IBM Security MaaS360

 View Only

  • 1.  Use MaaS360 with IBM Verse for staff's own mobile devices to increase security

    Posted Tue February 26, 2019 10:36 PM

    My company is going to allow all staff to install IBM Verse (to access work email in company's IBM Notes Traveler Server) on their own mobile devices. Before that mobile device management must be implemented to increase security.

    MaaS360 is one of the considerations for mobile device management. We are evaluating it to our environment, and having some quires:

    As per "IBM MaaS360 Mobile Device Management (MDM) Installation Guide Version 2, Release 2', devices can be managed by an agent installed on the device or through platform-specific management tools. We prefer the latter solution that devices will be managed through platform management tools using the IBM MaaS360 Cloud Extender, meaning NO agent (the IBM MaaS360 MDM apps) will be installed on staff's own mobile devices. (we would like to avoid installation of any additional apps on their own mobile devices)

    Nevertheless, as per https://www-10.lotus.com/ldd/dominowiki.nsf/dx/Using_MaaS360_with_IBM_Verse_for_Android_devices", "MaaS360 MDM for Android v5.0 application, and/or MaaS360 MDM for Samsung v5.0 application" is a minimum requirement for using MaaS360 with IBM Verse for mobile devices. That means an agent inevitably has to be installed, even though IBM MaaS360 Cloud Extender is installed?

    Or put it this way, for IBM Verse application for mobile device to be managed by MaaS360 Mobile Device Management, the following 3 main components are sufficient? (without the MaaS36 agent to be installed on staff mobile device) 1) IBM Verse application on staff mobile device, 2) IBM MaaS360 Cloud Extender in corporate network/DMZ, 3) IBM MaaS360 Virtual Appliance in corporate network/DMZ



    ------------------------------
    kelvin chan
    ------------------------------


  • 2.  RE: Use MaaS360 with IBM Verse for staff's own mobile devices to increase security

    Posted Wed February 27, 2019 03:52 AM
    Hi Kelvin,

    In my opinion, if you want to secure the company's data, you should use the MDM app.
    As you're working with the owner's the devices, you should make them aware that they are accessing company data on their personal device and that it's not more than normal to secure it.
    On the other hand, you should create a BYOD policy which protects the company's data, but doesn't touch any other aspect of the users' devices.
    Also think about the users' privacy and disable Maas360 localisation and eventual other things that might disturb users.
    Afterwards, you create a document which briefly, but clearly explains what the MDM does on their device, which you hand to the users so they can understand all what's going on.
    If some do not agree... then that's their problem and they don't have to ask to use the company's mail on their device...

    With the Verse app only, you can do some securisation using a Traveler policy, but potentially not enough for your security matters.

    Hope this helps you choosing.

    ------------------------------
    Thibaud Maes
    ------------------------------

    Original Message


  • 3.  RE: Use MaaS360 with IBM Verse for staff's own mobile devices to increase security

    Posted Wed February 27, 2019 04:01 AM
    Hi Kelvin
    There is a specific configuration that will possibly map to your use case, it's called "SPS Activation" where instead of MDM enrollment you only install the required applications and push functionality this way. 
    Advantages: no MDM (Device Admin) control - only install the required applications
    Disadvantages: prevents you from controlling devices based on OS version, presence of Root / Jailbreak / Malware etc. 
    The detail for this setup is discussed in this document: https://www.ibm.com/developerworks/community/forums/html/topic?id=dfe74bdf-c8bf-4bba-8bc6-c75be9887cd6&ps=25

    ------------------------------
    Eamonn O'Mahony
    Technical Account Manager
    IBM Ireland
    Mulhuddart
    ------------------------------

    Original Message


  • 4.  RE: Use MaaS360 with IBM Verse for staff's own mobile devices to increase security

    Posted Mon March 04, 2019 05:10 AM
    Hi Kevin,

    in order to define the best architecture, it would be beneficial to understand the security settings you would like to apply to the Verse app. In general though the MaaS360 app is required on Android to provide the required level of security as describe in the Traveler link you posted.
    The MaaS360 Cloud Extender is an on-prem component which offers a wide set of modules, one of which is the Traveler integration: https://www.ibm.com/support/knowledgecenter/SS8H2S/com.ibm.mc.doc/ce_source/references/ce_traveler_settings.html
    This modules provides visibility of all ActiveSync devices connected to the email system and offers methods to control these connections.
    In general, in order to allow this kind of controls, the device must be enrolled in MaaS360, hence the MaaS360 app is installed on the device.



    ------------------------------
    Francesco Censi
    IBM
    roma
    ------------------------------

    Original Message