Okay, good morning. Good afternoon. Good evening, ladies and gentlemen, depending on where in the world you are today. Welcome to another company, your call webinar cloud access security and enterprise mobility. Better together. That's our topic for today. My name is Alexei a Balaganski. I am a lead Analyst at call joining you from do Germany. And today. Joining me from California is mark Kimball, the portfolio manager for cloud security at IBM. This webinar is supported by IBM. Before we begin. Just a few words about Cooper call.
We are an Analyst Analyst company headquartered, headquartered in Germany, multiple, quite a global reach. We have people around the world from us, UK, Germany, Singapore, Australia. We do a lot of enterprise it research advisor projects. And of course we are providing the warehouse types of events, events ranging from free webinars like this one to quite a large scale physical events.
And the biggest of them of course, is our yearly European identity conference.
Probably the biggest and the most well established conference for the topic of identity that access management and cyber security in Europe, you are all invited of course, next may in Munich. And for the first time next year, we will be having our new event called digital finance world. Hopefully the first and the series around the topics of FinTech blockchain. And those are exciting and interesting stuff. You will find more information on our website. You can see the link below a few words are about the webinar. You all muted centrally. You don't have to worry about the feature.
We will record the webinar and we will publish a webcast on our website, the latest tomorrow. And of course we will send every one of you a link to that video. We will have a Q and a session at the end, but please, or do not hesitate to submit your questions during the webinar. You can use their questions tool, which is located below on the go to webinar control panel. We'll pick them up in the end and I will read them aloud for you.
So here is our agenda for today. It's split into three parts as usual.
First, I will be given a, a more high level overview of the topic. Today's webinar discussing the risk and challenges and recent development in the area of EMI and KSBY. Then I will hand to Mark Campbell, who will be talking more in detail about our solutions. IBM security is to offer to address those challenges. And as I mentioned at the end, we'll have a Q and a session. And I would like to begin the webinar with a traditional picture. I am using in almost every of our webinars. This is the way as we live in now, everything is connected.
The amount of digital assets, typical company is operating now is growing exponentially. The data that data can be stored anywhere, not no longer on premises, but somewhere in the cloud, somewhere on the goal and so on. And there is of course, a lot of actors, people, devices, things communicating, or with each other during different using different channels.
No, the corporate networkers, we knew it before, like 10 years ago, no longer exists. Basically the internet is our new modern corporate network.
You can, this picture, typical company would have multiple locations probably around the world. It'll be present.
I mean, digitally present on premises in data centers, in the cloud, also in between, there is of course a need to onboard multiple new types of Hubers, including business partners, customers, and whereas other identities. And the majority of our modern workforce is now mobile. So as you can see the, the situation now, the security landscape is much more complex, more people involved in management, and there is definitely no parameter anymore.
Oh, let me remind you the topic of today's webinar is enterprise mobility management. So let's start with a short definition. What it actually is. It's definitely not new. It has appeared almost as soon as people started bringing mobile devices to work and it encompasses always to secure and enable employees to use of smartphones and tablets for, for doing their job.
Of course, it has evolved significant. During the last years, it started with brought a simple mobile device management to monitor secure, whereas smartphones and tablets, to address the credit, bring your own device challenge and to enforce policies for accessing corporate resources. Mind you knows on premises, corporate resources, mostly later on, it had to be, it had to gradually expand from device focused towards information focused approach, simply because too much stuff was going mobile.
So the next logical step would be mobile application management, where the, it would define access policies for accessing their enterprise applications to implement means to distribute and manage their own and service party mobile apps.
And of course, to harden those mobile apps to meet corporate security policies and the most recent development is going even further towards information centric approach it's mobile information management, or it covers a lot of different approaches to separate corporate and private data on devices.
And again, to address, bring your own device challenge to secure access, to sensitive corporate information with what else means, and last but not least to obtain visibility over corporate data usage to basically, if you do not know what you have, if you cannot control your data, you cannot actually protect it. Modern M solutions have evolved into really big and complex integrated platforms for managing all types of mobile assets, devices, apps, policies, and so on, but some people are, have actually been talking recently that EMM is think of the past somehow, is it true? Probably not.
As we know the proliferation of various types of mobile devices is actually not show in any science of stopping. And in fact, nowadays every device is mobile.
Not just, it's not just about smartphone or tablets anymore. Every person armed with any kind of device is by definition mobile.
And of course, more and more of those digital assets are migrating to the cloud. So they're no longer protected by the traditional perimeter security tools and the it departments have a lot of new headaches trying to monitor, manage, and secure those data out there in the cloud. We have heard a lot about this credit to shadow it. Problem. They say that over half of enterprises are affected.
