sie3197be secure your windows 10 and office 365 or distribution · 2019-06-27 · mate barany,...

Mate Barany, VMwareManuel Mazzolin, VMwarePeter Schmitt, Deutsche Bahn Systel

SIE3197BE

#VMworld #SIE3197BE

Secure Your Windows 10 and Office 365 Deployment with VMware Security Solutions

VMworld 2017 Content: Not fo

r publication or distri

bution

Speaker Introduction

2

• Mate Barany, VMware

• Manuel Mazzolin, VMware

• Peter Schmitt, Deutsche Bahn Systel

Understanding the modern security architecture for today’s workforce

Who

Why



bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

3



bution

Session Agenda

1 Modern Security Requirements

2 Securing your Windows 10 Deployments

3 Securing your Office 365 Apps and Data

4 Customer Spotlight

4CONFIDENTIAL



bution

Modern Security Requirements

5



bution

The Old World

6



bution

The New World

7

Private

Clouds

Virtualized Compute, Storage, Networking, Security

Hybrid

Clouds

Infrastructure

Devices

Apps

Traditional Apps Cloud-Native Apps SaaS Apps

Typical App Connects

to 7 Cloud Services

Public

CloudsVMworld 2017 Content: N

ot for publicatio

n or distribution

8

Securing Interactions is Increasingly Complex

We have a large and growing surface

area that needs to be securedVMworld 2017 Content: N

ot for publicatio

n or distribution

9

Why Your Security Team is Concerned

250% INCREASE

34% REPORTED

56% INCREASE

RANSOMWARE ATTACKSincrease in 2017

INTELLECTUAL PROPERTYtheft in 2015

EMPLOYEEScited as source of compromise in 2015



bution

VMware’s Approach to Security

TRANSFORM SECURITY

New apps and

delivery models can’t

be easily protected

with perimeter-

centric network

security.

Proliferating and

diverse endpoints

access a range of

apps and IT services.

Increasingly complex

threat ecosystem

and slow to identify

non-compliance.

Secure Applications

and DataProtect Identity

and Endpoints

Streamline

Compliance

Intrinsic Security from Device to Data Center

10



bution

The whole IT Security journey

Federated Identity,

Biometric, Two-Factor

Authentication

11

Endpoint Security, DLP,

App Scanning, Malware

Detection

Per App VPN, Intelligent

Networking, Network

Scanning and Security

Conditional Access,

Secure App Token SSO,

Threat Analytics

Secure OS, Secure

Hypervisor, Secure Data

at Rest/Transit

Same Security and

Policies work for Public,

Private, Hybrid Clouds

Self-Encrypt Drives, Analyze

Environment for Anomalies

Audit Logs for All

Infrastructure

Components

Secure micro VPN, Limited

Cyber Attack Footprint,

Threat Analytics

Audit Network

and Data Center

Traffic

Sandbox Data Center Application, Limit Cyber

Attack Vector



bution

Securing your Windows 10 Deployments

12



bution

Traditional PC ManagementFalls short for your modern security demands

© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution

Compromised SecuritySlow to identify non-compliance

Data ProliferationNew ownership models; cloud apps / services


Modern WorkforceIncreasingly mobile and off-network

Limited VisibilityPolicies and updates pending

Tra

dit

ion

al

Syste

ms M

an

ag

em

en

t

OS UpdateServers (WSUS)

Software Distribution

Servers

GPO PolicyServers

(AD)



bution

Unified Endpoint ManagementEnables a modern approach to Windows security


Security Across NetworksBacked by a powerful compliance engine

Data Loss PreventionProtect data at rest, in use, in transit


Modern ITInstant, cloud-based management

Real-time VisibilityPolicy and updates in seconds, not months

Un

ifie

d E

nd

po

int

Man

ag

em

en

t

Store B

Configuration, Apps,

Updates, Security



bution

Ensure desired OS state with

over the air configuration of

hardware and OS

Harden OS with real-time device

and OS health data; block access

for compromised endpoints

Protect Identity and Endpoints

15

Safeguard user identities and endpoints

Establish user trust with new

identity features; multifactor

authentication based on context

Across any user, application and device



bution

Secure access to any app with

context of identity, endpoint and

app interactions

Secure Apps and Data

16

Gain transformative insights into application infrastructure

Across any app, app type, and location

Lock down access to un-

approved and un-trusted apps

and malware

Protect data with encryption,

native DLP, per-app tunneling,

and traffic filtering

Remote wipe company data from

admin console or self-service

portal



bution

#VMworld #SIE3197BE



bution



bution

#VMworld #SIE3197BE



bution



bution

Office 365

CONFIDENTIAL21



bution

Managing and Securing Office 365

TRANSFORM SECURITY

Traditional access

control methods

based on network and

perimeter security are

no longer useful.

