify Management and Security of Your Mobile Apps with Workspace ONE

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

#SAAM2294BU CONFIDENTIAL 2



bution

Session Agenda

➢ Managing Mobile Apps

➢ Securing Mobile Apps

➢ Building In-house Mobile Apps

➢ Q & A

3#SAAM2294BU CONFIDENTIAL



bution

You can’t transform

business without a

great user experience

You don’t need to

compromise security

to get there

VMware Workspace ONE Empowers the Digital Workspace your business needs

#SAAM2294BU CONFIDENTIAL



bution

What do End Users Want?

5

Ability to make educated decisions on

feature vs. primary impact (choice)

Control over what access they give their

employer on their personal device

Access to apps that enable productivity

from anywhere

Transparency into the info being

collected on their personal device



bution

App Lifecycle Management – an IT perspective

6

Procure or Provision

Assign

Secure

DistributeAccess

Monitor

Analyze

Upgrade or EOL




bution

Why is managing & securing apps complex?

7

Security vs. Experience

Use Cases

Platforms App Types

Core Services

Deployment Topology




bution

Multiple approaches to manage & secure apps

8

Device

Management

Secure

Productivity

Apps

SDK

Secure App

Access &

Catalog




bution

Unified Digital Workspace

9

Mobile apps

Web apps

On-premapps

Virtual apps

OR

In-house mobile apps

Public mobile apps

Unified Workspace

with entitled apps

Workspace ONE



bution

Workspace ONE Apps Suite

10

Workspace ONE

Boxer Browser

Single access to your enterprise

apps

Elegant and intelligent mail

experience with enterprise grade

security

Seamless and secure access to corporate intranet

Content Locker

Secure and instant access to corporate content repositories

User Experience | Security | Privacy | Extensibility | Seamless Workflows




bution

11



bution

12



bution

Securing Mobile Apps



bution

15

AUTHENTICATION

MODULE

DEVICE

POSTURE

USER

AUTH

APP SERVICE

Workspace ONE

Managed Jail Broken

DEVICE COMPLIANCE

OS

3rd PartyMSA | Malware | Trust

LocationBlacklist

Apps

IDENTITY CONTEXT

Authentication

Provider

Network

Scope

Authentication

Strength

Session

Time

Per

Application

Remote Apps | Web Apps | Native Apps



bution

Mobile SSO

Password-less login experience into a native mobile app (No SDK or app wrapping required)

16

Pre-requisite: Requires device enrollment into Workspace ONE




bution

Mobile Experience Without Workspace ONE

17#SAAM2294BU CONFIDENTIAL



bution

18

Mobile Experience With Workspace ONE




bution

Enabled Through One Touch SSO

Workspace™ ONE™One Touch SSO

TRUST Cloud

19

SaaS AppsTrust ID Key




bution

Conditional Access

20

IF THIS THEN THAT (IFTTT)Conditions Action

Enrolled Vs unenrolled device

Enrolled device becomes non-compliant

Device OS (iOS Vs Android Vs Win10)

Network location (corp network Vs public)

Group membership

Allow

Deny

Step-up with MFA




bution

DEMO: Mobile SSO and

Conditional Access

21



bution

22



bution

Two Factor Authentication (2FA) For Your Apps

Condition

Workspace ONEApp name

Device OS

Network Location

Group membership

Any 3rd party MFA

Built-in MFA




bution

VMware Verify Mobile-Push Strong Authentication

24

Built-into Workspace ONE for consumer simple, enterprise secure strong authentication

Key Benefits

Simple consumer-like

registration and useNo more instructions, codes or

copying and pasting for high

compliance strong authentication

Reduce strong

authentication costs Reducing or eliminating

traditional tokens

Leverage the

smartphone Nearly every employee

already owns as a physical,

second factor of

authentication

Reduced security riskOf replay, keylogger, and man-

in-the-middle attacks by

authenticating users outside of

the application




bution

DEMO: 2FA For Apps

25



bution

26



bution

Derived Credentials (PIV-D Manager) Support

Derived Credential:

A client certificate generated on the mobile device (or issued) after an end user has proven their identity by using their existing smart card

27

HSPD-12 and DoD Directive 8100.2

mandate that smart cards be used for all

physical, logical, and network access




bution

28

Protect Against Mobile Threats Through Partner Integrations

Conditional

Access

Policy

Mark DeviceNon-Compliant

MTD solutions



bution

Automated Compliance and Remediation

Set Rules

Define Actions

Perform Escalations




bution

Building Mobile Apps



bution

Workspace ONE Platform Services

31

Leverage Foundational Services To Develop Apps Quickly




bution

32

App Development Tools

Use Native Dev Platforms

Or Hybrid Dev Platforms (Xamarin, Cordova, SAP Fiori)

Software Development

Kit (SDK)

Provides a sub-set of SDK functionality to already

developed apps

Application Wrapping

EMM standard for enterprise apps to interpret configurations

and policies




bution


Security and DLP Policies

• Authentication Type

• Single Sign On

• Integrated Authentication

• Offline Access

• Compromised Protection

• App Tunneling

• Content Filtering

• Geofencing

• Network Access Control

• Copy / Paste

• Open-in App

• Screen Capture

• Watermark

• Data Backup

• Location Services

• Camera

• Printing

• Bluetooth

SDK Features

33



bution

App Tunneling And VMware NSX For SDK Apps

34

Device Level VPN

Full Network Access

App Level VPN

Select Network Access

App Level VPN

Full Network Access




bution

Workspace ONE

SDK

(Swift, Java,

Xamarin, Cordova)BUILD

Developer builds application

INTEGRATE

Developer integrates AirWatch

SDK into app

aCONFIGURE

Admin configures policies in

AirWatch Console

aDEPLOY

Admin configures policies in

AirWatch Console

SDK Lifecycle




bution

Code Samples

Initialize SDK

36

import AWSDK

class AppDelegate: UIResponder, UIApplicationDelegate, AWSDKDelegate {

...

}

func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions:

[NSObject: AnyObject]?) -> Bool

{

// Override point for customization after application launch.

let awc = AWController.clientInstance()

awc.delegate = self

// Your application's scheme name

awc.callbackScheme = "myCallBackSchemeName"

awc.start()

return true

}



bution

Code Samples

Check for compromised status

37

let deviceInfoController = DeviceInformationController.sharedController()

let compromisedStatus = deviceInfoController.isCurrentDeviceCompromised()

if compromisedStatus == true {

AWLogInfo(”Device is jailbroken!”)

}

Wipe data

func wipe() {

AWLogDebug(”Wipe application specific data")

}

Go offline

func stopNetworkActivity(networkActivityStatus: AWNetworkActivityStatus) {

…

}



bution

DEMO: Building App With SDK

38



bution

39



bution

Key Takeaways

40

Workspace ONE provides a platform for your app lifecycle management and security

You can manage and secure ANY type of mobile app using Workspace ONE

You can develop in-house mobile apps using Workspace ONE SDK and APIs




bution



bution

saam2294bu simplify management and security of your mobile ... › vmware › vmworldus17 › sess...

Documents