windows 10 a guide to secure mobility in the enterprise
TRANSCRIPT
© 2015 IBM Corporation
A Guide to Secure Mobility in the Enterprise
Chuck BrownProduct Management
IBM Security
Windows 10
Jimmy TsangProduct Marketing
IBM Security
2© 2016 IBM Corporation
Housekeeping items
ü Duration – 60 minutesü Submit your questions to all
panelists in the Q&A box located in the bottom right corner of your screen
ü Recording and slides will be emailed to you
3© 2016 IBM Corporation
Agenda
ü Windows overview & trends
ü Windows 10 highlights
ü MaaS360 support for Windows 10
ü Demo
ü Q&A
4© 2016 IBM Corporation
Poll results from May 2015
9%
85%
4%
2%
0%
Windows 8
Windows 7
Windows XP
Mac OS X
Other
0% 20% 40% 60% 80% 100%
What operating system is installed on most of your laptops and desktops?
5© 2016 IBM Corporation
Microsoft OS ecosystem
6© 2016 IBM Corporation
Convergence of Windows
7© 2016 IBM Corporation
Windows 10
8© 2016 IBM Corporation
Current State of Affairs
§ Windows 10 generally available on July 29, 2015§ “Free” upgrades to majority of devices except for Enterprise users§ First 24 hours – 14 million installs
– At peak - Windows 10 was being installed on about 1500 machines per second§ Adoption is accelerating: >40% of new Win10 devices since Black Friday§ Microsoft expects 1 billion devices to be running Windows 10 in 3 years
14
110
200
0
50
100
150
200
250
Jul-15 Aug-15 Sep-15 Oct-15 Nov-15 Dec-15
Mill
ions
Windows 10 Installs
9© 2016 IBM Corporation
Windows 10 Migration
§ Shifting in Week 5§ Previous – moves
from W8/8.1– W8/8.1 has
highest dissatisfaction among users
§ Now migrating more from Windows 7
http://www.networkworld.com/article/2985121/windows/windows-10-begins-to-eat-into-windows-7s-usage-share.html?phint=newt%3Dnetworkworld_daily_news_alert&phint=idg_eid%3D9d62e138c25290651cbb2506bb69e242#tk.NWWNLE_nlt_daily_am_2015-09-22&siteid=&phint=tpcs%3D&phint=idg_eid%3D9d62e138c25290651cbb2506bb69e242
10© 2016 IBM Corporation
Laptop and Desktop OS Market Share
NetMarketShare.com
§ Windows operating systems constitute ~ 91% of the total market share§ Current Windows 10 market share is 9.96%§ At 10% growth rate month on month – 20.81% market share by 2016 Q3
NetMarketShare.com
Windows 758%
Windows XP
16%
Windows 815%
OS X6%
Other3%
Windows Vista2%
April 2015
Windows 756%
Windows XP
11%
Windows 813%
OS X7%
Other2%
Windows Vista1% Windows 10
10%
December 2015
11© 2016 IBM Corporation
§ Microsoft has an API set across Windows 10 PC/Tablet and Mobile– API set is an extension to Windows Phone 8.1– No API sets on Windows 7
§ Mac OS X provides a set of management APIs similar to iOS.– Apple is working on convergence of management API sets
Device and OS are Creating a Continuum
Code for one.Reach them all.
12© 2016 IBM Corporation
Where Are We?
13© 2016 IBM Corporation
Configuration Service Provider Reference
§ Up-to-date list of API features for Windows 10
§ https://msdn.microsoft.com/en-us/library/windows/hardware/dn920025%28v=vs.85%29.aspx
14© 2016 IBM Corporation
7 Reasons to Open Up Windows 10
§ Convergence of Windows (Continuum)§ Similar API set and policies on all devices§ Build once use anywhere (Universal Apps)§ Greater data and program security§ Enlightened applications – Application management§ Consistent workflow§ Spartan/Edge browser
© 2015 IBM Corporation
Windows 10 Policies
16© 2016 IBM Corporation
Security Policies
17© 2016 IBM Corporation
Device Restrictions
18© 2016 IBM Corporation
Network Restrictions
19© 2016 IBM Corporation
Configure Trusted Certificates
20© 2016 IBM Corporation
ActiveSync Settings
© 2015 IBM Corporation
Windows 10 Actions
22© 2016 IBM Corporation
Windows 10 Actions
§ Locate§ Selective Wipe§ Wipe§ Change Policy
* Support for real-time notifications for these actions
§ Remove Control§ Hide§ Request Data Refresh
© 2015 IBM Corporation
Additional Security Options
24© 2016 IBM Corporation
Enterprise Data Protection – The Device is the BIG Container
§ Encrypt enterprise data on employee- and corporate-owned devices§ Remotely wipe enterprise data off managed devices w/o affecting
personal data§ Privileged Apps
– Select specific apps that can access data– Block non-privileged apps from accessing data
§ Employees not interrupted while switching between personal and enterprise apps while security policies are in place.
§ AppLocker– The AppLocker configuration service provider is used to specify which
applications are allowed or disallowed for enterprise data protection
https://technet.microsoft.com/en-us/library/Dn985838(v=VS.85).aspx
25© 2016 IBM Corporation
Additional Security Options
§ BitLocker for Full Disk Encryption– New Features
• Encrypt and recover your device with Azure Active Directory. • DMA port protection. You can use
the DataProtection/AllowDirectMemoryAccess MDM policy to block DMA ports when the device is starting up.
• New Group Policy for configuring pre-boot recovery.§ Windows Defender included with the OS
– Anti-virus & Anti-malware• Auto updates• Have not receive glowing reviews – “Just good enough” ?
