Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White Paper |

7/27/2019 Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White

1/9

Back to the Future:

Securing your Unwired EnterpriseBy Manoj Kumar Kunta, Global Practice Leader - Security

Innovapptive Technology Thought Leadership - Whitepaper


2/9

Back to the Future: Securing your Unwired Enterprise

The advent of smartphones and tablets has paved the path for the world to be

more interconnected, intelligent and integrated. This ability to consume informa-

tion anywhere and anytime is driving a dramatic behavioral change in the way

people live, work and stay connected. Recognizing this dramatic change in consum-

er behavior, enterprises have rapidly started to adopt smartphones and tablets as

work tools, joining existing laptops and desktops. The use of mobile devices in anenterprise is no longer a choice, but an imperative and is expected to see an

explosive growth over the next few years.

Over the years, Blackberry has been the pre-dominant mobile device for execu-

tives to manage their voice, emails and promote eective communications. The

ground breaking invention of the iPhone, iPads from Apple, and quickly followed

by Android smartphones and tablets have created a broader consumer appeal.

These mobile devices have an improved hardware performance, a more robust

platform feature set and increased communication bandwidth, expanding their

capabilities beyond voice and email. As a result, these smart mobile devices areproviding enterprises the ground to conduct their businesses new and innovative

ways by consuming and processing information anywhere and anytime.

As a result, enterprises are seizing every mobile opportunity to optimize their

processes, increase productivity and drive an increase in overall corporate wide

protability. This opportunity to increase overall protability by increased access to

enterprise systems can also bring an increased security risk to the organization.

This white paper explores how companies can safely introduce employee, or

corporate-owned mobile devices and applications into the workplace, identify the

risks inherent in their broader access to corporate data, and recommendations on

mitigating these risks to derive enhanced business value.

Introducing corporate owned mobile devices or rolling out a bring-your-own-de-

vice (BYOD) policy for your enterprise comes with a bag full of benets, challenges

and risks. Enterprises are motivating their employees to stay connected to the

corporate network, because they tend to :

Improve employee productivity and satisfaction

Mobile devices and enterprise applications can give employees ability to consume

or process corporate resources to enable continuous collaboration with colleagues

and business partners. Employees are now able to access productivity apps

on-to-go to complete universal approvals, travel and expense reports, and time

entry, leave requests, analytics or look up a customer or vendor.

Trade-o between Mobility Benets and Risks

2


3/9


Optimize and innovate new processes

Employees whose job functions demand them to be on-the-go no longer need to

re up their laptop to access business critical information. The ability to eectively

use mobile device features such as push notications are introducing brand new

processes to drive a proactive and timely action to derive enhanced business value.

Sales employees are now able to use apps to generate sales orders, create quota-

tions and look up customers nancial fact sheet. Field services employees are

notied on new service schedules and can record start and end time of services

rendered. Finance teams are better able to manage and track their assets using

camera and GPS functions on the mobile devices.

Improve customer service

Retaining an existing customer is of paramount importance to any enterprise. Sales

or support teams that regularly interface with customers can now eectively

respond in a timely manner, directly increasing customer satisfaction.

Reduce IT Costs

By allowing a bring-your-own-device (BYOD) policy, and allowing employees to use,

and often pay for, their own mobile devices and wireless services, enterprises can

potentially save IT spending on devices, wireless and management services.

Mobile Devices

Mobile Devices

Wireless Providers

Internet

Corporate VPN Gateway Corporate Internet

-- Security Vulnerability

Figure 1: Enterprise Mobility Security Failure Points

3


4/9

These business benets cannot be ignored, nor can the multitudes of security

threats. Enterprises must nd ways to embrace mobility in their organization to gain

an overall sustainable competitive advantage and address the accompanying

security threats. For both corporate owned devices and employee owned devices,

securing the devices, apps, databases, and communications are an imperative to

avoid any corporate data vulnerability. If security is not addressed at the outset,these corporate owned devices and employee owned devices merged with person-

al and corporate data become a point of security failure that threatens to disclose

condential business information or become a new channel to introduce security

threats to enterprises IT resources and infrastructure. These security threats can

become failure points for an enterprise to fully reap the benets of mobility.

