SIE3197BE Secure Your Windows 10 and Office 365 Deployment with VMware Security Solutions Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel #VMworld #SIE3197BE
Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern security architecture for today s workforce Content: Not for publication 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. 3
Session Agenda 1 Modern Security Requirements 2 Securing your Windows 10 Deployments 3 Securing your Office 365 Apps and Data 4 Customer Spotlight CONFIDENTIAL 4
Modern Security Requirements 5
The Old World 6
The New World Devices Apps Infrastructure Traditional Apps Cloud-Native Apps SaaS Apps Private Clouds Hybrid Clouds Public Clouds Typical App Connects to 7 Cloud Services Virtualized Compute, Storage, Networking, Security 7
Securing Interactions is Increasingly Complex We have a large and growing surface area that needs to be secured 8
Why Your Security Team is Concerned 34% REPORTED 56% INCREASE 250% INCREASE EMPLOYEES cited as source of compromise in 2015 INTELLECTUAL PROPERTY theft in 2015 RANSOMWARE ATTACKS increase in 2017 9
VMware s Approach to Security Proliferating and diverse endpoints access Protect a Identity range of apps and and Endpoints IT services. TRANSFORM SECURITY New apps and delivery models can t be easily protected Secure with perimetercentric and Data network Applications security. Increasingly complex threat ecosystem and slow Streamline to identify non-compliance. Compliance Intrinsic Security from Device to Data Center 10
The whole IT Security journey Federated Identity, Biometric, Two-Factor Authentication Conditional Access, Secure App Token SSO, Threat Analytics VMworld 2017 Endpoint Security, DLP, App Scanning, Malware Detection Per App VPN, Intelligent Networking, Network Scanning and Security Secure micro VPN, Limited Cyber Attack Footprint, Threat Analytics Content: Not for publication Audit Network and Data Center Traffic Audit Logs for All Infrastructure Components Same Security and Policies work for Public, Private, Hybrid Clouds Self-Encrypt Drives, Analyze Environment for Anomalies Secure OS, Secure Hypervisor, Secure Data at Rest/Transit Sandbox Data Center Application, Limit Cyber Attack Vector 11
Securing your Windows 10 Deployments VMworld 2017 Content: Not for publication 12
Traditional PC Management Falls short for your modern security demands Traditional Systems Management GPO Policy Servers (AD) Software Distribution Servers OS Update Servers (WSUS) Modern Workforce Increasingly mobile and off-network Limited Visibility Policies and updates pending Compromised Security Slow to identify non-compliance Data Proliferation New ownership models; cloud apps / services 2017 VMware Inc. All rights reserved. Confidential Not for Distribution
Unified Endpoint Management Enables a modern approach to Windows security Unified Endpoint Management Configuration, Apps, Store Updates, B Security Modern IT Instant, cloud-based management Real-time Visibility Policy and updates in seconds, not months Security Across Networks Backed by a powerful compliance engine Data Loss Prevention Protect data at rest, in use, in transit 2017 VMware Inc. All rights reserved. Confidential Not for Distribution
Protect Identity and Endpoints Safeguard user identities and endpoints Across any user, application and device Establish user trust with new identity features; multifactor authentication based on context Ensure desired OS state with over the air configuration of hardware and OS Harden OS with real-time device and OS health data; block access for compromised endpoints or distribution 15
Secure Apps and Data Gain transformative insights into application infrastructure VMworld 2017 Content: Not for Secure access to any app with context of identity, endpoint and app interactions Lock down access to unapproved and un-trusted apps and malware publication Protect data with encryption, native DLP, per-app tunneling, and traffic filtering Across any app, app type, and location Remote wipe company data from admin console or self-service portal 16
#VMworld #SIE3197BE
#VMworld #SIE3197BE
Office 365 CONFIDENTIAL 21
Managing and Securing Office 365 Today s evolving workforce requires a new Simplified identity and user Authentication trust model. TRANSFORM SECURITY Traditional access control methods based on network and Conditional perimeter security are Access no longer useful. Providing Holistic Support for Office 365 Mobile and BYOD adoption present new data Data security Loss challenges. Prevention 22
Federated Identity and SSO Ensure Single Version of Truth VMworld 2017 Content: Not for Works across Office 365 and all other app investments Integrates with existing identity solutions publication Automatic SSO based on native OS APIs, certificates and Kerberos authentication Password-less authentication for Modern Authentication clients 23
Workspace ONE Conditional Access Remote Apps Web Apps Native Apps OS DEVICE COMPLIANCE Managed AUTHENTICATION MODULE DEVICE POSTURE USER AUTH Workspace ONE Jail Broken IDENTITY CONTEXT Authentication Strength Authentication Provider APP SERVICE 3rd Party MSA Malware Trust Location Blacklist Apps Session Time Network Scope Per Application 24
Conditional Access For Office 365 Browser OWA Client App Modern Auth. Clients Client App Active Sync & Legacy Clients VMworld 2017 Conditional Access Policy Content: Not for publication 25
Conditional Access Example: Restrict Office 365 Access to Managed and Compliant Devices Only Unmanaged X Access Denied Access Granted SSO to Apps VMware Identity Manager Validates User Identity Managed by AirWatch 26
Data Loss Prevention Controls for Office 365 Office 365 App Settings Copy / Paste Blocking App-level PIN / Passcode DLP Settings (save data in personal OneDrive) OS MAM Settings Open-with controls SSO, remote wipe Intune Graph MAM API Workspace Intune MDM ONE Configure Intune DLP policies from Workspace ONE console 27
#VMworld #SIE3197BE
DB Systel Deutsche Bahn's digitalisation partner DB Systel takes an integrative and value-enhancing approach to its work for the Group. 3,600 employees Revenues: 838 Million (2016) It offers a range of solutions and consulting services that are holistic and customer-specific. They meet the highest IT standards and make use of innovative developments in the sector. DB Systel combines this expertise with its outstanding knowledge of the rail sector and IT industry. It is a business partner that always takes the long view of a project and follows supplier-neutral strategies as it works towards the collective goals that everyone at DB AG shares. 30
DB Systel services all kind of workspaces Office worker (Mobile Mail) Train driver (Rail in Motion) Maintenance worker (e.g. Puma) 31
What we have achieved so far moved from MDM to Airwatch EMM in 2015 migration of 30,000 devices up to 700 per day currently serving 75,000 throughout Europe (ios, Android) Empower Digital Workspaces VMworld 2017 implemented SSO for mobile 2 factor authentication of device during rollin per app VPN Content: Not for publication Transform Security 32
DB Systel current challenges Modernize Data Centers Integrate Public Clouds Empower Digital Workspaces Transform Security DB Systel is moving all kind of workloads into cloud services like AWS oder SaaS The own datacenter will be sold O365 is being implemented as hybrid cloud service replacing Lotus Notes email infrastructure as well as other products e.g. storage move from EMM to UEM (Unified Endpoint Management) gain market share within the imaged desktop environment currently 90k Desktops with our basic Workplace (Win10, Mac) SSO 2 factor authentication of device during rollin per app VPN 33
Ways to Learn More Sessions UEM1359BE - Best Practices in Migrating Windows 7 to Windows 10 13/09 5.00 PM SAAM2291BE - Securing Access and Protecting Information in Office 365 with Workspace ONE 13/09 12 PM Content www.vmware.com/it-priorities/transformsecurity www.airwatch.com/solutions/windows VMworld 2017 Content: Not for Hands-on Labs Stop by our hands on labs at VMworld https://www.vmware.com/try-vmware/tryhands-on-labs.html publication ASK THE EXPERTS 34
Questions? 35