SAAM2204BU Secure and Seamless Access to All …...Prab Kalra Vikas Jain SAAM2204BU #VMworld #SAAM2204BU Secure and Seamless Access to All Your Applications with Workspace ONE Conditional

Prab KalraVikas Jain

SAAM2204BU

#VMworld #SAAM2204BU

Secure and Seamless Access to All Your Applications with Workspace ONE Conditional Access and Mobile Single Sign-On

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

#SAAM2204BU CONFIDENTIAL 2



bution

Speaker Introduction

3

• Prab Kalra, Director Technical Marketing, Workspace ONE

• Vikas Jain, Director Product Management, Workspace ONE

Who

#SAAM2204BU CONFIDENTIAL



bution

Agenda

1 Market Trends & IT Challenges

2 Why Context Matters?

3 Conditional Access Overview with Demos

4 Mobile SSO Overview with Demos

5 Case Study

6 Q & A

4#SAAM2204BU CONFIDENTIAL



bution

1. Market Trends & IT Challenges



bution

Modern

Workforce

Apps

Anywhere

Mobile

Workflows

Emerging

Delivery Models

Consumerization Is Driving Digital Transformation




bution

7

…And Creates Silos within IT

• iTunes

• Apple ID

• App Store

• iWork

• iCloud

• Gmail Account

• Google Play

• G Suite

• Google Drive

• Microsoft ID

• AD/Azure AD

• Office 365

• Windows Store

Update Service

• Salesforce 1

• Concur

• Workday

• Slack

• Dropbox

• Docusign

Mobile Team Desktop Team LOB

iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS




bution

Mobility: A Key Aspect of the Consumerization of IT

Consumer Experiences The Way We Work

8

IT Service Delivery

Graphics created by VMware based on industry research:1. Statista, “Global mobile retail commerce revenue from 2012 to 2018,” January 2017 2. Gartner, Mikako Kitagawa, “User Survey Analysis: Mobile Device Adoption at the Workplace Is Not Yet Mature,” October 2016 3. Gartner, “The Things People Buy: CIOs Need to Know the Smartphone User Preferences That Impact Mobile Policies” January 22, 2016

Global mobile commerce is projected to almost double by 2017.1

employees, as of 2016 in a Gartner survey, use a personally owned device or devices for work.2

Number of respondents = 5,862Base: Works a full-time job or part-time job

By 2018, 95% of global enterprises will have both a choose-your-own-device (CYOD) and a formal bring-your-own-device (BYOD) plan in place.3

$315

$549(U.S. Billions)

2015 2017

95%BYODand

CYOD

2 out of 3



bution

9

Why Your Security Team is Concerned

152% INCREASE

34% REPORTED

56% INCREASE

EXPLOITS ON IoTincrease in 2015

INTELLECTUAL PROPERTYtheft in 2015

EMPLOYEEScited as source of compromise in 2015



bution

CONFIDENTIAL 10

v

“There are two kinds of big

companies in America: those

who have been hacked . . . and

those who don't know they've

been hacked.”

~ James Comey, FBI Director

Justice News: U.S. Chamber of Commerce Third Annual Cybersecurity Summit

v

“Ninety-seven percent of

Fortune 500 companies have

been hacked, and likely the

other 3% have too, they just

don’t know it.”

~ Peter W. Singer, Political Scientist

FORTUNE: Cybersecurity is for the C-suite, 'not just the IT crowd'



bution

Digital Transformation: IT Challenges

11www.company.com

Context Driven Unified

Access“Any App, Any device, Any where” To

“Right app, Right Device, at the Right

Time”

User CentricityNeed for Enterprise Secure solution,

without compromising User

Experience

Proliferation of DevicesConvergence of work and personal

devices

Mobile & ProductivityKeeping your Mobile Workforce

productive

Shadow IT Security Risks

Rising Security risks with

Consumerization of IT



bution

2. Why Context Matters?



bution

Context Driven Security and Access

How Do

They

Access?

Where Do

They Access

From?

Who are

Your

Users?

What

Resources Do

They

Access?

C O N T E X T

13




bution

ConsumerSimple

EnterpriseSecure

Digital Workspace

1414



bution

Workspace

Experience

Identity, Mobility And Workspace ONE

CONFIDENTIAL 15

Identity

Manager AirWatch

CatalogService



bution

Conditional Access using Identity Context and Device Compliance

16

AUTHENTICATION

MODULE

DEVICE

POSTURE

USER

AUTH

APP SERVICE

Workspace ONE

Managed Jail Broken

DEVICE COMPLIANCE

OS

3rd PartyMSA | Malware | Trust

LocationBlacklist

Apps

IDENTITY CONTEXT

Authentication

Provider

Network

Scope

Authentication

Strength

Session

Time

Per

Application

Remote Apps | Web Apps | Native Apps

Integrates identity and device compliance to create and enforce granular policies for secure data access

Leverage existing Identity management investments to simplify data management

Eliminate manual compliance management, minimizing data access risk



bution

Identity and Access Management

Unified Catalog Single-Sign On Authentication Access Policy

AirWatch Unified Endpoint Management (UEM)

Management Context

End-User Services Team

iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS

17

One Platform For All Use Cases Open

Ecosystem

App Config

Community

Mobile

Security

Alliance

Authentication

and Identity

Providers

Connected Things

(Rugged / IoT)

Virtualize




bution

3. Conditional Access Overview



bution

What is conditional access?

