1 00:00:06,840 --> 00:00:09,310 - With the prevalence of mobile devices 2 00:00:09,310 --> 00:00:13,490 being used To actually complete our jobs, 3 00:00:13,490 --> 00:00:16,280 there is a certain risk associated with that. 4 00:00:16,280 --> 00:00:19,270 Because we're now putting company data onto a device, 5 00:00:19,270 --> 00:00:21,510 that device may or may not be owned 6 00:00:21,510 --> 00:00:23,020 by the actual company, 7 00:00:23,020 --> 00:00:24,850 and that's a bit of a problem. 8 00:00:24,850 --> 00:00:27,070 So MDM comes into play here. 9 00:00:27,070 --> 00:00:29,450 MDM is mobile device management, 10 00:00:29,450 --> 00:00:31,420 and we see here how do we maintain 11 00:00:31,420 --> 00:00:33,470 enterprise security posture on a device 12 00:00:33,470 --> 00:00:35,360 that we do not control 13 00:00:35,360 --> 00:00:39,250 while still giving the user the freedom they expect, 14 00:00:39,250 --> 00:00:42,220 and require in order to actually complete their job? 15 00:00:42,220 --> 00:00:44,240 We see a lot of bring your own device 16 00:00:44,240 --> 00:00:45,740 and enterprise environments now. 17 00:00:45,740 --> 00:00:49,390 As well, the company may or may not own 18 00:00:49,390 --> 00:00:52,410 a whole bunch of tablets and mobile phones. 19 00:00:52,410 --> 00:00:54,480 So we see the use of tablets 20 00:00:54,480 --> 00:00:56,990 as well as phones in particularly, 21 00:00:56,990 --> 00:00:59,053 a lot in warehouse environments. 22 00:00:59,950 --> 00:01:01,820 So you take a device that has a camera on it, 23 00:01:01,820 --> 00:01:03,880 that camera can scan a barcode. 24 00:01:03,880 --> 00:01:06,590 Similarly, the companies that deliver 25 00:01:06,590 --> 00:01:08,310 packages to your front door, 26 00:01:08,310 --> 00:01:10,870 and they need to prove that the delivery was made. 27 00:01:10,870 --> 00:01:12,810 They take a picture of the delivery. 28 00:01:12,810 --> 00:01:13,643 There's your front door, 29 00:01:13,643 --> 00:01:14,520 there's your package. 30 00:01:14,520 --> 00:01:15,457 You get an email saying, 31 00:01:15,457 --> 00:01:17,030 "Hey, there's your package right there. 32 00:01:17,030 --> 00:01:19,080 There's proof that we delivered it." 33 00:01:19,080 --> 00:01:21,550 That device and the warehouse devices, 34 00:01:21,550 --> 00:01:22,890 whatever the case may be, 35 00:01:22,890 --> 00:01:25,160 are most likely owned by the company. 36 00:01:25,160 --> 00:01:29,070 So how do we enforce our enterprises policies 37 00:01:29,070 --> 00:01:32,650 on these devices that are out and about, 38 00:01:32,650 --> 00:01:35,370 as well on devices that we are allowing 39 00:01:35,370 --> 00:01:37,343 to attach to our network? 40 00:01:38,970 --> 00:01:40,280 So MDM exists. 41 00:01:40,280 --> 00:01:43,420 MDM has a whole bunch of common features 42 00:01:43,420 --> 00:01:45,930 across the majority of MDM providers. 43 00:01:45,930 --> 00:01:48,330 So let's take a run through these provisioning. 44 00:01:48,330 --> 00:01:50,820 A lot of these MDM platforms allow 45 00:01:50,820 --> 00:01:53,960 or offer zero touch provisioning services. 46 00:01:53,960 --> 00:01:57,860 Wherein, when the user opens the device, 47 00:01:57,860 --> 00:02:01,290 it is already associated with one, the MDM, 48 00:02:01,290 --> 00:02:04,720 and two, the actual enterprise customer. 49 00:02:04,720 --> 00:02:06,690 These MDMs will then push down 50 00:02:06,690 --> 00:02:09,000 some configuration to that device 51 00:02:09,000 --> 00:02:11,900 as well as policy and security setting. 52 00:02:11,900 --> 00:02:14,480 So how long does the pen need to be in order 53 00:02:14,480 --> 00:02:16,730 to unlock the device, things like that. 54 00:02:16,730 --> 00:02:19,640 They also offer backup and restore capabilities, 55 00:02:19,640 --> 00:02:23,370 so that if the device is lost, no data is lost. 56 00:02:23,370 --> 00:02:25,780 Similarly, remote lock and wipe. 57 00:02:25,780 --> 00:02:27,470 If the device is stolen, 58 00:02:27,470 --> 00:02:30,160 then the MDM can go wipe the device. 59 00:02:30,160 --> 00:02:31,960 If it's online, lock it. 60 00:02:31,960 --> 00:02:35,590 If it's online, provided the MDM can access it, of course. 