Learn how organizations in different industries are protecting their mobile apps, streamlining app management, and satisfying compliance with virtual mobile infrastructure.

1. Solving BYOD Security:
Real-World Use Cases

2. BYOD Security with Virtual Mobile
Infrastructure
VMI is a service that streams mobile apps
hosted in a data center or the cloud
 VMI is like Virtual Desktop
Infrastructure (VDI) for Android
 VMI offers secure access to
mobile apps from any
device or location

3. Remote
Access
Healthcare
Virtual Mobile Infrastructure
Use Cases
Banking
Manufacturing
Field
Employees
Service
Providers

4. Healthcare Use Cases
 Hospitals
 Pharmacies
 Healthcare Insurance

5. Challenge
 SierraVMI securely streams
healthcare providers medical apps
 Data is never downloaded to mobile
devices
 All apps support multi-factor
authentication, strong encryption &
single sign-on
Use Case: Healthcare Provider
SierraVMI Solution
 Simplified IT by integrating authentication, auditing, and access controls
– Replaced multiple vendors with a single, integrated mobile security solution
 Protected EHR, messaging, email, notes and camera apps that could not be
wrapped with MAM
Benefits
 Had to address HIPAA and EPCS
(Electronic Prescriptions) compliance
 Doctors wanted to access medical
data from their phones
 Several apps were “non-compliant”
– Medical data was stored on phones
– Lacked dual-factor authentication for
e-prescriptions

6. Healthcare Compliance
HIPAA: Health Insurance Portability and Accountability Act
EPCS: Electronic Prescriptions for Controlled Substances
 164.312 (B): Audit controls. Implement hardware, software, and/or
procedural mechanisms that record and examine activity.
 164.312 (D): Authentication: verify that a person or entity seeking access to
electronic protected health information is the one claimed.

 “Single-factor authentication is insufficient to ensure that a practitioner will
not be able to repudiate a prescription he signed”
 eRx applications must maintain an internal audit trail that records
prescriptions


7. Transmission
Security
Person or
Entity
Authentication
Audit ControlAccess Control Integrity
5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Monitors all
activity,
including text
messaging &
email apps
Integrated
dual-factor
auth including
client certs
and one-time
passwords
Strong
encryption to
prevent Wi-Fi
and Man-in-
the-Middle
attacks
Centralized,
granular
access control
for all
healthcare
mobile apps
Secure,
centralized
storage to
prevent
accidental
deletion or
alteration
of PHI
SierraVMI Addresses 5 Pillars of Healthcare Security

8. SierraVMI Protects Medical Apps
Securely store patient
photos in the data
center, not on phones
Enforce dual-factor
authentication for all
apps
Use screen recording
or logging to audit
text messages
Maintain an audit trail
of all e-prescriptions
Ensure ePHI notes
are never stored on
phones
Watermark sensitive
healthcare records to
prevent disclosure
Rx
Messaging

9. Banking and Finance
Use Case

10. Challenge
 For FFIEC compliance, a bank had to:
– Monitor network and host activity to
identify violations and anomalies
– Enforce out-of-band authentication
 The bank worried about :
– Keyloggers and malware on phones
– Wi-Fi and Man-in-the-Middle attacks
 SierraVMI prevents data from being
downloaded to phones
 One-time passwords provide out-of-
band authentication
 IT can log and screen record remote
access and privileged activity
 IT can scan Android and apps for
vulnerabilities with server-grade tools
Use Case: Bank
SierraVMI Solution
 Reduced the risk of costly data breaches due to device theft or insider abuse
 Improved business agility because new apps could be released faster, without
cumbersome MAM integration
 Satisfied FFIEC requirements with a single, centrally managed solution
Benefits

11. Employees at
Chicago branch
Authentication
Server
4096-bit ECDHE
Encryption
Malware
Scanner
Firewall
User Data
Protected with
Encryption
SierraVMI
Server
Internet
Multi-factor
Authentication
+
SierraVMI Deployment for Bank
Traders in NY
High-net-worth
bankers in SF
Logs, screen
recording
Virtual Mobile
Workspaces

12. Privileged user monitoring for banks
 Detailed logging for compliance
– FFIEC Remote Access requirements
 Screen recording for forensics
 Legal notification warns users that activity
will be recorded

13. Banking Regulations
FFIEC: Federal Financial Institutions Examination Council
MAS: Monetary Authority of Singapore Threat Risk Management
 Where…single-factor authentication is inadequate, financial institutions
should implement multifactor authentication, layered security, or other
controls.
 Appendix E2: As part of the two-factor authentication infrastructure, the FI
should implement adequate controls and security measures to minimise
exposure to MitM attacks.
GLBA: Gramm-Leach-Bliley Act
 Section 501(b) 3) Financial Institutions…should protect against unauthorized
access to or use of customer records or information

14. Manufacturing Use
Case

15. Challenge
 Manufacturer had developed training,
messaging and productivity apps
– Required client certs to prevent
unauthorized access to all apps
– Needed to publish assembly
instruction and training videos with
contractors and suppliers
 An employee had recently leaked
product plans to a competitor
 SierraVMI secures the manufacturer’s
mobile apps by:
– Requiring client certs for all apps
– Providing secure access to
contractors and suppliers
– Applying anti-screen capture and
watermarking on sensitive files
– Securely distributing training videos
Use Case: Manufacturing
SierraVMI Solution
 Reduced the risk of a data breach by applying stringent security to all apps
– Improved visibility into mobile access with security alerts and detailed logging
 Increased productivity by sharing assembly instructions with employees & partners
Benefits

16. Extend Access to All Users
Office Workers Partners
Assembly Floor
2. Securely share
plans, logistics
& forecasts
with partners
1. Stream videos using
multimedia redirection
with watermarking &
anti-screen capture
3. Authenticate all
users with client
certificates

17. Field Employee Use Case
 Insurance
 Real Estate
 Power and Utility

18. Challenge
 Companies with field workers need to:
– Prevent data loss from lost devices
– Print invoices, take pictures of
accidents, tag activity with GPS
– Prevent data tampering of photos
and other records
 Utility meter readers, claims adjusters
 No data stored on device; lost
devices can be disabled instantly
 Apps can use all device features,
including camera, GPS, Bluetooth
printers
 Sensitive content like photos cannot
be saved or modified by users
 Rules based on location, time-of-day
Use Case: Field Employees
SierraVMI Solution
 Minimize upgrade cycles of hardware by streaming new apps to older devices
 Lower capital costs by allowing employees and partners to bring their own devices
 Reduce costly fraud by preventing users from modifying sensitive content
Benefits

19. Life Cycle Management
 Field sales constantly need to
replace old, broken and lost devices
 SierraVMI accelerates deployment of new devices
– IT doesn’t need to worry about device or OS compatibility
 SierraVMI lowers hardware costs
– Minimizes hardware inventory
– Supports low-cost platforms, when needed
– Enables employees to buy their own devices

20. Stop Network & Man-in-the-Middle Attacks
 Protect against malicious Wi-Fi and micro cell
towers with:
– End-to-end 4096-bit SSL encryption
– Multi-factor authentication
 Low TCO:
– Eliminate the need for multiple solutions like MDM,
MAM and VPN and costly mobile app changes

21. SierraVMI Protects Field Apps
Audio streamed to
secure VMI client
Videos streamed
to integrated VMI
media player
Camera photos
stored in data
center, not phone
Microphone
recordings stored
in data center
Secure printing to
local printer
Secure GPS

22. Remote Access
Use Case

23. Challenge
 Delivers a secure mobile workspace
for business apps
– Policies can stop users from copying
sensitive data or saving contact lists
– Watermarking and anti-screen capture
prevent data loss
 Supports all Android apps without
costly integration
Use Case: Remote Access
SierraVMI Solution
 Prevents costly data breaches caused by lost mobile devices or by users
intentionally or accidentally distributing confidential data
 Improves business agility because companies can publish new corporate apps
more quickly to all devices without MAM integration or iOS/Windows porting
 Satisfies various compliance requirements with multi-factor auth and encryption
Benefits
 Provide secure remote access to email,
Intranet sites, and corporate apps
 Unfortunately:
– MDM doesn’t isolate business from
personal data or prevent insider abuse
– MAM requires costs app integration and
doesn’t most third-party apps

24. Remote Users
Collaboration
Server
4096-bit ECDHE
Encryption
Virus or Malware
Scanner
Firewall
User Data Protected
with Encryption
SierraVMI
Server
Virtual Mobile
Workspaces
Internet
Multi-factor Authentication
+
Secure and Simplify Remote Access
Office
Suite
Video
Conference
Office
Suite
Video
Conference
Office
Suite
Video
Conference
Office
Suite
Video
Conference
SharePoint
Server
Exchange
Server

25. Service Provider
Use Case

26. Challenge
 Carriers need to bundle security
solutions with their business offerings
– Business customers expect end-to-end
solutions for their mobile fleets
 Existing EMM products are inadequate
– MDM deemed intrusive for BYOD users
– MAM only supports a handful of apps
 Streams apps from a data center,
preventing data loss caused by lost
or stolen phones
– Provides multi-factor auth, anti-screen
capture, user monitoring, watermarking
 Can secure 1M+ apps, unlike MAM
 Is easy-to-manage and scalable
Use Case: Service Providers
SierraVMI Solution
 Provides a new revenue stream for mobile carriers based on an innovative &
differentiated security service that can be white-labeled under the carrier’s brand
 Offers fast integration with carriers’ management infrastructure using RESTful APIs
 Eliminates MAM/app wrapping headaches and lowers support costs compared to
traditional mobile security options
Benefits

27. Wireless
Carrier
Firewall
Mobile Carrier Deployment
Carrier
Billing
System
SierraVMI
 Easy deployment with integrated high availability
 Integration with enterprises’ and service providers’ existing
authentication, directory services, and management systems
– Granular user, group and domain-level policies
Business Partner
Remote User
Internal User
Email
Partner
App
CRM
App
VPN
Authentication Servers
and Corporate Data
Enterprise
XML APIs

28. Why Enterprises Like SierraVMI
 One product for all mobile security and compliance
requirements
– Data protection: Data is never downloaded to devices
– Data leak prevention: Anti-screen capture, watermarking
– Compliance auditing: Logging and screen recording
– Authentication: One-time passwords, client certs, tokens
 Cost-effective
 Fast deployment time
 Doesn’t require changes to apps

29. Why Service Providers Like SierraVMI
 Scalability
– High-user density lowers hardware costs
– Multi-tenancy
 Easy integration with billing & management systems
– RESTful XML-based APIs
 Integrated high-availability architecture
 White labeling options
– Sell differentiated services under the carrier brand

30. Compliance: Ensure privacy and
prevent data loss
Security: Strong authentication,
4096-bit encryption
Scalability: High user density, high
performance
Reasons Why You Should Deploy SierraVMI

31. www.sierraware.com
See a live demo
Click now to
view SierraVMI