19

IF THIS THEN THAT (IFTTT)Conditions Action

Enrolled Vs unenrolled device

Enrolled device becomes non-compliant

Device OS (iOS Vs Android Vs Win10)

Network location (corp network Vs public)

Group membership

Allow

Deny

Step-up with MFA




bution

Workspace ONE Architecture

Email

Secure Browser

Content

Contextual Policy Framework

LOCATION APPDEVICEUSER DATA

Windows Device

Adapter

iOS Device Adapter

Android Device

Adapter

Browser Add-On

Authentication

Mobile Push,

X.509Session

Management

Protocol Engine

Proxy (F5)

Per App VPN

AccessPoint

Device

Provisioning and

Configuration

Compliance

Enforcement/

Remediation

Self-Service App

Provisioning(Push/Pull)

SAML / OIDC

WS-Fed

HTTP

Access Management

App / Device Management

Any Application

Catalog and

Launcher

Catalog and

Launcher

App/Data

Containerization

Includes integration with Mobile Security / CASB Partners

Web Apps

SaaS Apps

Windows Apps

Citrix Apps

Mobile Apps

Mobile Apps

Cloud

On Premises

Any Device

Or 3rd Party

Auth Providers:

(RSA, Imprivata

Radius)

Unified Catalog /

App Broker

(Google Play,

Apple Store,

Windows Store

for Business)

Active Directory

Or 3rd Party

Identity

Providers

(Ping, ADFS)




bution

Conditional Access For Office 365

21

OWA

Modern

Auth

Clients

Browser

Client App

Client App

Conditional

Access

Policy

Active Sync & Legacy Clients`




bution

DEMO: Conditional Access For

Outlook App On Mobile Device

22



bution

23



bution

Conditional Access For Office 365 ActiveSync And Legacy Email Clients

24

Network Range

Device/OS Type

Client Name

Group Membership

Email Protocol




bution

DEMO: Conditional Access For

Native Email Clients

25



bution

CONFIDENTIAL 26



bution

Conditional Native Email Access From Enrolled Devices Only

27

Restrict email access to only

enrolled devices, set of users, pre-

defined mail clients and devices…




bution

Conditional Intune DLP Policies Through Workspace ONE




bution

Step-Up Authentication With Workspace ONE

Condition

Workspace ONEApp name

Device OS

Network Location

Group membership

Any 3rd party MFA

Built-in MFA




bution

VMware Verify Mobile-Push Strong Authentication

30

Built-into Workspace ONE for consumer simple, enterprise secure strong authentication

Key Benefits

Simple consumer-like

registration and useNo more instructions, codes or

copying and pasting for high

compliance strong authentication

Reduce strong

authentication costs Reducing or eliminating

traditional tokens

Leverage the

smartphone Nearly every employee

already owns as a physical,

second factor of

authentication

Reduced security riskOf replay, keylogger, and man-

in-the-middle attacks by

authenticating users outside of

the application




bution

DEMO: Step-Up Authentication

31



bution

32



bution

Biometric Authentication Using RSA Authenticator

Condition

Workspace ONEApp name

Device OS

Network location

Group membership

Eye scan with

RSA Authenticator




bution

34

Protect Against Mobile Threats Through Partner Integrations

Conditional

Access

Policy

Mark DeviceNon-Compliant

MTD solutions



bution

DEMO: Conditional Access

Based on Mobile Threat

35



bution



bution

4. Mobile SSO Overview



bution

What is Mobile SSO?

Password-less login experience into a native mobile app (No SDK or app wrapping required)

38

Pre-requisite: Requires device enrollment into Workspace ONE




bution

Mobile Experience Without Workspace ONE




bution

40

Mobile Experience With Workspace ONE




bution

Enabled Through One Touch SSO

Workspace™ ONE™One Touch SSO

TRUST Cloud

41

SaaS AppsTrust ID Key




bution

DEMO: Mobile Single Sign-On

42



bution

43



bution

Recap

1. Workspace ONE provides unified workspace for access to ANY type of app

2. You can add conditional logic to control access to these apps based on your

security requirements

3. You can improve productivity and security for app access from mobile devices

using Mobile SSO feature




bution

Attend Related Sessions

45

Session ID Title Date / Time

SAAM1321BU VMware on VMware: Winning a Single Sign-On

Solution with VMware Workspace ONE

Thu, 10:30 – 11:30 am

EDU4252U Use Workspace ONE to Stop Disappointing Your

New User

Thu, 10:30 – 11:00 am

SAAM2294BU Simplify management and security of your mobile

apps

Thu, 1:30 – 2:30 pm




bution



bution



bution

SAAM2204BU Secure and Seamless Access to All …...Prab Kalra Vikas Jain SAAM2204BU #VMworld #SAAM2204BU Secure and Seamless Access to All Your Applications with Workspace ONE Conditional

Documents