Enabling  a  Mobile  Enterprise    

Mark Holobach Senior Systems Engineer

Citrix Mobility

Mark Holobach Citrix Systems

Enabling a Mobile Enterprise Your Technical

Blueprint To Getting Started

How Mobile Feels Today

User Needs Want access to all apps and data

from any of their devices

Enterprise Mobility in Numbers

BYO Devices

Average per Employee

3 Devices

Multiple Locations

Work in multiple locations

65% Employees

App Proliferation

Average Citrix customer portfolio

200+ Apps

Unmanaged Data

Use unmanaged cloud storage

80%+ Fortune 500

Source: Citrix and leading analysts

Forrsights  Networks  And  Telecommunica7ons  Survey  

50%    work  from  home  

32%  work  at  public  sites  

43%  work  from  client  sites  

40%  work  while  traveling  

Win  40%  

Other  39%  

SaaS  16%  

Mobile  5%  

Win  38%  

Other  24%  

SaaS  25%  

Mobile  13%  

IDC  

By  2015:  • Mobile  app  development  projects  will  outnumber  na7ve  PC  projects  by  a  ra7o  of  4-­‐to-­‐1  

Gartner  

2011   2015  

Need to Balance End Users and IT

Free

dom

C

ompliance

Any App, Any Device

Log In Once

Mail, Browser,

Docs Manage Devices

Secure Apps

Control Network Access

Free

dom

C

ompliance

Need to Balance End Users and IT

Corporate Devices

BYO Devices

2000 2012

Manage  Email  

Manage  Devices  

Consumerization in the mobile world

Manage  BYO  

MAM  

MDM  

Mobile Solutions Considerations

• Enterprise grade MDM

• Mail Options

• Secure Browser

• Secure Data Delivery Options

• Secure 3rd Party and House apps

• Unified App Store

• Federated identity & SSO

• Scenario-based access controls

4 Stages to Mobility Project

•  MDM “1.0”

Manage the Devices

•  Mail Options

What levels of security do I need?

•  Enable Apps and Data

Manage the risk of data loss.

•  Extra Features

Simplify the user experience,

enhance security.

MDM 1.0 - Mobile Device Lifecycle Management

Mail Delivery Options and Limitations Configuration of Native Mail and 3rd party mail apps, i.e. Touchdown for Android •  iOS and Samsung provide a partitioned mail app. •  A mail client is required for other Android Devices, i.e. Touchdown, Citrix,

Good. •  No ability to password protect mail, control attachments or any DLP control. Native Mail / Touchdown + Email Attachment Encryption as an Option •  Encrypt attachments to iOS or Android devices. •  Key resides on the device so the attachment may only be viewed on that

device. •  Attachment may be opened in DLP controlled apps. Secure Mail Client Considerations •  Separate, secured, encrypted mail client for iOS and Android. •  Adds the ability to set a password on the mail client and enforce DLP

controls. •  Integrated with secure apps & data.

Secure Content Deliver Options None •  No control Secure Ecosystem •  Secured Apps

Email Web Browser Wrapped Apps

•  Secure Data Container SharePoint ShareFile Other File Sources

Receiver •  No data on device, full access to apps and data.

User and Security Enhancements

Enable Single Sign On •  One complaint from users is that there are multiple passwords for mobile

apps that don’t use their domain credentials. i.e. Salesforce Automated Actions •  One consideration that administrators and security professionals have is

‘monitoring’ what a user does on their device. Did they install a Blacklisted app? Did they Jailbreak/root the device? Did they remove the MDM app?

Delivering Apps •  Administrators need to be able to deliver required and optional apps to any

device. With the proliferation of devices, the apps are no longer limited to iOS and Android store apps. The list now includes Windows, SaaS and Web.

Scenario Based Access Control •  Some data an organization may only want to make available based on

location. That may be achieved using Scenario Bases Access Controls. For example, only allow access to shipbuilding docs when on a secure network.

So how does Citrix Solve the Problem

Mail  

Browser  

Docs  

Sandboxed Mail, Docs, and Browser

combined with a great user experience.

Disable Camera þ

Disable iCloud use þ

Disable printing þ

Disable sending email þ Disable sending SMS þ

Disable Copy/Paste þ

Restrict outbound URL þ

Disable Open-In þ Data protection settings that allow IT to take a granular, yet measured approach

Encrypt app and data þ

@WorkWeb Secure  Browsing  

@WorkMail Email,  calendar    &  contacts  

ShareFile Follow-­‐me  

Data  

GoToMeeting Integrated  

Collabora7on  

Podio Social  Team  Collabora7on  

Me@Work mobile app family

@WorkWeb @WorkMail

Secure  browser  Internal  web  app  access  Full  inter-­‐app  integra7on  Consumer  experience  

MDX-­‐secured  

Mail,  calendar,  contacts  Enterprise  class  security  

Beau7ful  na7ve  experience  Full  inter-­‐app  integra7on  

MDX-­‐secured  

@WorkWeb

@WorkMail

•  Secure  Exchange  connec7vity  

•  No  new  messaging  

infrastructure  

•  Connected/  disconnected  

access  

•  Any  intranet  site  access  •  Na7ve  browser  experience  

MDX Policy

Allow Camera þ

iCloud Backup þ

Disable printing þ

Require Authentication þ Trusted Network Only þ

Enable DLP þ

Restrict outbound URL þ

InterApp Sharing þ

Offline lease period 24 h

MDX Policy

Allow Camera þ

iCloud Backup þ

Disable printing þ

Require Authentication þ Trusted Network Only þ

Enable DLP þ

Restrict outbound URL þ

InterApp Sharing þ

Offline lease period 24 h

• Secure app containers

• Micro VPN •  Lock and wipe

•  Inter-app controls • Conditional access policies

Use Cases Restaurant Chain > Red Robin Oil Production and Exploration > Marathon Oil Large Air Freight Logistics Company International Bank > Rabobank

Citrix — The Most Complete Mobile Portfolio

Mobile Device Management

Sandboxed Mail and Web

Mobile App Security

Secure Mobile Data Sharing

Mobile Network Control

SSO and Identity Management

Desktop and App

Virtualization

Collaboration

Mobile ROI

Any app, any device, anywhere