sie3195bu why identity management and …...why identity management and enterprise mobility are the...
TRANSCRIPT
Sachin SharmaJoshua Clark
SIE3195BU
#VMworld #SIE3195BU
Why Identity Management and Enterprise Mobility Are the First Steps in Securing Users, Endpoints, and IoT
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
#SIE3195BU CONFIDENTIAL 2
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda
1 Challenges and Trends in the Mobile-Cloud Era
2 Workspace ONE Adaptive Security
3 Customer Story – Southern Company
4 Advanced Security Capabilities with Partners
5 Case Studies
6 Q & A
3#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Challenges and TrendsIn the Mobile-Cloud Era
VMworld 2017 Content: Not fo
r publication or distri
bution
5
Consumerization is driving
DIGITAL TRANSFORMATION
ModernWorkforce
AppsAnywhere
MobileWorkflows
EmergingDelivery Models
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Mobility: A Key Aspect of the Consumerization of IT
Consumer Experiences The Way We Work
6
IT Service Delivery
Graphics created by VMware based on industry research:1. Statista, “Global mobile retail commerce revenue from 2012 to 2018,” January 2017 2. Gartner, Mikako Kitagawa, “User Survey Analysis: Mobile Device Adoption at the Workplace Is Not Yet Mature,” October 2016 3. Gartner, “The Things People Buy: CIOs Need to Know the Smartphone User Preferences That Impact Mobile Policies” January 22, 2016
Global mobile commerce is projected to almost double by 2017.1
employees, as of 2016 in a Gartner survey, use a personally owned device or devices for work.2
Number of respondents = 5,862Base: Works a full-time job or part-time job
By 2018, 95% of global enterprises will have both a choose-your-own-device (CYOD) and a formal bring-your-own-device (BYOD) plan in place.3
$315
$549(U.S. Billions)
2015 2017
95%BYODand
CYOD
2 out of 3
VMworld 2017 Content: Not fo
r publication or distri
bution
Why Your Security Team is Concerned
7
152% INCREASE
34% REPORTED
56% INCREASE
EXPLOITS ON IoTincrease in 2015
INTELLECTUAL PROPERTYtheft in 2015
EMPLOYEEScited as source of compromise in 2015
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
8
Consumerization Drives Vertical Integration
iOS / MAC
• iTunes
• Apple ID
• App Store
• iWork
• iCloud
ANDROID / CHROME
• Gmail Account
• Google Play
• G Suite
• Google Drive
WINDOWS
• Microsoft ID
• AD/Azure AD
• Office 365
• Windows Store
Update Service
• SCCM
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
9
…And Creates Silos within IT
• iTunes
• Apple ID
• App Store
• iWork
• iCloud
• Gmail Account
• Google Play
• G Suite
• Google Drive
• Microsoft ID
• AD/Azure AD
• Office 365
• Windows Store
Update Service
• SCCM
• Salesforce 1
• Concur
• Workday
• Slack
• Dropbox
• Docusign
Mobile Team Desktop Team LOB
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• iTunes
• Apple ID
• App Store
• iWork
• iCloud
• Gmail Account
• Google Play
• G Suite
• Google Drive
• Microsoft ID
• AD/Azure AD
• Office 365
• Windows Store
Update Service
• SCCM
• Salesforce 1
• Concur
• Workday
• Slack
• Dropbox
• Docusign
Mobile Team Desktop Team LOB
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
10
A Platform Approach Breaks Silos and Delivers a Digital Workspace
Connected Things
(Rugged / IoT)
Identity and Access Management
Unified Catalog Single-Sign On Authentication Access Policy
Digital Workspace Platform
End-User Services Team
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
You can’t transform
business without a
great user experience
You don’t need to
compromise security
to get there
VMware Workspace ONE Empowers the Digital Workspace your business needs
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Identity Services
Unified Catalog Single Sign-On Authentication Access Policy
AirWatch Unified Endpoint Management (UEM)
Management Context
End-User Services Team
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
12
Securing Your Digital Workspace with Unified Endpoint Management and Identity Services
Open
Ecosystem
App Config
Community
Mobile
Security
Alliance
Authentication
and Identity
Providers
Connected Things
(Rugged / IoT)
Virtualize
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Conditional Access using Identity Context and Device Compliance
13
AUTHENTICATION
MODULE
DEVICE
POSTURE
USER
AUTH
APP SERVICE
Workspace ONE
Managed Jail Broken
DEVICE COMPLIANCE
OS
3rd PartyMSA | Malware | Trust
LocationBlacklist
Apps
IDENTITY CONTEXT
Authentication
Provider
Network
Scope
Authentication
Strength
Session
Time
Per
Application
Remote Apps | Web Apps | Native Apps
Integrates identity and device compliance to create and enforce granular policies for secure data access
Leverage existing Identity management investments to simplify data management
Eliminate manual compliance management, minimizing data access risk
