IBM MaaS360 is a SaaS Unified Endpoint Management (UEM) solution offered by IBM that manages and protects any existing endpoint including laptops, desktops, mobile devices and apps, wearables, IoT and purpose built devices and allow protected, low risk access to company resources. IBM Security MaaS360 with Watson[1] integrates[2] with current security platforms owned by different companies. It’s AI powered analytics removes friction by reducing actions required from the device user.

IBM MaaS360 Logo
MaaS 360
Developer(s)IBM
Initial release2 June 1991; 33 years ago (1991-06-02)
Operating systemiOS, macOS, iPadOS, Android, Microsoft Windows, ChromeOS
PlatformCross-platform
TypeUnified Endpoint Management(UEM
Enterprise Mobile Management (EMM)
Mobile Device Management (MDM)
LicenseSubscription per managed client device per month
Websitewww.ibm.com/products/maas360

Some of the main capabilities of the product include complete UEM with coverage across all endpoints including laptops, desktops, mobile devices and purpose built devices. 

MaaS360 also enables co-existence[2] with traditional client management tools (CMT) for laptops/desktops and its platform provides integration[2] with leading IT systems, eliminating the need add-on investments. From a security point of view, MaaS360 is noted to provide unified security for major operating system such as Apple iOS, macOS, iPadOS, Google Android, and Microsoft Windows.

During September 2022, the MaaS360 team has announced enhanced threat management capabilities that can detect and automate response and remediation on across essentially all apps and devices, with the purpose to provide expanded security detection, prevention, and response.

History

edit

MaaS360 was first developed by Fiberlink Communications. Fiberlink Communications was started in 1991.[3][4] The company was known for managing laptops in the cloud until developing MaaS360. In 2013,[5][6] IBM bought Fiberlink for $375 million.[7] This allowed IBM to integrate a Mobile Device Management solution into their IBM MobileFirst product line[8]

Technology

edit

MaaS360[9] was originally offered only as a Cloud-Hosted solution. Since IBM MaaS360 uses a Software-as-a-Service (SaaS) model, the software resides on IBM's BlueMix cloud platform. It has multi-tenancy allowing for all types of businesses and organizations to use the software from their web based login portal. MaaS360 has a "cloud extender" plugin allowing a corporate Active Directory server to integrate all of a user's normal login credentials. The MaaS360 SaaS architecture is cloud-based and the MaaS360 portal is managed by one of four IBM data centers.

The MaaS360 Portal supports portal administration functions, device management, software distributions, policy self-service, and device compliance functions.

Users can select the MaaS360 features that address the relevant security and productivity requirements for Apps and content, people and identity, and devices and things.

Endpoint management with SaaS architecture

edit
  • MaaS360 can integrate devices with the user’s cloud-based and on-premises resources (eg. Microsoft 365, Microsoft Azure, Azure AD, Box, File Systems, Web services, network/intranet etc.)
  • For integration with corporate resources that are behind the firewall, the users can install an optional module called Cloud Extender
  • The Cloud Extender provides integration with corporate resources to provide seamless integration that unifies the management and security of enterprise devices.
  • If the users implement a cloud-to-cloud integration, Cloud Extender is not necessary.

Container architecture

edit
  • Available for iOS, Android, Microsoft Windows, and macOS
  • Delivered through the MaaS360 app, includes a workplace container for managed mobile devices and a collection of collaborative apps, separating personal and enterprise data
  • Manages device activation, enrollment, policy settings, and updates. It also controls app enablement, single sign-on (SSO), and other settings.
  • Regular app design that includes a launcher icon and a directory structure on the system drive. The MaaS360 API enables the container features for each collaborative app.

