Smart Devices @ Givaudan From BYOD experience to new mobile opportunities
Givaudan 2
What’s going on ? Consumerization of IT � Personal device proliferation � Personal cloud services proliferation � Millenials generation � Access personal applications @work Anywhere Anytime from Any Device � Access corporate applications @home Who decides user or corporate IT ? • Devices • Applications • Security 3
Drivers For Change Smartphones landscape in the US � Multi-devices trend + smart devices proliferation � Demands of company provided/supported tablets � Upcoming mobile applications 4
Now what ? A short terms solution to our problems… sort of 5
BYOD Challenges � How to provide platform independent services? � How to avoid interfering with personal apps and data? � How to secure corporate data ? � Can we secure the full device ? � Can we wipe the device ? � Do we support personal devices ? � ….. 6
Mobile Devices Situation 18 months ago… 950 Blackberry smartphones � Services: � Email, calendar, � Standard corporate service: BlackBerry contacts Chat � Intranet � Company provided � Full end-user support � ■ 380 users (volunteers) ■ Email, calendar, contacts on iPhone and iPad only 2011 - First experiment of ■ Bring Your Own device BYOD service (employee liable) ■ User self support (+ forum) 7
Approach � MDM platform implementation � To support various devices � Addition of Android to the BYOD service � Follow quick market evolution � Be ready for mobile app deployment � Build foundation for an evolutive mobile services platform � Find the right trade-off between security and user-experience � In parallel, enhance mobile service with new features (Chat, VPN…) � Provide courtesy wireless to corporate users for internet access only (reduce personal costs while in the office) � MDM selection → MobileIron � Identified differentiators with competitors: � Integration with device operating system (no sandbox approach) � App deployment capabilities (Internal app store) � Integrator in Switzerland (Nomasys) 8
Security � Data – device encryption embedded in the profile (iOS) � ActiveSync outgoing flow only � Access to email/calendar/contacts – windows credentials into device client � Attachments – no limitations � Lock-code mandatory – embedded into device profile loaded � Internal approval process to access the service � VPN required to access internal resources Only http and https � Device identified through a certificate from PKI infrastructure � � Courtesy network filters through MAC@ for access Same web traffic filtering rules as corporate � � Wipe is authorised 9
High-Level Timeline Company provided Company provided BYOD iOS only BYOD service based on MDM (iOS +Android) multi-device catalogue catalogue MDM solution MDM solution selection selection PoC PoC Pilot Phase Pilot Phase Service go- Live Corporate service Corporate service preparation Satisfaction Satisfaction deployment survey survey Multi-device corporate service Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 2011 2012 2013 today 10 10
Our BYOD Service Today Based on MobileIron solution � 1600 active devices � Voluntary enrolment � iOS & Android only � Email, Calendar, Contacts + Chat � VPN for iOS (via MobileIron PKI device certificate) � Security rules � Mandatory screen-lock pin code Users must comply read and accept � Jailbroken/rooted devices not allowed � Remote wipe in case of loss � User self support (+ forum, getting started videos) 11 11
Our BYOD Service Today Infrastructure and Security � In-house managed redundant MDM platform infrastructure � Employees BYOD internet access, but no access to internal resources � End-User security rules same as corporate for web access � Content and virus filtering � Juniper VPN for iOS (device certificate access control) � Transparent launch � No user authentication � Corporate security rules � VPN provides http/https limited access to resources 12 12
Satisfaction Survey August 2012 � Participation: around 250 users (40% of the user population at that time) � General satisfaction rate: All devices iPhone/iPad users Android users 93% 96% 78% 13 13
What’s next � 2013: Multi-device corporate catalogue (but keep it simple) � Including corporate tablets (iOS only) � Mobile apps in-house development � Deployment via MobileIron app store Apps@Work � Open network to more resources � Allow devices into corporate network ? � Keep controlled access through VPN ? 14 14
Open Questions � Blackberry future � Windows phone 8 success � Any other mobile OS out there ? � Android as a secure business platform ? � BYOD with financial compensation to replace corporate smartphones ? � How to deal with the forthcoming general unavailability of feature phones � Outsourced MDM solution? � Increased attacks on mobile devices -> higher corporate and data leak risks ? 15 15
Q&A 16 16
Recommend
More recommend