SEPARATING WORK AND PERSONAL

Similar documents
PROTECTION FOR EVERY ENTERPRISE. How BlackBerry Security Works. Whitepaper. Brochure. Whitepaper

SECURE, CENTRALIZED, SIMPLE

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Multi-Platform Enterprise Mobility Management. Perfectly balancing end-user and corporate needs

BUILT FOR BUSINESS. 10 Reasons BlackBerry Smartphones Are Still the Best Way to Do Business. Whitepaper

Enterprise Mobility Management

MaaS360 Secure Productivity Suite

Enterprise solution comparison chart

BlackBerry UEM + Samsung Knox

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Securing Enterprise or User Brought mobile devices

Bring Your Own Device. Peter Silva Technical Marketing Manager

ipad in Business Mobile Device Management

Licensing Guide. BlackBerry Enterprise Service 12. Version 12.0

Managing Devices and Corporate Data on ios

RHM Presentation. Maas 360 Mobile device management

Windows Phone 8 Security

Built to keep you moving

ipad in Business Security Overview

Augmenting security and management of. Office 365 with Citrix XenMobile

The Mobile Risk Management Company. Overview of Fixmo and Mobile Risk Management (MRM) Solutions

JUNIPER NETWORKS PRODUCT BULLETIN

Cisco Desktop Collaboration Experience DX650 Security Overview

Configuration Guide. BlackBerry UEM Cloud

BlackBerry BlackBerry 10 OS, version continues to build on the BlackBerry 10 platform for the Z10, Q10 and Z30 devices.

Configuration Guide. BlackBerry UEM. Version 12.9

Enterprise Product Guide

Identity and Authentication PKI Portfolio

BlackBerry UEM Configuration Guide

Sophos Mobile Control startup guide. Product version: 7

Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

Systems Manager Cloud-Based Enterprise Mobility Management

Installation and Configuration Guide

Product Guide. McAfee Enterprise Mobility Management (McAfee EMM ) 9.6

Overview and What's New Guide

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems


Enterprise Security Solutions by Quick Heal. Seqrite.

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

Enterprise Mobile Management (EMM) Policies

Mobilize with Enterprise Security and a Productive User Experience

BlackBerry Enterprise Server Express for Microsoft Exchange

BlackBerry Enterprise Server Express for IBM Lotus Domino

BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Feature and Technical Overview

Securing Office 365 with MobileIron

The Challenge. The Solution. The Modern Approach to Remote Access


Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0. Feature and Technical Overview

AirWatch Container. VMware Workspace ONE UEM

Vodafone Secure Device Manager Administration User Guide

Deployment of Cisco IP Mobility Solution on Enterprise Class Teleworker Network

Compliance Manager ZENworks Mobile Management 2.7.x August 2013

Security Note. BlackBerry UEM

White Paper. Enabling Mobile Users and Staying Compliant. How Healthcare Organizations Manage Both

Sophos Mobile in Central

The Future of Mobile Device Management

VMware AirWatch ios Platform Guide Deploying and managing ios devices

Enterprise Security Solutions by Quick Heal. Seqrite.

XenApp, XenDesktop and XenMobile Integration

AC750 Dual Band WiFi Router

Enterprise Guest Access

Rethink Remote Access

Lookout Mobile Endpoint Security. Deploying Lookout with BlackBerry Unified Endpoint Management

Sophos Mobile. startup guide. Product Version: 8.5

Sophos Mobile Control SaaS startup guide. Product version: 7

Trend Micro Guide and solution to help embrace Consumerization and BYOD. James Walker EMEA Product Marketing Manager 26 September 2012

Sophos Mobile in Central

Synchronized Security

Deploying Lookout with IBM MaaS360

AT&T SD-WAN Network Based service quick start guide

Sophos Mobile. startup guide. Product Version: 8.1

BlackBerry solution comparison chart



McAfee Enterprise Mobility Management 12.0 Software

Delivering the Wireless Software-Defined Branch

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

VMware AirWatch ios Platform Guide Deploying and managing ios devices. Workspace ONE UEM v9.4

Google Identity Services for work

BlackBerry Mobile Voice System

1Y0-371 Q&As. Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions. Pass home 1Y0-371 Exam with 100% Guarantee

Sophos Mobile Control SaaS startup guide. Product version: 6.1

Vendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo

VNC Connect security whitepaper. Cloud versus direct with VNC Connect

Mobile Devices prioritize User Experience

Cloud Mobility: Meraki Wireless & EMM

ios Supervised Devices

Server Installation ZENworks Mobile Management 2.6.x January 2013

Thomas Lippert Principal Product Manager. Sophos Mobile. Spring 2017

PLATFORM CONVERGENCE JOURNEY

Quick Heal Mobile Device Management. Available on

Deploying. Mac. Five best practices

G/On. G/On is available for Windows, MacOS and Linux (selected distributions).

ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS

Cloud FastPath: Highly Secure Data Transfer

Building a BYOD Program Using Jamf Pro. Technical Paper Jamf Pro or Later 2 February 2018

REVISED 4 JANUARY 2018 VMWARE WORKSPACE ONE REFERENCE ARCHITECTURE FOR SAAS DEPLOYMENTS

Colligo Briefcase. for Good Technology. Administrator Guide

Intune Policies Guide

Transcription:

SEPARATING WORK AND PERSONAL How Balance Works at the Platform Level Whitepaper

2 Why balance matters in enterprise mobility As more and more business processes go mobile, IT faces an ever-increasing number of security challenges. Users now have access to a multitude of personal communication channels, such as social networking sites, untrusted personal applications, webmail, web browsing, and instant messaging. Without the proper structures in place, data-transfer mechanisms such as P2P file sharing, USB connectivity, media card swapping, Bluetooth and NFC data transfer can all pose a threat to the enterprise. In the past, better mobile security meant sacrificing the user experience, and vice versa. This paradigm comes to an end with Balance. Balance maximizes employee productivity and user satisfaction with a seamless, elegant, and intuitive user interface. Balance is built right into every 10 device and is available automatically when a device is enrolled with Enterprise Service 10 (BES10). Visit blackberry.com/business for details.

3 How Data Leak Protection is built in Balance partitions work data from personal data using two completely separate file systems. ENTERPRISE (WORK DATA SOURCES) BES10, Content Servers, Web Servers, Microsoft ActiveSync MDS BES Enterprise Wi-Fi Enterprise VPN Intranet Browsing Email PIM Work Space Work Apps Work File System (AES-256 Encryption) 10 User Interface Unified Apps ( Only) Unified App Controls Personal Space Apps Personal File System 3rd Party Apps PERSONAL (DATA LEAK CHANNELS) Personal apps Social networking Email and webmail Web browsing Instant messaging and other P2P SMS/MMS USB and Micro SD Other data channels Data Identification and Tagging Data Leak Controls Data Access/Transfer File Transfer Cut and Paste Other Not Permitted Balance architecture: Built-in Data Leak Protection Work Space (Left) Work applications reside within the work file system. Work applications and work data are always protected by the work file system with AES-256 encryption. Only applications that reside in the work file system are able to connect through work communication channels, including Enterprise Service 10, enterprise Wi-Fi, enterprise VPN, and Intranet browsing. If you want to allow Personal Space traffic to use these work connectivity options, you have that option. The appropriate communication channels are automatically provisioned to protect your sensitive enterprise data. User Interface (Center) The key to Balance is its interface. Data originating from an enterprise resource is automatically identified as work data, and any other data is automatically identified as personal. Work data can t be copied or cut/ pasted into a personal data channel, and files can t be moved from one file system to the other. The user interface allows some work and personal content to be displayed together for an ideal user experience, as in the case of the Hub; however, an abstraction layer prevents any data leakage between the Work Space and the Personal Space. The Work Space and Personal Space have separate wallpapers, so users always know at a glance which space they re in. Personal Space (Right) Personal applications reside within the personal file system. Personal applications include personal apps such as BBM and third-party personal apps for things like email, gaming and social networking. Applications that reside on the personal file system have access only to personal communication channels (listed on the right hand side of the diagram), often referred to as data leak channels. Again, you have the option to enable personal apps to use work connection options if you need or want to.

4 Double duty: How Balance handles crossover apps Work Space Personal Space WORK APPS UNIFIED APPS PERSONAL APPS World for Work Hub World Enterprise App 1 Calendar Social Media Apps Enterprise App 2 Contacts BBM Enterprise App 3 Remember BBM Video Chat Enterprise App 4 Universal Search Camera Enterprise App 5 DUAL APPS Phone Mobile Voice System File Manager File Manager Other IM and P2P Others Documents To Go Documents To Go Compass Browser Browser Calculator Music, Video and Pictures Music, Video and Pictures Android Runtime Some apps serve both purposes. Balance has the answer. Work applications Work apps are isolated to the Work Space only. World for Work operates in the Work Space, where users can see a list of applications that are approved by the enterprise, and can download them within the Work Space. Unified applications Native apps provide unified views into both Work and Personal Space content. This creates the unified user experience. For example, the calendar application will show content from both spaces (such as a work meeting and a dentist appointment), but the content is still segregated on the device, with built-in data leak protection (DLP). Dual applications Some apps operate in both the Work and Personal Spaces (Documents To Go, for example). These dual-purpose apps run as simultaneous instances, segregated by the 10 Platform. They are isolated, independent, and unaware of one another, so there s no mixing of data between the two. Personal applications Personal apps do not have access to work content, except under highly controlled situations. For example, some enterprises may allow personal applications like the phone, SMS or BBM to access work contacts. IT can lock out that access at a server level if appropriate. Any additional apps that a user installs are downloaded from the public World, and the user has full control over the applications that are installed into their Personal Space.