I would say probably more with just the rest simply do not understand that they are affected already. It's all about using cloud apps, not provided by the it department. Cause unfortunately the demand for using of those, whereas cloud services is now coming from business and not the it, and it simply cannot keep up with or managing and checking and authorizing all those new cloud services, social networks, whereas private accounts employers may be using to share the critical and sensitive corporate information. And of course there is a number of risks associated with that.
Losing visibility and control over corporate data means the, it is no longer enough.
Workforce is no longer appropriate tools to secure that sensitive corporate data, basically it's privacy and compliance nightmare and the most recent development to address this problem has been case of course the cloud access security brokers. It's a relatively new, still pretty exciting from the marketing point view technology. There's still a lot of topics. The market is rapidly evolving.
So what's it all about it's all about or establishing centralized policy enforcement point somewhere in between the and those cloud services. If the it department can establish a label control over that centralized policy investment point, if they can ensure that all the traffic between users and the cloud services going through that point, they can do a lot of interesting stuff. For example, they will get much better visibility into cloud service.
They can understand which services are used, which of those are legitimate, which of those are not authorized yet, but the shadow it, they can identify which users are actually in what, and thus they can definitely improve the corporate stents or regarding regulatory compliance.
Of course they can implement a lot of security measures to provide safe access to the cloud. They can secure communications channels. They can extend corporate user identities to the cloud, or they can ensure that only authorized users are actually allowed to access certain authorized services.
And of course the most important in that they can prevent sensitive data from actually being moved into a non-approved service. And of course, a nice free Aon on top of that, they will provide protection from various cloud risks by nature of the function of the broker is by definition. Someone operated in between the two involved parties, similarly, the, and the services. So a KB solution is most often implemented as a gateway, somewhere on premises or in the cloud, which leads to an obvious problem. What about mobile users?
If they are located outside of the perimeter, they're most probably still accessing those cloud services directly in bypass security broker.
And even if they are configured to, to do, to, to rule the traffic through the CASB, it still requires a lot of manual administrative effort to provisions those devices, to configure everything. And it's still nightmare for the it as IBM has called it in the materials, the mobile blind spot to address this issue. It's obvious that EMMS and KB can actually play together pretty nicely. They're definitely not either all the economy.
And we definitely cannot say that cloud access security workers are a single versus solution for all of your problems and they can actually address all the problems which old school boring EMM solutions are used to address earlier. In fact, in the future, sometime in the future, there is a very good change that these two plus and products will eventually converge and become a single security infrastructure solution. There is actually a lot of hints back in that claim, for example, many modern EMM solutions already evolving towards extending their protection towards cloud services.
And of course the KSB products are act actually seeking integration capabilities with the EMM solutions to simplify the deployment of their software on mobile devices. So they do play nicely together. And on the site, I have listed just a few of potential benefits of those types of integration.
Still. This is something which mark will be talking later in a more detail. So I believe it to him, but I would want to step back a little bit and have a look at the bigger picture.
So yes, it's kind of easy to say that cloud access security broker and enterprise mobility management solutions can work together and they do not reflect each other fine. But what about the rest? If we kind of zoom out on that initial picture of the internet, you can say that can be some form, very tiny part of the whole multi unified security infrastructure. Any reasonable company should be building if they still don't have one. What about securing the endpoints? Both mobile and desktops. What about network security?
What about managing privileged access towards those cloud services by administrators and support engineers? What about federating identities with suppliers and business partners? What about fighting against cyber fraud and hackers and espionage agents around, around there? What about insider threats, which by many are considered much more dangerous with the traditional hackers. And finally, what about access governance? What about ensuring the compliance? What about providing a unified audit across all those
Classes of security tools, which are covering various attack services?
Just a few points to consider. First of all, EMM is definitely not a thing of the past. It's still actually evolving and you have to remember that every device is now mobile, not just smartphones. We have laptops, you know, Starbucks, we have IOT sensors deployed on the, we have various industry industrial sensors, or we have home sensors, which are all supposed to talk to each other and which all filling in corporate backends with the data, the whole approach towards mobile security, shifting from device centric towards apps and information centric already mentioned.
And the key is eliminated that mobile blind support, the key is to establish a consistent unified security policies across mobile devices and rest cloud access security workers are evolving. Two, there are the most obvious and visible sign of the evolution is to
Grow, to control to wide range of cloud service. It's no longer about protecting your Google apps or box it's about covering a platform with a service and infrastructure server offering from cloud providers as well.
It's definitely growing to incorporate what else integrations or whereas additional areas of security, such as identity management, threat protection and data security, including encryption classification and so on. And eventually we have an Analyst expected that cloud will stop being a kind of a bolt on security solutions to address specific cloud related problems. It'll become an integral part of security infrastructures, according to the security by design principle. And even more importantly, that both of those areas are just a relatively tiny part of a bigger picture.
