Contenu connexe Similaire à Securing mobile apps in a BYOD world (20) Plus de SAP Solution Extensions (20) Securing mobile apps in a BYOD world1. SAP Thought Leadership Paper
Mobile App Security
Securing Mobile Apps in a BYOD World
Protecting Apps Makes You More Responsive to Demands
for Enterprise Mobility
©2013SAPAGoranSAPaffiliatecompany.Allrightsreserved.
2. 2 / 8
© 2013 SAP AG or an SAP affiliate company. All rights reserved.
Table of Contents
4 The Mobile App Tsunami
6 The Power of Self-Defending Apps
3. Securing Mobile Apps in a BYOD World
3 / 8
© 2013 SAP AG or an SAP affiliate company. All rights reserved.
We have recently witnessed a major disruption in
corporate computing, driven by the adoption of new
mobile operating systems and bring-your-own-device
(BYOD) environments.As enterprise IT organizations
struggle to support new mobile strategies, they must
comply with government regulations and internal
security policies. With over 80% of North American
enterprises supporting e-mail, calendar, and contact
information on mobile devices, it has become clear
that the devices can boost productivity and competitive
advantage.1
1. Mocana Corporation report.
4. Securing Mobile Apps in a BYOD World
4 / 8
© 2013 SAP AG or an SAP affiliate company. All rights reserved.
The next wave of exploiting the power of mobile
devices involves the apps that run on them.As with
sales-force automation and other technologies
of the past, today’s business units and front-office
divisions are leading the effort to maximize cus-
tomer relationships and business results.For them,
the answer is mobile apps. Enterprises will see a
rising tsunami in the development of in-house apps
that promise to achieve these goals. Increasingly,
enterprise IT organizations will be under pressure
to build mobile apps or sanction off-the-shelf,third-
party apps that meet the requirements of enter-
prise employees and business units.
According to Lopez Research,a leading enterprise-
mobility research organization, firms will need
security that can span multiple devices and het-
erogeneous IT systems. IT departments will need
comprehensive mobile security solutions that
provide protection for the devices and their data
and for data transmitted via the corporate net-
work and externally. As device usage continues
to grow and apps proliferate, IT leaders will need
enterprise-mobility management solutions that
meet these requirements and evolve to address
future demand.
“2012 was the year that many companies decided
to support BYOD. In 2013 over 44% of the com-
panies Lopez Research interviewed in Q1/2013
were building or planned to build mobile apps over
the next 12 months,”says Maribel Lopez, Principal
Analyst, Lopez Research LLC.
Breaking the Bottleneck of Mobile App
Deployment
For most organizations, a scarcity of resources
for mobile app development and the lack of mobile
and general security expertise can prevent an
adequate IT response to this challenge. Certifying
that mobile apps meet baseline security require-
ments is both time-consuming and expensive.The
problem is compounded for third-party mobile
apps – for which source code can be impossible
to acquire and the level of built-in security is diffi-
cult to discern.
Mobile security solutions must help break the bot-
tleneck of mobile app deployment and help IT
organizations scale to meet the mobile app chal-
lenges that their organizations’ business leaders
will place on them. The solutions must be audit-
able and reliably repeatable in creating a security
baseline for the many apps that they will need to
deploy for employees,contractors,and customers.
The Mobile App Tsunami
5. Securing Mobile Apps in a BYOD World
5 / 8
© 2013 SAP AG or an SAP affiliate company. All rights reserved.
A Case for the App as the New END POINT
IT organizations typically have responsibility for
mobile device management and the security related
to those devices. Usually, this involves a device-
centric approach that, while effective in control-
ling access to corporate resources from managed
devices,often does not go deep enough to protect
data for both managed and unmanaged devices.
It also does not offer security both outside and
inside the corporate firewall or protect devices
that belong to nonemployees, such as partners
or customers. IT governance and management
of devices within the enterprise, while important,
is not enough. IT departments must also be able
to manage the apps and information that reside
on the devices.
As fragmentation of mobile operating systems con-
tinues,mobile apps are becoming the new security
end point. The next challenge in mobile security
is making apps self-defending by adding the type
of end-point security that was formerly reserved
for personal computers. Why not empower the
mobile app with the ability to prevent data leaks
and enable data-at-rest encryption? Why not pro-
tect data in motion from the app, rather than the
device? Given that all sensitive data reaches a
mobile device via a mobile app, making the app
the basis of a security architecture provides a com-
pelling common denominator across mobile plat-
forms – from which IT organizations can attack
today’s mobile security issues.
Why not empower the mobile app with
the ability to prevent data leaks and enable
data-at-rest encryption?
6. Securing Mobile Apps in a BYOD World
6 / 8
© 2013 SAP AG or an SAP affiliate company. All rights reserved.
Enterprise apps should be wrapped after develop-
ment, so there is no code to write. IT administrators
should be able to point and click to add new secu-
rity features to any app and load the binary file of
the app (.apk forAndroid and .ipa forApple iOS) into
a mobile-app protection server.There should be no
need to access the original source code, no need
for a software development kit (SDK), and no need
for a separate agent on the device.
The self-defending app could then be made avail-
able through any app catalog or private app store
that the enterprise chooses. The solution should
be totally transparent to end users, with no need
for separate client-side software or agents. Some
alternative technologies restrict end users to a tiny
selection of unfamiliar apps or confine their apps
in“walled” environments or virtual machines. But
the ideal solution would protect corporate data
without compromising the user experience. Newly
secured apps would work as users expect.
The ideal mobile-security solution would offer a
general-purpose platform that helps enterprises
create self-defending apps in a unified way across
iOS and Android devices. It would wrap security
and usage policies around individual mobile apps
and allow the enterprise to add multiple layers of
protection to any app that needs more security.
Such a solution would address the highest levels
of security – including encryption certified under
the Federal Information Processing Standard (FIPS)
140-2 and the Suite B algorithms of the National
Security Agency – to protect both app data at rest
and app data in motion.
Best-in-Class Security for Mobile Apps
The ideal solution would also help enterprises imple-
ment other security policies. For example, an enter-
prise could prevent copying and pasting information
from any app, which is essential for preventing the
loss of enterprise data. It could establish an app-
specific, virtual-private-network (VPN) connection
with its own security settings to create a private,
encrypted, and authenticated tunnel back to a spe-
cific enterprise resource – either in the cloud or at
the data center.
The Power of Self-Defending Apps
The ideal solution would protect corporate
data without compromising the user expe-
rience. Newly secured apps would work as
users expect.
7. Securing Mobile Apps in a BYOD World
7 / 8
© 2013 SAP AG or an SAP affiliate company. All rights reserved.
The solution’s policy-wrapping engine should also
support a flexible assortment of policies for individu-
al apps and provide for the addition of future poli-
cies. An IT administrator should be able to select
which policies make the most sense for a specific
app and user and have the solution automatically
wrap those policies into the app.An enterprise could
thus have multiple versions of the same app wrapped
with different policies for each type of user.
The SAP® Mobile App Protection Solution
by Mocana
The SAP® Mobile App Protection solution by
Mocana provides such support – along with many
security and usage policy features that protect sen-
sitive data from malware and other malicious apps.
Features for App-Level Data Loss Prevention
With SAP Mobile App Protection, you can:
•• Encrypt data at rest stored by a specific app,
without encrypting the entire device
•• Prevent malware and rogue apps from accessing
data
•• Prevent sensitive enterprise data leakage by
prohibiting unauthorized copying and pasting
from specific apps
•• Help ensure transfer of attachments, or files
transfer, between secured, wrapped apps
(Android only)
App-Level VPN for Data-in-Motion Encryption
You can also use SAP Mobile App Protection to:
•• Prevent rogue apps and malware from accessing
or performing reconnaissance on enterprise
networks
•• Gain insight into the performance and usage
of an app and detect suspicious usage patterns
•• Leverage telemetric logging of usage metrics,
login attempts, and data usage
•• Use certificate-based authentication with
enterprise VPN gateways for straightforward
sign-on abilities
•• Enable tight security and usage policies
App-Level Access Control
In addition, SAP Mobile App Protection makes
it possible to:
•• Authenticate users before granting access
to specific apps
•• Recover app passwords on app lockout due
to failed authentication attempts
•• Discard and disallow retrieval of data in response
to failed authentication attempts
SAP Mobile App Protection solves your
security requirements in the most flexible
and least intrusive way.
8. Securing Mobile Apps in a BYOD World
8 / 8
App-Level Usage Control
Other features help you:
•• Disable a specific app when the device
is compromised by jailbreaking or rooting
•• Customize the user agreement screen to set
the frequency for which user agreements have
to be signed or re-signed
•• Set an expiration date on an app to create
time-limited access for employees or contractors
Secure Mobile Browser
A secure, built-in Web browser, specifically
developed for use within the extended enterprise,
enables organizations to:
•• Securely send sensitive intranet data, Web
apps, and portals to virtually any iOS or Android
mobile device
•• Eliminate the need to build custom,secure mobile
apps to tie in to various back-end systems and
databases
Summary
With SAP Mobile App Protection, you can imple-
ment robust security features in your existing apps
without hiring security experts or writing new code.
Unlike other app-security approaches that force
enterprises to make suboptimal compromises,SAP
Mobile App Protection solves your security require-
ments in the most flexible and least intrusive way.
Use it to help your organization:
•• Eliminate barriers to massive and rapidly scaling
mobile app deployments
•• Apply enterprise-grade app security in a timely
manner to meet specific business objectives
•• Preserve the end-user experience on both iOS
and Android mobile devices
•• Create self-defending apps in a matter of seconds,
without source code or SDK integration
•• Eliminate enrollment and management of personal
devices in BYOD environments
•• Integrate with existing mobile device management
or enterprise app stores
Learn more
For additional information about SAP Mobile App Protection,
contact your SAP representative or visit us online
at www.sap.com/mobile-app-protection.
CMP26003 (13/08) © 2013 SAP AG or an SAP affiliate company. All rights reserved.
9. © 2013 SAP AG or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any
purpose without the express permission of SAP AG. The information contained herein may
be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary
software components of other software vendors. National product specifications may vary.
These materials are provided by SAP AG and its affiliated companies (“SAP Group”) for
informational purposes only, without representation or warranty of any kind, and SAP
Group shall not be liable for errors or omissions with respect to the materials. The only
warranties for SAP Group products and services are those that are set forth in the express
warranty statements accompanying such products and services, if any. Nothing herein
should be construed as constituting an additional warranty.
SAP and other SAP products and services mentioned herein as well as their respective
logos are trademarks or registered trademarks of SAP AG in Germany and other countries.
Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark
for additional trademark information and notices.