§ Backup & Recovery– Native integration with OneDrive
26© 2016 IBM Corporation
Assigned Access – Kiosk Mode – Device Lockdown
§ Use Cases– Device in the lobby that customers can use to view your product catalog– Portable device that drivers can use to check a route on a map– Device that a temporary worker uses to enter data
§ Configure a persistent locked down state to create a kiosk-type device. When the locked-down account is logged on, the device displays only the app that you select.
§ Configure a lockdown state that takes effect when a given user account logs on. The lockdown restricts the user to only the apps that you specify.
§ Lockdown settings can also be configured for device look and feel, such as a theme or a custom layout on the Start screen
27© 2016 IBM Corporation
Edge Browser
§ Stops phishers before they cast their bait– Edge aims to prevent phishing attacks through its Passport technology– Instead of using a shareable password, Edge will authenticate securely to
applications, including websites and networks§ Operates in a sandbox
– Internet Explorer was the browser was built directly into Windows– If the browser was compromised,
your entire computer might be taken down along with it
– Edge, on the other hand, will be a universal app, constantly running in a partial sandbox
§ Deactivates extensions, such as ActiveX & VB
© 2015 IBM Corporation
Patching
29© 2016 IBM Corporation
Security Patching
§ Security patching is mandatory for all versions except Enterprise– Management– Automatic download and installation when device is connect to internet– Peer to Peer sharing of patch distribution inside the LAN – Updates/patches/fixes can be granularly controlled on the Enterprise edition
(have not seen that yet)§ Patching Bundles
– Multiple line items (bulletins) now bundled into one package• Do not have the ability to test each item• http://www.computerworld.com/article/2969850/microsoft-windows/patch-bundles-are-
the-new-norm-for-windows-10.html§ OS Upgrades
– 2 speeds – Fast and Slow ring
© 2015 IBM Corporation
Applications & Software Distribution
31© 2016 IBM Corporation
Universal Applications, Store and Software Distribution
§ Build once – install on all devices § Multiple types of applications
– Win32 – “legacy” type of application – APPX, App-V
§ Business Store for Applications– Acquire and Distribute Applications– Bulk Acquisition of Apps (Free and Paid)– Application Management – reclaim/re-use licenses– Similarities to iTunes App Store
§ Software Catalogs– Need to have a self-directed app catalog, like iOS/Android
32© 2016 IBM Corporation
Third Party Software Distribution
§ Standard third party Windows software – Google (Chrome), Adobe, Java – Many have msi and APPX versions– Updates still necessary
© 2015 IBM Corporation
Windows 10 Enrollment
34© 2016 IBM Corporation
Starting the Enrollment
§ Same standard process in MaaS360 for over-the-air enrollment§ Enroll a device – receive the request
35© 2016 IBM Corporation
MDM Enrollment
§ Installing the Company Hub§ Click Continue
36© 2016 IBM Corporation
MDM Enrollment
§ Enrolled successfully§ Click Done
37© 2016 IBM Corporation
Poll Results from May 2015
5%
22%
22%
35%
17%
Within 6 months
6-12 months
12-18 months
18 months or longer
We don’t plan to upgrade to Windows 10
0% 5% 10% 15% 20% 25% 30% 35% 40%
Based on what your organization knows today, when does it plan to upgrade to Windows 10?
© 2015 IBM Corporation
Demo
39© 2016 IBM Corporation
Customer Value
§ Greatly simplifies workflows § Support all devices from one window§ Actionable intelligence on or off network§ Upgrades and new features/functions made available without end-user
installations§ Silent service
– Does not disturb the productivity of the end user
40© 2016 IBM Corporation
Why Should I Care?
§ Consistent unified workflow and information across all device platforms§ No on-site infrastructure needed to support laptops, desktops, tablets and
smartphones§ Easy and fast to turn on § No heavy lifting for upgrades
41© 2016 IBM Corporation
Complete Mobility Management and Security
Advanced ManagementVisibility & Control
Secure Productivity Suite Trusted Workplace
Secure Document SharingContent Collaboration
Mobile Threat ManagementMalware Protection
Mobile Enterprise GatewayEnterprise Access
42© 2016 IBM Corporation
Seamless Enterprise Integration
Advanced ManagementVisibility & Control
Secure Productivity Suite Trusted Workplace
Secure Document SharingContent Collaboration
Mobile Threat ManagementMalware Protection
Mobile Enterprise GatewayEnterprise Access
BYODCorporate
Shared
Mail systemsDirectoriesCertificatesFile shares
43© 2016 IBM Corporation
Platform for Strong Mobile Security
Mobile Threat Management
Risk & Event Detection
Unified Endpoint Management
Mobile Identity Management
Integrated App Security
App Vulnerability &
Reputation
Automated Policy ComplianceEncryption & Data ProtectionAuthentication & RestrictionsContainerization & App VPNDevice Quarantine & Wipe
44© 2016 IBM Corporation
Why IBM MaaS360?
Integratedsolutions that connect
seamlessly to your existing and external
environments
Scalabledata security with intelligence for the volume, speed, and variability of mobile
Completemanagement of
devices, apps, content and users from a single platform
45© 2016 IBM Corporation
Get Started Right Now
InstantAccess a free, fully functional trial for 30 days
MobileManage and secure your devices, apps and content
EasySet up and configure your service in minutes1
2 3
Click herehttp://trymaas360.agilly.net
And enjoy your 30 days free trial
46© 2016 IBM Corporation
Unedivisionde
www.agilly.net
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security