As we all know, information security is no longer defined by technology. It's no longer prescri prescribed by the it department. It's driven purely by business demands.
And those demands are growing bigger and faster every day. As long as there is a business demand to use a certain cloud service users will just stretch their arm and grab it.
And it's up to it to, to support the business exhibitions by adequate security means and multi rail security approach is the only sensible way it should integrate mobile device management, enterprise mobility in general cloud access security and many other tools that protect where the security areas well crucial here is unified management, unified security policies.
And of course, unified analytics because they'll provide you a reasonably consistent overview of everything happen in the audio company, regardless whether it's out in the cloud in your data center on premises or normal device, it's all should be centralized and it should be covered by the same analytics engine. And finally identity is the glue holding all components together. So think locally, think about EMM, think about cloud access security, but do not forget that everything is tied by identity.
And this is where I would like to switch to Mark Campbell, who will be talking about this approach in, in detail.
Great.
Thank you, Alexei. I, I great information. Thank you so much for having me on this webcast. And I'm gonna go ahead and switch over. So just a moment here and you know, I, once again, my name is Mark Campbell and I am the portfolio manager for cloud security at IBM. And I'm coming to you live from sunny, California, the United States. And we're gonna talk a little bit about what IBM has been doing for integration of EMM and CASBY. Cause we think there's a lot of great, great things that we can do to, to help our clients and, and solve some real problems.
So why don't we go ahead and get into it and let's first talk about security, the bigger picture, and this is what IBM is really focused on doing is, is you may or may not be familiar with the portfolio of security products that IBM has, but we have many, many products that really cover just about every domain in the security space that, that most, that our clients are interested in covering from end points to network, to fraud, identity, data, and apps.
And we, we look at all of these solutions and we thought, you know, we really need these to all work together and function as what we call an immune system. So if you think about the human body and the immune system and how the different parts of the body work together to defend the body against threats, whether that's virus or infection, there are different parts of the body all coming together and working together as a single unit.
And this is really what we are striving for as a company with our, with an IBM security is to have this immune system type of, of response to threats at the core of it, of course, is the intelligence and security analytics. And IBM has done a really great job of taking all of our products and, and getting them to, to really work together, to follow this immune system metaphor here.
But specifically today, we wanna talk about two areas that are extremely important to me. This is the area that, that I tend to focus in, and this is about mobile and cloud.
And when we talk about mobile and cloud specifically, we're talking about what Alexei had just mentioned, some new things that we're doing in cloud with our, our CASBY, this cloud access security broker, and also some technology that, that is fairly mature in the market space has been around for years and years. And that's the EMM. And when we think about these two types of technologies, we really have to think about, you know, these are a great combo, right?
I, I put an example here at peanut butter and jelly, another great combination, but cloud and mobile, they just go together, right? So when you think about cloud, you have to consider mobile mobile.
Now is, is really one of the primary clients for accessing cloud apps. If you think about all those connected employees that have their smartphones or tablets they're on the road or not on the road, maybe they're just in a coffee shop or in their, in their house, right. They're using these mobile apps to connect into, to cloud where they're business clouds.
You know, they're using these mobile, using these applications for business and they're getting their work done, and this is great. They're more efficient. They think that they're doing their jobs better. They can do it anytime. It's great for the employee. It's great for the, for the company, but the company still needs to have the same types of security, visibility, and management capability for the employees that are using their mobile devices to access business data and business applications.
And of course the big thing here, and probably the most important thing is the user experience has to be good, right?
And we want employees to use these applications and use them safely. But if it's hard for them to do it, if it's an inconvenient or they've gotta to put in multiple passwords and, and do all jump through many hoops to do it, they're not going to, they're gonna find an easier way. So user experience matters and it probably above all it, it's important to get that right. Otherwise employees will move to another way. That's a little bit easier for them.
And, and maybe that involves using cloud applications like file sharing that they can do. That's, it's easy for them and not necessarily in the best interests of the business. Okay. So let's talk a little bit more about, about this. So when we look at, you know, CSOs around the world in IBM, we, we've got a great opportunity that we've got many large clients, we've got clients of all sizes, but we have access to, to many CSOs.
And they're concerned about both their mobile and their cloud initiatives. These are things that they, they really think about, you know, how do we do this?
And so they, they need to straddle that, that line between risk and innovation, being able to move that business forward to not having to say no to all of the new things that the line of businesses are wanting to do. So they they're looking, how do we make cloud and mobile, better for the employees and safe for the business.
And, and this is something that it's a challenge that they have. And when we, we look at the service providers that are out there, some of the, the big ones that are providing file sharing and CRM capabilities, for the most part, they do a really good job of security. They have dedicated staff and huge budgets, and they're, they're constantly doing their security checks and audits, and they understand that security is core to their business.
If they have problems with security, they're not gonna get the business that they need.
So in many cases, these service providers do a better job with security on their end than what a lot of businesses can do on their own. And this is simply because this is their job to build out professional data centers and have security staff. This is what they do, and they do it very, very well. So this is, it's a good thing, right? But as a business, the service provider security and, and the apps that they're developing and deploying for, for mobile access only do so much, right. You still have to, to come up with the, the tools to make it safe for your organization.
Specifically, this is around visibility, managing access to the cloud applications, being able to enforce your policies for usage. And of course, you know, data protection and, and not only protecting data, but also protecting the device and protecting the, the employee.
So these are the things that, that IBM has really focused on. And when we looked at our technologies and our portfolio, you know, we have the tools to do this and going back to our immune system metaphor here, being able to have these solutions integrate and work together really helps achieve those goals. Right?
And the, the two products specifically that I'm talking about are IBM's Ry solution, which is called IBM cloud security enforcer. And this is a relatively new product for IBM. So it's been, it was announced just about a year ago, and this is our new entry into the CSRI space. And this provides the C we basics. And when I talk about that, I'm talking about being able to, you know, detect all the cloud applications in use, both the ones that are approved and the ones that are not approved Alexei mentioned shadow it.
This is the, the tool that's gonna help you understand which applications are, are shadow applications, the amount of usage, and who's doing it. But in addition to, to that basic CASBY functionality, we took it a bit beyond that. And we really focused on, well, it's not only enough to know what applications are used, but we need to be able to make sure that employees can securely access these applications. So we built in, you know, identity into this particular solution.
So it has a built-in identity component to extend out corporate credentials, to cloud applications, to securely allow employees to access that. I'll talk a little bit more about that in a little while, but then in addition to that, we took some of the, the great technology that IBM has around cloud threats, including in threat intelligence, from our IBM X-Force team and a policy engine from our, our QRA technology.
We built all this in to be able to look at the big picture of, of cloud usage from the employee standpoint, where are they doing?
Where are they using and be able to, to run analytics onto, see, to see if there's something that needs the attention of the business, whether that's behaviors, or maybe there's a threat from a particular cloud application, both inbound or even outbound. So maybe behavior that needs their attention. So the IBM cloud security force are really is a little bit different in the market as far as CASBY goes, because it has these extra components that are absent from the other solutions out there.
Now, the other solution that I wanna talk about is IBM's MAs 360 and, and this is IBM's EMM solution. And this has been in the, in the market for, for a while. It is one of the leading solutions there.
And it's really a, a full solution it's that has multiple components, including a management suite that has a mobile device management, mobile application management, and a whole set of solutions here that will help you with your, with your mobile device, including a productivity suite content suite with a mobile mobile document syncing and editors, and a gateway suite.
That includes a gateway secure browser and the threat management component for defending against malware and advanced threats. So all this is built into a single solution called IBM MAs 360. So we're pretty excited about some of the, the work that we've done between these two products and the way that we're able to integrate these technologies to provide a really great solution for our clients that are looking to, to adopt more cloud and to enable the employees to access these cloud applications through their mobile devices. Okay.
So let's talk a little bit more about the three, the things that I mentioned first one was visibility, and we're looking at visibility. This is your core CAS V strength, right? Being able to look at both usage and behaviors of employees. And what's really great about this is that Alexei mentioned that this mobile blind spot is that many CASBES can do this and they're, they can provide some of the, the basic reports like which a cloud applications are in use. Who's using them threat levels of the particular applications.
In our case, we pull in threat information dynamically from IBM's X-Force. So this is the threat and research division of IBM. That's got hundreds of, of staff that this is their primary job is going out and scouring the, the internet and finding the latest threats and, and reporting this and providing real time scores, not quite real time, but its dynamically updates, you know, sometimes within minutes scores will change.
So being able to pull this information in is great. So we can see where, where employees are going risk scores for those particular applications.
But what Alexei mentioned was the, the mobile blind spot. And oftentimes CASBES can miss this, right? Cause they're, they're not in line there. When you think about this employee from the coffee shop, going directly to a cloud application, it's not passing through a, a route where the CASB can see it. And this is something that IBM has addressed.
And the combination of the EMM mastery 60 and cloud force really helps us by being able to route the mobile traffic through a, we call a VPI and think of it as a proxy where this data can be captured and, and it can be done, you know, on a per application standpoint. So we, we can take this, this data and aggregate it into the existing data from employee usage from behind the firewall.
So now you're aggregating this data and you're, you're correlating this activity back to specific users, which is really great. Cuz now you can look at the employee usage of cloud applications.
You can identify behavior that might need coaching. You can see if employees are using file sharing applications that that as Alexei mentioned, might be considered shadow it and not using the corporate standard. But some of the other great benefits of being able to do this is being able to understand what the business needs of the organization really are.
