SAN FRANCISCO – Controlling access to corporate apps in the cloud is a tricky business. Regular old firewalls don’t do the job, but IT still needs a way to secure business apps like Office365 on mobile devices.
With AirWatch by VMware, IT can deploy and manage Office365 apps on BYOD and corporate-owned mobile devices. Even though IT doesn’t own users’ personal devices, admins need to somehow lock down apps so if users don’t have a password on their device, corporate content is encrypted, said Kevin Jones, professional services and support manager for AirWatch at VMware, in a session here at VMworld this week.
Using AirWatch enterprise mobility management to streamline Office365 app deployment is also a plus for users, Jones said.
“They don’t have to call into IT to get their device provisioned,” he said. “It keeps users happy and productive.”
Kevin JonesProfessional services and support manager for AirWatch at VMware
With AirWatch, IT can push Office365 apps directly to approved devices, or it can allow users to pick and choose apps from the AirWatch App Catalog, an app deployment platform that integrates with public apps stores such as Apple’s App Store or Google Play. In the session, attendees learned about the three key ways AirWatch provides security, ease of deployment and management for Office365 applications on mobile.
Authentication and secure SSO
To regulate access to Office365 applications, AirWatch federates existing on-premises corporate identities using AirWatch Identity Manager, which takes over for Active Directory or other SAML providers that federate information. AirWatch then stores that information in Identity Manager so can IT can better identify who is accessing Office365 and set up specific access policies.
AirWatch also uses certificate-based authentication, which makes access control easier for IT and satisfies the users, who aren’t required to have a user name and password. Certificates also provide another point for IT to revoke Office365 application access from users.
“You’ve got usability on one side and security on the other side,” Jones said.
AirWatch also now includes single sign-on, which IT can automate for Web and native apps, he said.
“If you’re on a mobile device, single sign-on is one of the biggest demands we see from users,” Jones said.
Conditional access to authorized users and devices
Admins can configure AirWatch to only allow access to Office365 applications for certain devices and/or users – i.e. compliant and managed devices that IT approves. IT can set policies for Identity Manager to deny jailbroken or rooted devices, for instance. Admins can even set rules for authentication based on how the user connects, for example, with different password rules for whether a user connects from an Android device versus a PC.
With Exchange Online integration, IT can also blacklist or whitelist users based on security policies. For instance, IT could block email access for employees not enrolled in AirWatch.
Containerization to protect Office365 data
Finally, AirWatch containerizes Office365 applications on users’ devices to prevent data loss. It integrates with native device platform controls to isolate the apps, for example using iOS or Android native containerization capabilities. In Windows, IT can secure Office365 applications by preventing data sharing between business and personal apps through copy-paste restrictions.
Other security measures include data encryption directly on the device and DLP protection. IT can also set rules for where users can open content, such as only permitting them to open email attachments in the Office suite. That way, users can’t open corporate documents in a personal application, putting business data at risk.
AirWatch gets single-sign on app access
College puts AirWatch to work
How to integrate AirWatch