61 00:02:35,590 --> 00:02:36,890 And one of these policies 62 00:02:36,890 --> 00:02:38,440 that you could configure is, 63 00:02:38,440 --> 00:02:41,620 if it hasn't talked to the MDM in four days, 64 00:02:41,620 --> 00:02:43,163 then wipe the device. 65 00:02:44,290 --> 00:02:45,430 Logging and reporting. 66 00:02:45,430 --> 00:02:47,290 So we have local logs on the device, 67 00:02:47,290 --> 00:02:49,050 take those logs and send them up 68 00:02:49,050 --> 00:02:51,920 to the MDM provider. 69 00:02:51,920 --> 00:02:54,680 Access control, meaning you have to be an employee 70 00:02:54,680 --> 00:02:57,360 of this organization to actually use the device. 71 00:02:57,360 --> 00:02:58,750 We can deploy applications. 72 00:02:58,750 --> 00:03:01,460 So if we need this barcode scanner 73 00:03:01,460 --> 00:03:03,670 to be on all of our devices, 74 00:03:03,670 --> 00:03:05,610 we can enforce that with MDM, 75 00:03:05,610 --> 00:03:07,650 as well as prevent the users 76 00:03:07,650 --> 00:03:10,280 from removing those applications. 77 00:03:10,280 --> 00:03:11,800 We can push for more updates. 78 00:03:11,800 --> 00:03:15,107 So, for example, an iPhone is going to say, 79 00:03:15,107 --> 00:03:17,960 "Hey, there's a new version of iOS available. 80 00:03:17,960 --> 00:03:20,170 Do you wanna install it with an MDM?" 81 00:03:20,170 --> 00:03:21,530 We can take control of that 82 00:03:21,530 --> 00:03:23,320 and force the installation 83 00:03:23,320 --> 00:03:25,020 or stop the installation 84 00:03:25,020 --> 00:03:26,990 if we don't want the user to upgrade yet, 85 00:03:26,990 --> 00:03:29,500 because we haven't gone through the full QA 86 00:03:29,500 --> 00:03:32,530 on whatever our enterprise applications are. 87 00:03:32,530 --> 00:03:34,910 We can monitor network utilization, 88 00:03:34,910 --> 00:03:36,510 see how much of our SIM data 89 00:03:36,510 --> 00:03:37,940 is actually being consumed. 90 00:03:37,940 --> 00:03:41,580 So we don't have extreme cell phone charges. 91 00:03:41,580 --> 00:03:43,790 We can track assets as well. 92 00:03:43,790 --> 00:03:46,240 So with an MDM, you could turn on the GPS 93 00:03:46,240 --> 00:03:48,500 and say this device is physically located 94 00:03:48,500 --> 00:03:50,260 at this latitude/longitude. 95 00:03:50,260 --> 00:03:52,420 And we know where the device is. 96 00:03:52,420 --> 00:03:55,780 Remotely troubleshoot, remote control, GPS tracking. 97 00:03:55,780 --> 00:03:58,780 This one is particularly interesting, geofencing. 98 00:03:58,780 --> 00:04:01,260 I worked with a customer one time that had, 99 00:04:01,260 --> 00:04:02,740 it was a grocery store, 100 00:04:02,740 --> 00:04:04,410 and they had little cell phones 101 00:04:04,410 --> 00:04:08,070 that were used for the the what's the word for it, 102 00:04:08,070 --> 00:04:09,380 remote shoppers. 103 00:04:09,380 --> 00:04:10,940 So you go to the application, 104 00:04:10,940 --> 00:04:13,710 you say I wanna buy some milk and cheese, 105 00:04:13,710 --> 00:04:14,600 submit your order. 106 00:04:14,600 --> 00:04:17,740 Someone in the store has to acquire those goods, 107 00:04:17,740 --> 00:04:19,740 put 'em into a bag and put your name on it. 108 00:04:19,740 --> 00:04:22,120 And they were using cell phones for that. 109 00:04:22,120 --> 00:04:23,360 And they had a problem with people 110 00:04:23,360 --> 00:04:25,820 leaving with the devices at the end of the day. 111 00:04:25,820 --> 00:04:27,770 So they implemented an MDM 112 00:04:27,770 --> 00:04:29,680 with a geofencing functionality 113 00:04:29,680 --> 00:04:30,920 and there was an alert sent 114 00:04:30,920 --> 00:04:33,720 as soon as that device crossed that fence. 115 00:04:33,720 --> 00:04:35,940 Then, so as they're walking out to their car, 116 00:04:35,940 --> 00:04:38,407 an alert was sent to the in store manager saying, 117 00:04:38,407 --> 00:04:41,140 "Hey, one of your cell phones is leaving. 118 00:04:41,140 --> 00:04:42,997 You need to go take a look at that." 119 00:04:44,370 --> 00:04:46,090 Usually, there's support for iOS, 120 00:04:46,090 --> 00:04:49,053 Android, and ChromeOS in these MDMs.