5 Protecting data in motion The personal and work sides of the device actually operate separate routing tables, so we can segregate the data in transit, as well as data at rest. Administrator s Computer Router Infrastructure Wireless Network Device APNs BES10 Databases BES10 Internal Firewall TCP Proxy Firewall Additional 3rd Party Apps* Infrastructure Wireless Network ios and Android Devices The proven security model, which now extends to multiple platforms, seamlessly enables secure access to systems behind the firewall and protects work data in transit. Simple and cost effective setup and ongoing admin is supported by the VPN-less, single outbound port 3101 connectivity model is renowned for including certified end-to-end encryption. So there s no need for third party connectivity or security solutions. * including certificate authority, mail server, other web servers or content servers Outside of the enterprise, any connection to Enterprise Service 10 via the infrastructure over Wi-Fi or cellular uses AES-256, which also protects the connection to Microsoft Exchange and any other enterprise content servers. The infrastructure-to-device leg has an additional layer of Transport Layer Security (TLS) to authenticate the infrastructure. Outside of the enterprise, the infrastructure can be bypassed by connecting directly to Enterprise Service 10 by VPN, over Wi-Fi or cellular. The device VPN supports IPsec and SSL. Inside the enterprise, the device connects directly to Enterprise Service 10 and the LAN over corporate Wi-Fi. Note: For all of these options, Wi-Fi security is the industry standard. For additional security, end-to-end SSL is supported between 10 devices and the content servers. The user s personal space and personal apps can directly connect to Wi-Fi and cellular, also supporting SSL if you so choose. Users can also connect to their own private network VPN. As mentioned above, there s also the option to allow personal space traffic to use work connectivity options (and this can be easily disabled by IT policy).

6 Policies and controls: Enterprise Mobility Managementent (EM The innovative 10 container-managed security design greatly simplifies the setup and management of IT controls. This serves to reduce the number of IT settings and controls required, without compromising on the benefit those controls provided in previous Enterprise Server environments. Below, find out more about the 3 levels of EMM control available with 10. Level of EMM Policy LEVEL 1 LEVEL 2 LEVEL 3 LEVEL 4 LEVEL 5 LEVEL 6 Open policy, low management needs Managed devices for some end-users and open for others Regular mobile policy for everyone Segmented mobile policy Mix of lockdown and managed devices 100% lockdown Gold Level EMM Silver Level EMM Small and medium size businesses Media and other non-security sensitive industries Large and medium enterprise security sensitivity Large enterprise with multiple different levels of device management and security Legal and professional services, oil and gas, financial services Large enterprise high security Government, central agencies Regulated industries Basic Mobility Management (ActiveSync Only) Soho, small to medium businesses with no company policy Enterprise Mobility Management 10 with Enterprise Service 10 supports the entire spectrum and mix of enterprise mobility management needs, from basic BYOD to high security. 10 support for the ActiveSync protocol will meet the needs of companies that take a relaxed approach to device management and security allowing them to synchronize with their email platform and enabling basic device management. Moving up a level, we have the Silver level EMM 1 option, which is part of Enterprise Service 10. This is for enterprises that are more sensitive to the need to secure their corporate data and require greater security/device management capabilities. Highly regulated, government organizations and those businesses that take security very seriously require more stringent control over devices, and will need to enforce strict security policies. For these organizations, we offer Gold level EMM 2, which is also administered through Enterprise Service 10. This option gives you a whole host of policies to control virtually everything about the device. And now, if you need or want the flexibility to allow corporate-provided 10 devices to be deployed with both a Work Space and Personal Space, you have the flexibility to do so, and the administrator controls to span both spaces with Gold level EMM.

7 What s included with Enterprise Service 10 and Silver level EMM licenses A single intuitive management console to manage your devices, users, groups, apps and services, including reporting and dashboard capabilities Full Mobile Device Management (MDM) for 10 smartphones, ios and Android devices Balance technology, providing a secure Work Space and Personal Space on 10 devices World for Work: a fully integrated corporate app storefront Ability to manage instances of Enterprise Server 5.0.3 and above through the Enterprise Service 10 management console

8 Ready to try Enterprise Service 10? Run a free trial for 60 days with no impact on your existing setup. 3 Head to blackberry.com/business EZ PASS Free perpetual BES10 licenses for all existing and other MDM licenses. Limited time offer. 4 Learn more at blackberry.com/ezpass 1 Silver level EMM provides the management and control feature set for 10, ios and Android devices previously known as EMM Corporate. 2 Gold level EMM provides the management and control feature set for 10 devices previously known as EMM Regulated, and also covers the containerization option for ios and Android management known as Secure Work Space for ios and Android. Gold level EMM is available with BES10 v10.1 and later. 3 60-day Free Trial Offer: Limited time offer; subject to change. Limit 1 per customer. Trial starts upon activation and is limited to 50 Silver licenses for devices and 50 Gold licenses with Secure Work Space for ios and Android. Following trial, customer must purchase service to continue use of product. Not available in all countries. A trial system can be upgraded to a production system at any time by adding a production key purchased or acquired from an authorized reseller. When a system is upgraded to production, the trial licenses will no longer be available. 4 Between now and January 31, 2015. Additional Terms and Conditions will apply. Screen images simulated. ios is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. ios is used under license by Apple Inc. Apple Inc does not sponsor, authorize or endorse this brochure. Android is a trademark of Google Inc. which does not sponsor, authorize or endorse this brochure. 2014. All rights reserved., BBM and related trademarks, names and logos are the property of Limited and are registered and/or used in the U.S. and countries around the world.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback