1 01 July 2014

Leverage your solution to its full potential 11 June 2014 Sharif Penniman @sfpenniman London Tech Week 2014

BLACKBERRY SECURE WORKSPACE & ANDROID

2 01 July 2014

CONTENTS • What makes up BlackBerry Enterprise Service 10.2

• BlackBerry 10 Recap

• Universal Device Service + Mobile Device Management

• BlackBerry Secure Workspace for Android and iOS

• Leveraging the Power of Secure Workspace in Your Application

• Deploying an Application to the Secure Workspace

• References

• Q&A

3 01 July 2014

Best in Class Enterprise Mobility Management

BLACKBERRY ENTERPRISE SERVICE 10

4 01 July 2014

SERVICE NOT SERVER ?

BlackBerry Device Service

Universal Device Service

BlackBerry Connection Service

BlackBerry Administration Service

BlackBerry Web Services

BlackBerry Management Console

Etc.

5 01 July 2014

BLACKBERRY ENTERPRISE SERVICE Manage:

Users,

Devices,

Profiles

Policies

Group Users to

Simplify and Scale Deployments

Manage Applications

for Users and/or Groups

6 01 July 2014

BLACKBERRY BALANCE The Work Perimeter • Secure • Encrypted File Space • Can be Revoked Centrally • Encrypted Connectivity Behind the Firewall • Push to deliver Real Time Information • Corporate Application Management

7 01 July 2014

APPLICATION MANAGEMENT Whitelisted Public Applications Licensed or Corporate Applications Company Apps Can Be Optional and appear for download, or be Required and pushed silently to the user’s device.

8 01 July 2014

Mobile Device Management on Android and iOS

UNIVERSAL DEVICE SERVICE

9 01 July 2014

• Manage Users and Groups

• Configure Profiles, Policies etc

• Whitelist Applications

• Deploy Corporate Applications

MDM TO ANDROID & iOS

10 01 July 2014

MDM TO ANDROID & iOS

11 01 July 2014

CORPORATE DATA & BYOD

MDM is Great, but….

• User’s don’t want their personal devices locked down

• Eg. Hide the default camera application, Hide the default web browser, Disable data service when roaming

• Separation of Work and Personal

• Corporate Data needs to be secure at rest and in transit

12 01 July 2014

Separation of work and personal data that is secured and controlled

BLACKBERRY SECURE WORKSPACE

13 01 July 2014

A separation of work and personal data that is secured and controlled • Authentication is required • Data is saved to the secure file system as

work data

• Work data cannot be shared outside the secure work space

• Cut / copy / paste is only allowed within the secured work space

• Personal applications cannot access work data

A device work space where applications are secured • Integrated Email, Calendar, Contacts,

Notes* and Tasks • Secure Browser • Secure attachment viewing and editing • Ability to secure enterprise applications

Secure Connectivity • Provides an AES 256bit secure connection between the

Secure Workspace and corporate network via BlackBerry Enterprise Service 10

• All apps provided in the Secure Work Space will use this secure connection, including securely wrapped enterprise applications

• Does not require a 3rd party VPN for Secure Workspace apps

• Uses the port 3101 already configured for communication between BES and BlackBerry smartphones

BLACKBERRY SWS OVERVIEW

14 01 July 2014

TITLE HERE WORK CONNECT

15 01 July 2014

TITLE HERE WORK BROWSER

16 01 July 2014

TITLE HERE DOCUMENTS To Go

17 01 July 2014

Leverage Secure Connectivity and Storage for Your Applications

DEVELOPING FOR SWS

18 01 July 2014

DEVELOPING FOR SWS

EMBEDDING OF SDK • Additional development effort

• Risk: Potential for error integrating the

SDK

• Decision on whether the App can be securely deployed during App development.

APPLICATION WRAPPING • No source modification required:

• Saving effort • Preventing error

• Decision on whether the App can be

deployed with MDM Admin

19 01 July 2014

TRADITIONAL APPLICATION ARCHITECTURE

• Create application

• Interact with API’s and available OS entry points

• Manage all security for data at rest

20 01 July 2014

WRAPPED APPLICATION ARCHITECTURE • Secure wrapping manages interaction

with system APIs • Compliance • Authentication • Application level controls • Network

• Data encryption using AES 256 for data-at-rest

21 01 July 2014

TITLE HERE WRAPPING PROCESS 1. Development Team Build and Sign Application

2. Pass to BlackBerry Enterprise Service Administrator

3. Administrator Uploads the Application to BES for Wrapping

4. Wrapped Application is Downloaded

5. Wrapped Application Passed Back to Development Team

Why? -> The Application has been modified in the process and thus requires re-signing

6. Development Team re-sign the application

7. Pass to BlackBerry Enterprise Service Administrator

8. Application Definition Created for Application

9. Added to a Software Configuration

22 01 July 2014

WRAPPING PROCESS UPLOAD TO SERVER

23 01 July 2014

WRAPPING PROCES WAIT

24 01 July 2014

WRAPPING PROCESS DOWNLOAD

25 01 July 2014

TITLE HERE WRAPPING PROCESS RESIGN jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore C:\Users\<mich.user>\.android\release.keystore -storepass BlackBerry -keypass blackberry SecureUnsigned.apk androidrelease zipalign.exe -v 4 SecureSigned.apk SecureSignedAligned.apk

26 01 July 2014

WRAPPING PROCES APPLICATION DEFINITION

27 01 July 2014

WRAPPING PROCESS SOFTWARE CONFIGURATION

28 01 July 2014

TITLE HERE SECURE WORKSPACE REFERENCES • Wrapping for iOS and Android:

• http://developer.blackberry.com/devzone/develop/enterprise/install_android_or_ios_work_space_app.html

• Free Trial version of BlackBerry Enterprise Service 10 for testing:

• http://www.bes10.com

• Example app and resigning script:

• https://github.com/blackberry/Secure-Work-Space

• Administration Guide to the Universal Device Service 10.2.1:

• http://docs.blackberry.com/en/admin/deliverables/62506/BES10_v10.2.1_UDS_Advanced_Admin_Guide_en.pdf

29 01 July 2014

Ask now or be forever silent ;-)

QUESTIONS & ANSWERS

K E E P O N M O V I N G .

BLACKBERRY

31 01 July 2014

THANK YOU ! Sharif Penniman- @sfpenniman linkedin.com/in/sfpenniman June 11 2014

BLACKBERRY SECURE WORKSPACE & ANDROID