View
221
Download
0
Embed Size (px)
Citation preview
7/27/2019 Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White
1/9
Back to the Future:
Securing your Unwired EnterpriseBy Manoj Kumar Kunta, Global Practice Leader - Security
Innovapptive Technology Thought Leadership - Whitepaper
7/27/2019 Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White
2/9
Back to the Future: Securing your Unwired Enterprise
The advent of smartphones and tablets has paved the path for the world to be
more interconnected, intelligent and integrated. This ability to consume informa-
tion anywhere and anytime is driving a dramatic behavioral change in the way
people live, work and stay connected. Recognizing this dramatic change in consum-
er behavior, enterprises have rapidly started to adopt smartphones and tablets as
work tools, joining existing laptops and desktops. The use of mobile devices in anenterprise is no longer a choice, but an imperative and is expected to see an
explosive growth over the next few years.
Over the years, Blackberry has been the pre-dominant mobile device for execu-
tives to manage their voice, emails and promote eective communications. The
ground breaking invention of the iPhone, iPads from Apple, and quickly followed
by Android smartphones and tablets have created a broader consumer appeal.
These mobile devices have an improved hardware performance, a more robust
platform feature set and increased communication bandwidth, expanding their
capabilities beyond voice and email. As a result, these smart mobile devices areproviding enterprises the ground to conduct their businesses new and innovative
ways by consuming and processing information anywhere and anytime.
As a result, enterprises are seizing every mobile opportunity to optimize their
processes, increase productivity and drive an increase in overall corporate wide
protability. This opportunity to increase overall protability by increased access to
enterprise systems can also bring an increased security risk to the organization.
This white paper explores how companies can safely introduce employee, or
corporate-owned mobile devices and applications into the workplace, identify the
risks inherent in their broader access to corporate data, and recommendations on
mitigating these risks to derive enhanced business value.
Introducing corporate owned mobile devices or rolling out a bring-your-own-de-
vice (BYOD) policy for your enterprise comes with a bag full of benets, challenges
and risks. Enterprises are motivating their employees to stay connected to the
corporate network, because they tend to :
Improve employee productivity and satisfaction
Mobile devices and enterprise applications can give employees ability to consume
or process corporate resources to enable continuous collaboration with colleagues
and business partners. Employees are now able to access productivity apps
on-to-go to complete universal approvals, travel and expense reports, and time
entry, leave requests, analytics or look up a customer or vendor.
Trade-o between Mobility Benets and Risks
2
7/27/2019 Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White
3/9
Innovapptive Technology Thought Leadership - Whitepaper
Optimize and innovate new processes
Employees whose job functions demand them to be on-the-go no longer need to
re up their laptop to access business critical information. The ability to eectively
use mobile device features such as push notications are introducing brand new
processes to drive a proactive and timely action to derive enhanced business value.
Sales employees are now able to use apps to generate sales orders, create quota-
tions and look up customers nancial fact sheet. Field services employees are
notied on new service schedules and can record start and end time of services
rendered. Finance teams are better able to manage and track their assets using
camera and GPS functions on the mobile devices.
Improve customer service
Retaining an existing customer is of paramount importance to any enterprise. Sales
or support teams that regularly interface with customers can now eectively
respond in a timely manner, directly increasing customer satisfaction.
Reduce IT Costs
By allowing a bring-your-own-device (BYOD) policy, and allowing employees to use,
and often pay for, their own mobile devices and wireless services, enterprises can
potentially save IT spending on devices, wireless and management services.
Mobile Devices
Mobile Devices
Wireless Providers
Internet
Corporate VPN Gateway Corporate Internet
-- Security Vulnerability
Figure 1: Enterprise Mobility Security Failure Points
3
7/27/2019 Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White
4/9
These business benets cannot be ignored, nor can the multitudes of security
threats. Enterprises must nd ways to embrace mobility in their organization to gain
an overall sustainable competitive advantage and address the accompanying
security threats. For both corporate owned devices and employee owned devices,
securing the devices, apps, databases, and communications are an imperative to
avoid any corporate data vulnerability. If security is not addressed at the outset,these corporate owned devices and employee owned devices merged with person-
al and corporate data become a point of security failure that threatens to disclose
condential business information or become a new channel to introduce security
threats to enterprises IT resources and infrastructure. These security threats can
become failure points for an enterprise to fully reap the benets of mobility.