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Device Trust
14
DEVICE TRUST
Enforce specific policies when a user
tries to use a particular application
Empower end users with option to enroll their device if secure app access is needed
Transparency of privacy is displayed before enabling workspace services
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Complete a business process on
your phone in less than 72 seconds
What a Digital Workspace can do for you
Fast Deployment
Contextual Control
Mobile Access
Remote
Management
Establish access policies, gain
visibility from one place
Provision devices, onboard
employees in minutes
Empower employees with self
service, lower help desk calls
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Customer StoryJoshua Clark
Application Solutions Architect
Southern Company
VMworld 2017 Content: Not fo
r publication or distri
bution
17
Joshua Clark Application Solutions Architect
• Technical lead for Mobility in Workplace Solutions (EUC team)
• Technology enthusiast
• VMware AirWatch Enterprise Mobility Expert
About Southern Company
9 million utility customers
Operating in
19 states46,000 MW
of Generation Capacity
Nearly 200,000 miles of power lines,
80,000 miles of natural gas pipelines
32,000employees
Ranked among Computerworld's
100 “Best Places to Work in IT”for 11th consecutive year
CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Mobility Journey
2010 Now
4,500 BlackBerry, BES managed
6,000 Exchange ActiveSync
Policy ‘managed’
No idea what was personal
vs. corporate owned
Email, Calendar, Contacts only
Manual Configuration
23,000 mobile devices managed
60% Corporate / 40% Personal
85% iOS / 15% Android
30 Internal Apps, 100+ Web Apps
Seamless configuration
18
VMworld 2017 Content: Not fo
r publication or distri
bution
Strategic Vision
• Simplicity for End-Users
• Security is key, but it doesn’t always have to get in a user’s way
• Solving identity is a major challenge for a large enterprise
• Conditional access is key to securing data in the cloud
19
The journey to get there is not
The desired result is often clear
VMworld 2017 Content: Not fo
r publication or distri
bution
Demo
VMworld 2017 Content: Not fo
r publication or distri
bution
Advanced Security CapabilitiesWith Partners
VMworld 2017 Content: Not fo
r publication or distri
bution
Network
Endpoint
App
Cloud
Workspace ONE and the Mobile Security Alliance
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
23
Example: Protect Against Mobile Threats Through Partner Integrations
Conditional
Access
Policy
Mark DeviceNon-Compliant
MTD solutions
VMworld 2017 Content: Not fo
r publication or distri
bution
Example: Integrated Governance with SailPoint
24
(Authoritative
HR Application)
End User /
Device
Change
Notification
Governance
(Provisioning)
AccessAuthentication
App and Device
Entitlements
Directories
Applications
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Case Studies
VMworld 2017 Content: Not fo
r publication or distri
bution
Speed Relief to Disaster Victims
Business Issue
Problem Solution
Speed transaction processing, supporting a highly distributed an dynamic user population
Existing IT services not suited to their mobile mission.
Need to deliver a mix of legacy and new application types, but maintained to the latest version.
Delivered a new service called the Red Cross Virtual Workplace with 10K unique users and 150 apps.
IT focuses on app delivery – to any device – with virtual desktops and RDSH apps, web and SaaS apps.
Reducing new hire
time to productivity
from a few weeks to a
few hours.
Taking advantage of the
security and flexibility of
new devices while still
delivering legacy apps.
Ultimately speed the
flow of relief payments
and supplies to
disaster victims.
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• 24,000 desktops and laptops
• 27,000 smartphones and tablets
– 13,000 employee owned
• 5,000 Horizon virtual desktops
• 400 applications
– 377 SaaS / web-based, 10 mobile, 13 client-server
• Workspace ONE Deployed to 22,000 users
– 13,200 users chose to enroll devices
• Cost to Deploy - $3.83M
• Annual Cost Savings Realized - $5.78M
• Productivity Gains – 3,140 work days per year
VMWARE ON VMWARE
CASE STUDY – OCT 2016
Source: VMware’s Move To A Digital Workspace
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Deliver best user
experience
Contain costs of
shadow IT
Secure the
environment
Integrate all
services
Only IT is in the best position
to drive business innovation
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Learn More
29
YouTube youtube.com/vmwaretv
Product Pages vmware.com/products/workspace-one
Hands on Labs labs.hol.vmware.com
Twitter twitter.com/workspaceone
Facebook facebook.com/vmware
#SIE3195BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Q&A
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution