Cisco Systems MaaS360 manual Corporate Data, Data at-Rest

Page 32

Figure 25 Maas360 Applcation

Corporate Data

Fiberlink MaaS360 and ISE can work closely together to create a comprehensive approach to managing corporate data. This is generally known as data loss prevention (DLP). Data comes in two forms, at-rest and in-flight. Data at-rest is stored directly the mobile device and data in-flight is the movement of data. This can be extended to include moving data between two storage containers on the same device.

Data at-Rest

Android and Apple handle stored data differently. Android has an open file structure that allows content to be shared between applications. This creates a tight and integrated environment. Many Android devices also support external and removable storage in the form of SD Cards. iOS creates a storage environment for each application. When an application is deleted, the partition holding that application’s data is also removed.

Data in-Flight

Sharing data between applications is fairly common. Built-in system applications like Contacts can share their information. With Apple devices, the data is passed through the owning application. Apple iOS now provides privacy settings to control access to system data stores. The common thread with both Android and Apple is tight application integration. This functionality presents challenges when trying to contain data. Fiberlink MaaS360 allows administrators to set policies to restrict data backup to cloud, enforce compliance check (Android), and enforce authentication (Android).

Moving corporate data to and from the device is also concern. The most common tool is email attachments, although cloud storage services, such as Dropbox, are also a concern. Fiberlink MaaS360 can blacklist these types of applications. This is most appropriate on corporate devices. ISE can deploy per-user ACL through the Wireless LAN Controller to enforce this policy at the network level for both corporate and personal devices.

Through Fiberlink MaaS360 Cloud Extender, administrators can securely integrate with all major email, calendaring, and contacts platforms including Exchange, Lotus Notes, Gmail, and Microsoft’s Office

365.The Cloud Extender performs a number of functions to provide visibility and management of ActiveSync connected devices, including:

32Integrating Fiberlink MaaS360 with Cisco Identity Services Engine

Page 31 Page 33
Image 32
Page 31 Page 33
Contents Revised August 6 Page Page Fiberlink MaaS360 Capabilities and Features OverviewCapability Features Fiberlink MaaS360-Key Capabilities Deployment Models Getting Fiberlink MaaS360 Ready for ISE Import MDM Certificate to ISEExporting the MDM Site Certificate with Internet Explorer Grant ISE Access to the Fiberlink MaaS360 API Manage Administrator Account Add Account Add MDM Server to ISE Configure the MDM API on ISE Verify Connectivity to MDM Message ExplanationReview MDM Dictionaries Enterprise Integration DMZFiberlink MaaS360 Cloud Extender Download Cloud Extender Installation Wizard Active Directory/LDAP Integration AD Group MembershipsOwnership User Group Restrictions MDM Profiles Create Policies Shows the flow of this process Mobile Client Application-Fiberlink MaaS360 Agent MDM APNS/GCNDevice Ownership User Experience MDM On-boardingMDM Enrollment MDM Enrollment-Terms of Acceptance Enterprise Application Store Pass Code ComplexityInstallation of Maas360 Application Corporate Data Data at-RestCorporate Wipe Forced CoA from ISEISE Compliance versus MDM Compliance Verify Device ComplianceEnd User Portal Action Type Options Device Compliance/Restrictions Device Scanning IntervalsPINLockStatus Manually Updating the MDM ServerRegisterStatus Manage Lost/Stolen DevicesJailbroken or Rooted devices Application Distribution Cisco Applications Jabber, etc Conclusion Disclaimer
Top Page Image Contents