Security concerns can impede the momentum of embracing enterprise mobility.
Whether your enterprise is deploying corporate owned devices,
bring-your-own-devices (BYOD), pre-packaged mobile apps or developing them
internally. They all must be locked down to protect condential corporate resourcesand information being disclosed intentionally or unintentionally.
The latest smartphones and tablets were initially not designed to provide compre-
hensive security for corporate usage. As a result, hackers have been discovering the
benets of compromising both business and personal data contained within these
devices. Mobile devices and enterprise apps need to be protected with an even
broader set of security techniques than those employed for traditional desktop or
laptop operating systems. The typical security threats compromises the following
corporate resources:1
Credentials to access business or personal accountsCondential business or personal information
Phone or data communication services
Mobile device or enterprise apps
To eliminate the security threats listed above, an enterprise must consider building
their mobile security strategy around the below four pillars (See gure 2).
Component Security
Every component used in Mobile Architecture requires specic administration tasks
to secure it. A high level architecture involves following components which have tobe secured -
DATA Tier Secures and controls enterprise data, the data integrity, data at
rest and data transmission. This component secures Databases too Application
Database, Cache database, messaging database and logs on them. Data Encryption,
securing infrastructure and backup artifacts by le system permissions, Data vaults
are few measures to secure data.
Back to the Future: Securing your Unwired Enterprise
4
7/27/2019 Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White
5/9
Innovapptive Technology Thought Leadership - Whitepaper
A Mobile Security Strategy aims to meet every
business requirement by optimizing four dimensions
that make up mobile security -
Components - Securing the Device, Data and
Infrastructure
Communication - Securing Data as if ows
between the dierent layers
Application Security - Securing the data in the
mobile app
Authentication & Authorization - Access Controls,
dierent authentication plug-ins
Figure 2: The four components of a comprehensive mobile security strategy
DEVICE - Secures and governs devices, Apps and data on devices. MDM
over the air, managing, monitoring and supporting enterprise/ BYOD devices by
controlling and protecting the data/conguration settings reducing costs and
business risks.
SERVERS - Secures platforms and infrastructure of Enterprise servers, SUP/
SCC Servers, MDM, MAM and Licensing Servers.
Communication Security
Enterprise data transferred in communications from Enterprise systems to MEAPs to
Data Tier to Device / Apps has to be secured. Messaging communications, replica-
tion communications, device push notications, data synchronizations, authentica-
tion credentials at multiple layers, etc are few examples where critical enterprise
data is transferred.
Application Security
Apps should be secured dierently based on the type of synchronizations (RBS,
MBS), type of connectivity (oData/Gateway, Workow container), prompts for
authentication and based on device type (Corporate / BYOD).
Mobile Application Management (MAM) tools provides Application Security,
Dynamic Policy Management, Application analytics.
Mobile Application Protection (MAP) tools provide Application Security capabili-
ties like selective remote wipe, per app VPN, location masking, geo-fencing, etc.
MAM and MAP do not replace MDM, infact they complement MDM, providing an
extra layer of security.
5
7/27/2019 Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White
6/9
Authentication and Authorization
Authentication and role-based access control (RBAC) are core security features
supported by all application types to control and secure access to enterprise assets.
There are many methods of authentication and authorization to mobile devices -
LDAP, SSO and AD to name a few. Leveraging existing enterprise authentication and
authorization mechanisms and enhancing them to support mobile devices is thebest practice to secure users credentials and privileges onto mobile devices and
apps. Authentication and authorization mechanisms can be enhanced using Data
Vault, Session management, MEAP authentication plug-ins, authorization controls.
Innovapptive recognizes the need to build enterprise grade secured mobile applica-
tions. To help enterprises embrace Innovapptives SAP Certied mPower App
Suite, within a security rich environment, Innovapptives mPower App Suite comes
pre-packaged with a robust native and wrapper app security. Innovapptive recog-
nizes that the new app security methods are shifting device management and
security into mobile apps and removing dependencies of hardware. App wrapping
separates security from the development process and provides ne-grain usage
and security policies within Innovapptives mPower App Suite. By wrapping
security into each app, the Innovapptive Mobile App Protection solution by Mocana
helps administrators meet security needs in deploying Innovapptives SAP CertiedmPower App Suite.
The security module within Innovapptives mPower App Suite is congurable and
provides enterprises the ability to apply consistent, replicable controls across our
apps based on organizations dened security policies and guidelines, without
writing any code. This exibility provides you the ability to secure condential
corporate resources on managed and unmanaged corporate devices, including
devices that an enterprise does not control or are not on an enterprises network.
Enterprises can unlock true business value of mobility without worrying about the
security threats by simply conguring an app or a group of apps by selecting the
related security policies, and add functions for encryption, data protection, authen-
tication, and virtual private networks (VPNs). In addition, the Innovapptive
mPower App Suite helps you fulll compliance and audit requirements, such as
those for the health insurance portability and accountability act (HIPAA), regula-
tions for the payment card industry (PCI), and other industry rules.
Back to the Future: Securing your Unwired Enterprise
Secured Pre-packaged Mobile Apps from Innovapptives mPower App Suite
TM
mPower AppSuite
6
7/27/2019 Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White
7/9
Innovapptives pre-packaged and secured mPower App Suite quickly protects
your valuable corporate data with enterprises choice of security functions and
policies, including app level encryption, data protection, authentication, and VPN.
In addition, you can choose from a variety of security policies, including -
User authentication
Data loss prevention
Secure data transfer between wrapped apps
Data-at-rest encryption with cryptography certied by Federal Information
Processing Standard (FIPS) 140-2
Jailbreak or rooting detection
Per-app VPN tunnel
Contextual usage
Controls for cut, copy, and paste
Innovapptives mPower App Suite are protected by the Mocana MAP ready
solution and keeps data in motion safe by communicating with an app over a
256-bit encrypted tunnel. This prevents potential rogue applications and malware
from accessing your enterprise network. It prohibits unauthorized copying and
pasting from specic applications to help stop data leaks.
A smart rewall policy lets you block several types of potentially insecure network
trac from the app and require proper digital certication before communicating
with a server by requiring user-authentication passwords for access to an app.
Mocana MAP ready solution helps the mPower App Suite to ensure that the data is
quickly made inaccessible when devices are lost or stolen. The solution supports
app-data wipes based on certain conditions, such as too many failed authentication
attempts.
Geo-fencing adds another layer of protection by restricting app usage and availabil-
ity within a specic geographic perimeter. Enterprises can also set expiration dateon an app to create limited-time access. If a device is compromised by jailbreaking
or rooting, enterprises can rapidly disable the app and prevent access to stored
data. Authentication merely requires a user name and passcode. Assisted passcode
recovery is available. Once authenticated, users can connect to enterprise servers
through a VPN tunnel, which is maintained and auto connected even if a user
moves from one network to another.
Innovapptive Technology Thought Leadership - Whitepaper
Innovapptive unlocks business value with our congurable and secured
mPower Apps Suite Solution
Securing Communications and Preventing Data Loss
7
7/27/2019 Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White
8/9
Back to the Future: Securing your Unwired Enterprise
Figure 3: Innovapptives mPower Apps Suite is Mocana MAP ready
The pressure for mobile business processes comes from all sides of the enterprise.
Executives and users at all levels want the convenience of mobile apps. Enterprise
mobility is a competitive dierentiator that helps organizations respond more
quickly to their customers, partners, and employees. Enterprises are also realizing
that pre-packaged mobile apps provide quick win opportunities to increase
productivity, improve eciency, and speed time to market.
With Innovapptives Mocana MAP ready mPower App Suite, business processes
can be mobile and safe from misuse even when devices and apps are used by
partners, contractors, and customers. Enterprise users can interact with the
mPower App Suite in familiar ways without installing an additional client or
separating their business and personal apps.
Safe mobile apps and an exceptional user experience provided byInnovapptives mPower Apps Suite
8
7/27/2019 Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White
9/9
Innovapptive Technology Thought Leadership - Whitepaper
For more information
To learn more about Innovapptives mPower App Suite, Enterprise Mobility
Strategy and Consulting, Rapid Deployment Solutions and Custom Development
Services, contact your Innovapptive sales representative, visit our website
www.innovapptive.com or you can email Innovapptive directly at
Copyright Innovapptive Inc. 2013
Innovapptive Inc.
One Riverway, Suite 1700
Houston, TX 77056
USA
Produced in the United States of America
August 2013
All Rights Reserved
1Securing mobile devices in the business environment An IBM White Paper
2SAP Solution Brief Secure Enterprise Apps in Seconds
Across Managed and Unmanaged Mobile Devices
9