Endpoint and mobile security

edit
  • Device management: over-the-air (OTA) configuration of devices, visibility of endpoints across the enterprise, and compliance with security and network policies for iOS, Android, Microsoft Windows, and macOS. MaaS360 integrates with TeamViewer to provide remote support to managed devices from the MaaS360 Portal.
  • Self-service enrollment and email integration: manages email, attachments, calendar and contacts, restricts the ability to forward or move content to other applications or cut/copy/paste. It is FIPS 140-2 compliant and AES-256 bit encrypted
  • Resource and identity access: Cloud Extender module integrations with behind-the-firewall systems, Single Sign-On (SSO) with Conditional access to the cloud resources, cloud-to-cloud deployment with G Suite and Microsoft Azure
  • Application management and security: Mobile Application Management technology to distribute and manage both public and company specific apps to users and user groups, MaaS360 app catalog to administer the Apple Volume Purchase Program (VPP) and track application installations, SDK wrapping to enforce security controls
  • Secure content: Mobile Content Management can be used to create and distribute a company specific content library to managed devices and also integrates with Windows file shares, SharePoint, and CMIS (Content Management Interoperability Services) compatible document repositories. Public content repositories such as Box, Microsoft OneDrive, and Google Docs are also supported
  • Threat management: MaaS360 offers built-in threat management with detections such as SMS and Email Phishing, Excess App Permissions (Android), Microsoft Windows and Mac User/Privilege Detections and a consolidated policy and response framework. Security dashboards, integration with SIEM/SOAR and mobile threat telemetry are also included

Deployment scenarios

edit

BYOD: BYOD, or bring your own device, encourages the use of personal devices (smartphones, tablets, laptops, and wearables) to access company data from anywhere.

Corporate owned:

  • Separate work profile
  • Fully managed
  • Supervised

Kiosk/Single use:

  • Corporate Owned, Single Use (COSU)
  • These devices might be customer facing (check-in device) or employee facing (inventory scanner)
  • Used extensively in multiple industries, which include supply chain and logistics, manufacturing, transportation, hospitality, healthcare, retail, etc.

Enrollment programs

edit

Self enrollment

iOS:

  • Apple Configurator
  • Apple Automated Device Enrollment (DEP)

Android Enterprise:

  • QR code
  • Zero-touch

Microsoft Windows:

  • Out-Of-Box Experience (OOBE)
  • Autopilot
  • Win 10/11 Bulk provisioning
  • Client Management Tools (CMT) coexistence

Samsung KME

Authentication methods

edit

Active Directory (AD)/ Lightweight Directory Access Protocol (LDAP):

  • MaaS360 Cloud Extender
  • Azure AD

Local users passcodes

One-time passcode

Secure authentication:

Supported versions and system requirements

edit
  • Android 5+ (up to Q4 2022)
  • iOS 10+
  • Windows 10+ (Edu, Ent, Pro, Home)
  • MacOS 10.10+
  • Administrator console supported on browsers: Chrome, Firefox, Safari, Opera, Edge, Internet Explorer

References

edit
  1. ^ "IBM Security MaaS360 with Watson". IBM Security. 27 January 2023. Retrieved 27 January 2023.
  2. ^ a b c "IBM MaaS360 integrations". IBM MaaS360 integrations. 27 January 2023. Retrieved 27 January 2023.
  3. ^ Heary, Jamey (30 December 2012). "Mobile Device Management Spotlight: Fiberlink MaaS360". Network World. Retrieved 2 July 2017.
  4. ^ Dheap, Vijay (27 January 2023). "IBM to Acquire Fiberlink: What It Means for Mobile Security". Security Intelligence. Retrieved 27 January 2023.
  5. ^ DiStefano, Joseph. "IBM buys Fiberlink for $375 million (Update)". Philly.com. Philadelphia Media Network (Digital), LLC. Retrieved 2 July 2017.
  6. ^ "IBM Mobile security solutions". IBM Mobile. 27 January 2023. Retrieved 27 January 2023.
  7. ^ "IBM Unified Endpoint Management". IBM Unified Endpoint Management. 27 January 2023. Retrieved 27 January 2023.