And sometimes that, and we find this way with our clients is that when they're, when you see usage of cloud applications that maybe aren't approved by the, by the it department, this could be, this could be a, a gap in what the it team delivers. And maybe this is something that the business needs to consider, Hey, maybe we need a productivity tool or maybe we need a, a file sharing tool or, or some sort of, of tool that the employees are using without our blessings.
So maybe as a business, we need to understand what this business needs and make some investment in there.
And that's one of the, the great benefits of the CAS V that, you know, when we talk about CASBY, we usually talk about security, but there are also some other great benefits there as well. And, and in not only being able to understand what the business needs are, but also being able to, to see your actually usage of the apps that you've licensed already. So you can see if there's inefficiencies there.
So you can see a couple of, of screenshots here of our solution, where, you know, you get some basic information about user applications that are used, including, you know, some offenses and, and, and also some scores of applications. And all these scores are fed in. As I mentioned directly from our threat intelligence platform.
IBM X-Force okay. So let's talk a little bit about identity and access. And this is something that is hugely important.
And when we look at accessing cloud applications, and if we look at just threats in general, many of them are the result of poor passwords or compromised accounts. And what we really need to do is get rid of passwords as much as we can. And this is something that we focused on with our solutions is how do we get rid of passwords? Cause if you require your employees to log into every cloud app, they may be using their, their corporate credentials for third party apps, which you don't really want them to do.
You're logging directly into those, especially if they're shadow it apps, they may be using very simple passwords because they have so many to remember. They may be sharing passwords with, you know, across all the application.
So there, these are things that we, we definitely want to eliminate. We want to be able to enforce strong authentication. And the great thing is, is that most service providers out there that are have cloud applications will, will pro will support strong authentication what we call SAML.
So this is a standard that's out there that enables you as an organization to extend your existing enterprise authentication directly to the cloud. So essentially what you're doing is you're logging into your business, getting a token, so to speak that gets securely passed onto the cloud application to authenticate you. And this is something that we've built directly into our IBM cloud security enforcer, the way to, to build it, to do this very simply, and to be able to add this in with just a few clicks. And if you look at our screenshot here, this is an example of cloud service called GitHub.
Now you may not be accessing this too much from a mobile device, but, but this is really the case for any cloud application of sports to Samble and, and most cloud, most cloud service providers will support this especially ones that you know are designed for for business. And what you see here is in the middle of that screenshot in the, in the back, there is just a little button we want to enable this button. We can turn it on.
Now, this is enabled for corporate use and there's step by step directions here on how to turn on the Sam. And it's really a two to three clicks and you're ready to go. And now this can be deployed out to employees and they can access this using their corporate credentials. And what's really great is that we can do this for employees behind the firewall, but we can also then extend this out to mobile devices as well.
So logging into your mobile device, you're using that same corporate credential that you have and taking advantage of, of the identity components to be able to, to leverage that and logging in directly to the, the cloud applications, just from the mobile device, using your corporate credentials. So this is something that greatly increases security by simplifying it for the user.
You know, they're remembering their, their corporate credentials. They're putting this in.
And, you know, in many cases it can be thumbprint on the devices that are, that are supporting that the mobile devices do that and they don't have to remember week passwords. They don't have to go through the process of resetting a password. And that's, there's a lot of downtime and expense associated with resetting passwords and downtime for loss productivity. So this is something that, that we felt was really important, was being able to secure the access to the cloud applications, but still make it very easy for the employee.
And, you know, the key takeaway here, you gotta get rid of the passwords, be able to, to move to an enterprise type of authentication, a single sign on, or you'll make here called federated sign on to, to these cloud applications, and then be able to enable that not only for the employees who are behind the firewall on, you know, at their desk, but also the ones that are using their mobile devices.
Okay. So let's talk about the, the next thing.
And when we talk about being able to access the, these mobile access cloud apps from your mobile device and from behind firewall, that that's great and that's the first step. But what we find with a lot of of clients is sometimes that's not enough, or employees will often turn to shadow it simply because they don't know that applications are there for them. They don't know that the tools exist, or they, they find it hard to find the tools and get accounts.
So in, in addition to making sure that they can access these cloud applications securely, we've gotta make it really easy for employees to find these approved applications and access them. So think of what, what IBM has done here is we've provided a think of it as an app store where all the approved applications you remember in the previous screening, we had little button to approve the application.
Once it's approved.
Now, it shows up in this Porwal where all the approved applications are there for a particular employee. They can search for applications. And in many cases with just a single click, they can go right into these applications, even if they don't have an account already, many of these service provider support that, what they call just in time provisioning. So essentially you set up a profile and, you know, mark is part of the sales team. The first time I log in, it's gonna create account for me based on my attributes of being part of the sales. So I'll get a sales account.
So this is really great. Being able to, to have this application catalog, to enable things like self-provisioning for users really streamlines the enrollment. And our goal here is, is also to help reduce, shadow it by providing easy access to the cloud applications that employees need to get to and want to use.
And this is great, but if it doesn't extend out to the mobile device, then you've got that same problem.
So one of the great things that about both IBM cloud security for, and our mastery 60, is we have that same capability to provide this cloud CA application catalog for whether you're behind the firewall on your, at your desk or on your iPad at, at a coffee shop. Being able to have that same experience with the application catalog, being able to, to see all of the applications that are available to you as the employee, and then simply press a button and launch that application, get right into it.
So we're pretty excited about this and we, we think this makes it really easy for employees to access the cloud applications that they wanna access, but at the same time, it it's gonna help reduce shadow it and strengthen the, the security overall.
Okay. So now let's talk about policy enforcement. And this is something that, that is important. Alexei mentioned some of the, the concerns about using these cloud applications and, and some of the, the biggest concerns about cloud applications is a loss of control.
You know, what, what are employees really doing? What's happening? What data is going up there, where are employees, what are they accessing? What are they doing? And being able to enforce policy is hugely important with the combination of a CAS V and EMM. Now you can do some, some great things, right? And particularly with IBM's solution, we can look at mobile traffic in line.
So we're, we're looking at this traffic in line. We can, because we have that capability, we can apply policy so we can apply a policy, not only for, you know, notifying administrators of particular policy triggers, but there's also the ability to coach employees.
So if I notice that mark is going to maybe Dropbox, when box is the preferred file sharing for the, for the, for the company, I can pop up a notice to mark on his mobile device saying, we see you're going to Dropbox. Please use box.
Instead we have that capability, the ability to notify the administrators or, or manager's employees, let them know that maybe employees are, are doing things that they, that they shouldn't be doing. And, or, and, and we can also extend this out to the, the, the mobile device and add in some context based mobile access. So these are what I mean by context based mobile access. This is around is the device managed? Is the device compliant? Meaning does it have all the, the right co operating system on the phone? Does it have all the right applications installed? Is it an approved app?
Yes or no. And where is the device located? So maybe I have a different policy for employees who are accessing corporate apps outside of the country. Maybe I want to, to, to deny access to them if they're on the road. So being able to look at all of this and, and there's actually the policy engine in this case is actually an IBM's cloud security enforcer. And on the back end, it's talking with IBM master 360 to gather all the details about the device. Is it compliant? Is it managed? Which apps are, is it trying to access? And where is it?
And all of this information is, is communicated between IBM cloud security, enforcer and master 360. So decisions can be made on access to cloud applications based on this criteria. So it's a fairly robust policy engine here that can be turned on, on a app by app basis.
Or maybe you, you can have a policy that, that applies, you know, globally or down at a, at a per application or even per device. So it there's a lot of great we can do here.
And because of the integration between the, the two solutions, we have both the visibility into the, the, the traffic going to the cloud applications, what employees are doing as well as this nice context based controls for mobile users accessing cloud applications. So we're pretty excited about the things that we're able to do there and, and really offers our clients some great flexibility and security for, for their mobile and cloud security policies. Okay. But we also wanna talk about session protection.
And when I'm talking about session protection, I mean, the making sure that, that the employee is, is safe when they're using their mobile device and going out and talking to cloud applications, and not only is the employee safe, but also is the corporate data secured.
And some of the things that, that the combination of this, these two solutions offer are when we mentioned that secure channel to the cloud application. So we talked about secure authentication, but because we're also able to inspect the, the network traffic, the employee now has the benefit of that.
So if you think about employees who are behind the firewall, accessing cloud applications, they get the benefit of the firewall and the, the typically the web gateway or some other security devices, that's inspecting that traffic and protecting that, that user from threats are out there. Now, when you're on your mobile device, you don't always have that same net of security.
So being able to look at this traffic and route it through a secure gateway or secure proxy, now you have that, that two-way inspection of traffic, and IBM actually uses our, our own technology here, our IPS solution, to be able to look at this traffic and understand is this traffic being routed somewhere else, or is it, is it, is there some cross-site scripting going on here?
Is there, is there malware coming down and being able to look at that in line and add some safeguards? So that employee is protected.
We're also able to enforce device settings like, like lockouts and passcodes and being able to enforce maybe stricter passcodes. So the, the phone, if it's ever lost can, can be secured and detecting mobile malware on devices as well.
So if, if malware is happen to, does happen to show up on the device, you know, can we address that? Can we detect it and can we address it? So these are all components of what we call session protection, being able to make sure that that employee is safe in their communication, too.
And, and from the cloud, being able to enforce your policies about the, the device, looking at malware and perhaps a comprise device, and also being able to secure that, that mobile content.
And we'll talk about that a little bit more right here. And this is where we call the session productivity. And so Alexei mentioned some, some of this in, in his part about the EMM with, with several different components, but these are all a part of your EMM solutions. Being able to provide management for the, for the information itself, that's on the device. Being able to provide secure browsers.
I mentioned about the applications and being able to, to know which applications there, having a secure session there, being able to put all of this into containers to separate that out. If you want to, from employee's personal data, and this way you can, you can manage the, the company data that's on the device. You can remove it if you need to. I'll still keeping all of the employee data safe and untouched. And then of course, the ability to, to synchronize work data, to be able to edit this data and share this data directly from the mobile device, all is hugely important.
So we'll, we'll leave it there for now. And we'll certainly wanna spend some time for some questions and answers, but I wanna leave you with a couple thoughts her. So cloud and mobile, these are, are fused together, right?
You, it's hard to separate these. They go together. And when you're thinking about cloud and offering cloud applications to employees, you absolutely have to consider the mobile device and the impact it'll have. So they go together not gonna be able to, to separate these two, this is what employees want. They're going to be doing this. So when you think of security, you have to think, how do we add security that spans both the cloud and mobile and, and work together well, and of course, and I mentioned this, but I, I wanna repeat it is that user experience matters. This hugely important.
We find that a lot of employees will do things to be more efficient.
They'll do things that are more convenient. And if we don't provide the experience for a, a good experience for the employee, they're going to find other ways to do the things that they want to do. And when they do that, that typically is not in the best interest of, of your company, right?
This is, this is where data can get uploaded to, to third party sites where it shouldn't be going, this is where accounts can be compromised. Credentials can be compromised. So we wanna make sure that, that the user experience is good and that employees are using the tools that we're intending for them to use is so they don't resort to shadow it. And then the last one, you know, we talked about EMM and CASBY.
And, you know, when, when we talk about this, as Alexei mentioned, it's not a, do I need EMM, or do I need a CASBY?
You know, if there, there is some overlap between some of between, you know, what you'll read about these solutions, especially when it comes to, to applications and on the mobile device, but, but really it's best when they're integrated together.
And we, we are really excited about what we did with our solutions and having that communications between the two, where a, when an employee enrolls in the EMM, our CSU solution is automatically aware of that particular employee, not only is aware of the employee, but also the device that they own. So this really simplifies everything from the user experience, you know, rolling in the, in the EMM to being able to, to set up policies for the it team and roll out applications when these solutions work together, this is, this is really the best scenario.
So from there, I will just say, thank you to everyone. And we will open it up to our, our Q and a. So thank you. And we'll open up the, the, oh, please remember to enter your, your questions into the, the question tab on your, your console. And we'll go ahead and, and look at some of the questions now. Thank you very much.
Well, thanks a lot, mark. That was pretty deep into details and yet kind of very nice review. Thanks a lot for that. Let me just switch back to my own screen.
Okay. So as mark just said, we are going to have a, the user remaining time for your questions. Please submit them through the questions tool, and well, to give you a minute to write them down, I would probably ask a question on my own.
So mark, how deep is actually this integration or, or these two products of IBM, do you, for example, provide a unified management or unified analytics for both of the products for admins or, and by the way, let me finish the, and how does it look for the end users does actually see, for example, a single app store with both their mobile apps and cloud services, or do they still have to use two?
Well, it's a, it's a, that's a great question. And for the end user, it it's transparent.
You know, they don't see this as two different things, but the, the app store are a little different. So when you think about mobile applications, a lot of the, the applications, for example, file sharing like box is a, it's a native app to the, to the operating system of the phone. Whereas if you're behind the firewall, often you'll be accessing this through a browser, or maybe there's an agent. So it it's a little bit different in that the applications themselves are, are different from the mobile experience to the person behind the firewall. So it's a little different there.
You mentioned about the policies now, the policy engine is there's policy engines for the EMM where we can define things like what is a compliant device? You know, is it jail broken or what does it mean to be compliant?
And then the cloud enforcer will actually query the master 360 to essentially get a, a yes, no. Is this compliant? Yes or no? So there's a policy engine that's built into IBM cloud security enforcer, and that'll go out and query the mastery 60 and gather details. Now you're not setting up mobile profiles within cloud security enforcer for the EMM.
So that's still part of the mastery 60, but they do communicate their enrollment. When I say enrollment, I mean, who are the users are? And they share that data. They share data about the devices and they pass information back and forth between them. And then of course, both of these devices or both of these solutions work well with IBM's queue radar.
So if, if our clients have a Q radar, they can pull information directly into QRA and monitor both from a single console.
And of course all the other parts of the security infrastructure will plug into QRA as well. Right?
Absolutely.
And, and which is really great because if we think about a lot of the, the it teams and, and their, their security operations center, QRA is one of those applications that is up all the time. You've got someone sitting in front of it, watching it, and, and that's where people are looking, where is your Cosby solution? You probably don't have someone sitting in front of that all day, right? You'll get alerts, that'll pop up on a, on a device or email, but being able to monitor all this directly from the sock is hugely important.
And not only is it great that you're, you're getting a faster response, but you're actually putting this data in front of the people that know what to do. So if there is an incident, you know, the people in the sock are the ones that are best equipped to respond to it as well.
Okay, great. Okay. We have the first question from the audience. What is the BIM?
I, I assume privileged identity management tool and IM tool of IBM. It was very good that you already thinking outside of the box and in terms of the general security, big picture.
So mark,
So I'm sorry. You said, what is the, the IAM
Solution P IAM and IAM? So privileged identity management and identity access management, I suppose.
So those are two solutions that IBM has had for a number of of years are typically for our on premises, identity management and IBM cloud security infrastructure actually works very well with the enterprise identity solution that we have, and to excuse me, to leverage that enterprise solution and extend it out to the cloud.
So that is those, that's another solution set, but a lot of the IBM's cloud security enforcer identity component leverages that some of that same technology. So it's designed to work with it and then extend that out to the cloud to, to add federated signal, sign on to cloud applications. Quick question.
Okay. So maybe we'll continue, or the train to the next question is how does your EMM solution detect malware?
Well, so the another, another good question. So IBM has a number of technologies, including a technology that we acquire from a company called trust here. And this is the malware component for mobile devices. And that's actually built into our EMM solutions. One of the, the components of it. And this has been in the market for many years, there's hundreds of hundreds of millions of devices that have this running on it.
So it's able to, to leverage all the data that we're getting from these devices, we're looking at signatures and, and threats and, and be able to leverage this huge install base that we have, and the intelligence that we're gathering from this to identify any type of malware and then take corrective action on the device. So that's one of the components of the EMM solution is the anti malware component, which technology that came from, what we call trust here at IBM.
Yeah.
So basically IBM has you covered on all front say, wait, but kind of the next logical phone question, do companies actually have to go 100% IBM or do you support third party integrations as well?
Well, of course we'd like everyone to go a hundred percent IBM, but we know that that's not the case. We know that a lot of our clients have made investments in other areas. And for example, this identity and access, or the identity as a service, we understand that some companies have, some of our clients have already adopted their solutions.
And we've designed this to, to integrate in with, with whatever our clients have already, you know, ideally we'd like them to, to switch over to us, of course, but we're using standards. Like for example, I mentioned the SAML standard. So if there's a, some of our clients are already using a solution, you know, we wanna be able to integrate with that and perhaps fill any gaps that those solutions don't offer. For example, the application catalog capability.
That's something that we can work with if, if they, and, and the identity as well, if enterprise has company has an existing identity and access solution that they're using within the enterprise, we can still talk to that and help extend that out as well. So, no, you don't have to have all IBM for this to work. We hope that with our solutions, we can fill with other, any gaps that those other solutions may have, and that at some point, you know, hopefully we, we can earn the business and, and move everyone to an IBM source.
Okay, great. I think we have time just for one last question left, and it's an interesting one. It's going back to the, bring your own device problem. I think so if you deploy cloud enforcer onto a mobile device, it'll kind of start intercepting all the traffic going to the device. Right. Does it mean that even a private cloud services, which user may be using from his phone will be affected as well? Do you see any privacy related issues with it?
So, yeah. Great question. And absolutely there, there may be some, some policies that you want to enforce or not enforce. And the great thing about this is it's all configurable. So as an organization, you can say, we wanna route all traffic, or we want to only route some traffic. And maybe that traffic is just the, just the business apps that you know about, or maybe you're going to, maybe you don't wanna route Netflix for example, or Facebook traffic. So it is configurable.
The important thing is that we want to have visibility into the applications that are used for business, so we can enforce the, the policies for appropriate usage there, but there is the option to, to look at all traffic, if you want to. But I understand in some, some countries in some regions that may be something that organizations do not want to do. So it's really up to the, the organization, how they want to manage that.
So there's certainly trade offs and decisions that need to be made depending, you know, do I wanna look at everything or do we wanna look at just a subset of application traffic? So,
Okay, well, that sounds totally reasonable. And we just have reached the top of the hour, or let me use the final seconds to refer our audience to the related research we have available now website, including review of the actual product cloud security enforcer. Please have a look at our website, hop, call.com, and finally, thanks a lot for being with us today. And I hope to see you in our next webinars.
Have a nice day.
Thank you everyone.
Thank you, Alexei.
Thank you. And goodbye.