Today’s evolving

workforce requires a

new identity and

user trust model.

Mobile and BYOD

adoption present new

data security

challenges.

Conditional

AccessSimplified

Authentication

Data Loss

Prevention

Providing Holistic Support for Office 365

22



bution

Federated Identity and SSO

23

Ensure Single Version of Truth

Works across Office 365 and all

other app investments

Integrates with existing identity

solutions

Automatic SSO based on native

OS APIs, certificates and

Kerberos authentication

Password-less authentication for

Modern Authentication clients



bution

Workspace ONE Conditional Access

24

AUTHENTICATION

MODULE

DEVICE

POSTURE

USER

AUTH

APP SERVICE

Workspace ONE

Managed Jail Broken

DEVICE COMPLIANCE

OS

3rd PartyMSA | Malware | Trust

LocationBlacklist

Apps

IDENTITY CONTEXT

Authentication

Provider

Network

Scope

Authentication

Strength

Session

Time

Per

Application

Remote Apps | Web Apps | Native Apps



bution

Conditional Access For Office 365

25

OWA

Modern Auth.

Clients

Browser

Client App

Active Sync & Legacy Clients

Client App

Conditional

Access

Policy



bution

Conditional Access Example:Restrict Office 365 Access to Managed and Compliant Devices Only

26

X

Access Denied

✔Access Granted

SSO to Apps

✔

Unmanaged

VMware Identity

Manager Validates

User Identity

Managed by AirWatch



bution

Intune MAM

Intune MDM

Data Loss Prevention Controls for Office 365

27

Office 365 App Settings

Copy / Paste Blocking

Workspace ONE

App-level PIN / Passcode

DLP Settings (save data in personal OneDrive)

OS MAM Settings

Open-with controls

SSO, remote wipe

Graph API

Configure Intune DLP policies from Workspace ONE console



bution

#VMworld #SIE3197BE



bution



bution

DB Systel Deutsche Bahn's digitalisation partner

30

DB Systel takes an integrative and value-enhancing approach to its work for the Group.

• 3,600 employees

• Revenues: 838 Million (2016)

• It offers a range of solutions and consulting services that are holistic and customer-specific.

• They meet the highest IT standards and make use of innovative developments in the sector.

• DB Systel combines this expertise with its outstanding knowledge of the rail sector and IT

industry.

• It is a business partner that always takes the long view of a project and follows supplier-neutral

strategies as it works towards the collective goals that everyone at DB AG shares.



bution

DB Systel services all kind of workspaces

Office worker(Mobile Mail)

31

Train driver(Rail in Motion)

Maintenance worker(e.g. Puma)



bution

• implemented SSO for mobile

• 2 factor authentication of

device during rollin

• per app VPN

Transform

Security

• moved from MDM to Airwatch

EMM in 2015

• migration of 30,000 devices

up to 700 per day

• currently serving 75,000

throughout Europe

(iOS, Android)

32

Empower

Digital

Workspaces

What we have achieved so far



bution

33

Modernize

Data

Centers

Integrate

Public

Clouds

Empower

Digital

Workspaces

Transform

Security

DB Systel current challenges

• DB Systel is moving all kind of workloads into cloud services like AWS

oder SaaS

• The own datacenter will be sold

• O365 is being implemented as hybrid cloud service replacing Lotus

Notes email infrastructure as well as other products e.g. storage

• move from EMM to UEM (Unified Endpoint Management)

• gain market share within the imaged desktop environment currently 90k

Desktops with our basic Workplace (Win10, Mac)

• SSO

• 2 factor authentication of device during rollin

• per app VPN



bution

Ways to Learn More

Sessions

• UEM1359BE - Best Practices in Migrating Windows 7 to Windows 10 – 13/09 5.00 PM

• SAAM2291BE - Securing Access and Protecting Information in Office 365 with Workspace ONE 13/09 12 PM

Content

• www.vmware.com/it-priorities/transform-security

• www.airwatch.com/solutions/windows

Hands-on Labs

• Stop by our hands on labs at VMworld

• https://www.vmware.com/try-vmware/try-hands-on-labs.html

ASK THE EXPERTS

34



bution

http://www.vmware.com/it-priorities/transform-security

http://www.airwatch.com/solutions/windows

https://www.vmware.com/try-vmware/try-hands-on-labs.html

Questions?

35



bution



bution

sie3197be secure your windows 10 and office 365 or distribution · 2019-06-27 · mate barany,...

Documents