Security concerns can impede the momentum of embracing enterprise mobility.

Whether your enterprise is deploying corporate owned devices,

bring-your-own-devices (BYOD), pre-packaged mobile apps or developing them

internally. They all must be locked down to protect condential corporate resourcesand information being disclosed intentionally or unintentionally.

The latest smartphones and tablets were initially not designed to provide compre-

hensive security for corporate usage. As a result, hackers have been discovering the

benets of compromising both business and personal data contained within these

devices. Mobile devices and enterprise apps need to be protected with an even

broader set of security techniques than those employed for traditional desktop or

laptop operating systems. The typical security threats compromises the following

corporate resources:1

Credentials to access business or personal accountsCondential business or personal information

Phone or data communication services

Mobile device or enterprise apps

To eliminate the security threats listed above, an enterprise must consider building

their mobile security strategy around the below four pillars (See gure 2).

Component Security

Every component used in Mobile Architecture requires specic administration tasks

to secure it. A high level architecture involves following components which have tobe secured -

DATA Tier Secures and controls enterprise data, the data integrity, data at

rest and data transmission. This component secures Databases too Application

Database, Cache database, messaging database and logs on them. Data Encryption,

securing infrastructure and backup artifacts by le system permissions, Data vaults

are few measures to secure data.


4


5/9


A Mobile Security Strategy aims to meet every

business requirement by optimizing four dimensions

that make up mobile security -

Components - Securing the Device, Data and

Infrastructure

Communication - Securing Data as if ows

between the dierent layers

Application Security - Securing the data in the

mobile app

Authentication & Authorization - Access Controls,

dierent authentication plug-ins

Figure 2: The four components of a comprehensive mobile security strategy

DEVICE - Secures and governs devices, Apps and data on devices. MDM

over the air, managing, monitoring and supporting enterprise/ BYOD devices by

controlling and protecting the data/conguration settings reducing costs and

business risks.

SERVERS - Secures platforms and infrastructure of Enterprise servers, SUP/

SCC Servers, MDM, MAM and Licensing Servers.

Communication Security

Enterprise data transferred in communications from Enterprise systems to MEAPs to

Data Tier to Device / Apps has to be secured. Messaging communications, replica-

tion communications, device push notications, data synchronizations, authentica-

tion credentials at multiple layers, etc are few examples where critical enterprise

data is transferred.

Application Security

Apps should be secured dierently based on the type of synchronizations (RBS,

MBS), type of connectivity (oData/Gateway, Workow container), prompts for

authentication and based on device type (Corporate / BYOD).

Mobile Application Management (MAM) tools provides Application Security,

Dynamic Policy Management, Application analytics.

Mobile Application Protection (MAP) tools provide Application Security capabili-

ties like selective remote wipe, per app VPN, location masking, geo-fencing, etc.

MAM and MAP do not replace MDM, infact they complement MDM, providing an

extra layer of security.

5


6/9

Authentication and Authorization

Authentication and role-based access control (RBAC) are core security features

supported by all application types to control and secure access to enterprise assets.

There are many methods of authentication and authorization to mobile devices -

LDAP, SSO and AD to name a few. Leveraging existing enterprise authentication and

authorization mechanisms and enhancing them to support mobile devices is thebest practice to secure users credentials and privileges onto mobile devices and

apps. Authentication and authorization mechanisms can be enhanced using Data

Vault, Session management, MEAP authentication plug-ins, authorization controls.

Innovapptive recognizes the need to build enterprise grade secured mobile applica-

tions. To help enterprises embrace Innovapptives SAP Certied mPower App

Suite, within a security rich environment, Innovapptives mPower App Suite comes

pre-packaged with a robust native and wrapper app security. Innovapptive recog-

nizes that the new app security methods are shifting device management and

security into mobile apps and removing dependencies of hardware. App wrapping

separates security from the development process and provides ne-grain usage

and security policies within Innovapptives mPower App Suite. By wrapping

security into each app, the Innovapptive Mobile App Protection solution by Mocana

helps administrators meet security needs in deploying Innovapptives SAP CertiedmPower App Suite.

The security module within Innovapptives mPower App Suite is congurable and

provides enterprises the ability to apply consistent, replicable controls across our

apps based on organizations dened security policies and guidelines, without

writing any code. This exibility provides you the ability to secure condential

corporate resources on managed and unmanaged corporate devices, including

devices that an enterprise does not control or are not on an enterprises network.

Enterprises can unlock true business value of mobility without worrying about the

security threats by simply conguring an app or a group of apps by selecting the

related security policies, and add functions for encryption, data protection, authen-

tication, and virtual private networks (VPNs). In addition, the Innovapptive

mPower App Suite helps you fulll compliance and audit requirements, such as

those for the health insurance portability and accountability act (HIPAA), regula-

tions for the payment card industry (PCI), and other industry rules.


Secured Pre-packaged Mobile Apps from Innovapptives mPower App Suite

TM

mPower AppSuite

6


7/9

Innovapptives pre-packaged and secured mPower App Suite quickly protects

your valuable corporate data with enterprises choice of security functions and

policies, including app level encryption, data protection, authentication, and VPN.

In addition, you can choose from a variety of security policies, including -

User authentication

Data loss prevention

Secure data transfer between wrapped apps

Data-at-rest encryption with cryptography certied by Federal Information

Processing Standard (FIPS) 140-2

Jailbreak or rooting detection

Per-app VPN tunnel

Contextual usage

Controls for cut, copy, and paste

Innovapptives mPower App Suite are protected by the Mocana MAP ready

solution and keeps data in motion safe by communicating with an app over a

256-bit encrypted tunnel. This prevents potential rogue applications and malware

from accessing your enterprise network. It prohibits unauthorized copying and

pasting from specic applications to help stop data leaks.

A smart rewall policy lets you block several types of potentially insecure network

trac from the app and require proper digital certication before communicating

with a server by requiring user-authentication passwords for access to an app.

Mocana MAP ready solution helps the mPower App Suite to ensure that the data is

quickly made inaccessible when devices are lost or stolen. The solution supports

app-data wipes based on certain conditions, such as too many failed authentication

attempts.

Geo-fencing adds another layer of protection by restricting app usage and availabil-

ity within a specic geographic perimeter. Enterprises can also set expiration dateon an app to create limited-time access. If a device is compromised by jailbreaking

or rooting, enterprises can rapidly disable the app and prevent access to stored

data. Authentication merely requires a user name and passcode. Assisted passcode

recovery is available. Once authenticated, users can connect to enterprise servers

through a VPN tunnel, which is maintained and auto connected even if a user

moves from one network to another.


Innovapptive unlocks business value with our congurable and secured

mPower Apps Suite Solution

Securing Communications and Preventing Data Loss

7


8/9


Figure 3: Innovapptives mPower Apps Suite is Mocana MAP ready

The pressure for mobile business processes comes from all sides of the enterprise.

Executives and users at all levels want the convenience of mobile apps. Enterprise

mobility is a competitive dierentiator that helps organizations respond more

quickly to their customers, partners, and employees. Enterprises are also realizing

that pre-packaged mobile apps provide quick win opportunities to increase

productivity, improve eciency, and speed time to market.

With Innovapptives Mocana MAP ready mPower App Suite, business processes

can be mobile and safe from misuse even when devices and apps are used by

partners, contractors, and customers. Enterprise users can interact with the

mPower App Suite in familiar ways without installing an additional client or

separating their business and personal apps.

Safe mobile apps and an exceptional user experience provided byInnovapptives mPower Apps Suite

8


9/9


For more information

To learn more about Innovapptives mPower App Suite, Enterprise Mobility

Strategy and Consulting, Rapid Deployment Solutions and Custom Development

Services, contact your Innovapptive sales representative, visit our website

www.innovapptive.com or you can email Innovapptive directly at

[email protected]

Copyright Innovapptive Inc. 2013

Innovapptive Inc.

One Riverway, Suite 1700

Houston, TX 77056

USA

Produced in the United States of America

August 2013

All Rights Reserved

1Securing mobile devices in the business environment An IBM White Paper

2SAP Solution Brief Secure Enterprise Apps in Seconds

Across Managed and Unmanaged Mobile Devices

9

Documents

Mobile Security White Paper | Back to the Future - Securing Your Unwired Mobile Enterprise | Innovapptive White Paper |