Data Security
The JourneyApps Commitment to Security Geographic Location of Cloud Hosting Infrastructure-Level Security
Protection of Data Through Encryption Data Life Cycle Management
What Happens When a Device is Lost or Stolen? Further Recommendations
Mobile Device Management (MDM) Mobile Application Management (MAM) Dual Persona Approach
The JourneyApps Commitment to Security
Security is the top mobility challenge facing enterprises today, and the ability to meet security requirements is now a critical factor when evaluating possible mobile vendors. JourneyApps is committed to offering a highly secure platform and has consistently been on the forefront of data security. Various security measures are built into the JourneyApps Platform and anyone using apps built on the JourneyApps Platform will benefit from these world-class security measures by default.
Geographic Location of Cloud Hosting
The JourneyApps cloud-based App Backend is available in multiple regions, and the region where your data is hosted can be configured based on where you are located. Being able to select the geographic location of where your data is hosted, makes it easier to comply with Data Security legislation. For example, it is easier to comply with the EU Data Protection Directive if you host data in the EU, and the same with the Protection of Personal Information Act in South Africa, and the Patriot Act in the United States.
Once a location has been selected, all of the data for that specific app will be stored in the selected geographic region.
In most regions the back-end is hosted on Amazon Web Services Elastic Compute Cloud (EC2). In other regions such as Africa and the Middle East, equivalent hosting providers are used with regard to security and reliability. The current supported regions are:
Infrastructure-Level Security
The JourneyApps back-end is hosted on Amazon Web Services Elastic Compute Cloud (EC2), which provides world-class security measures and certifications for infrastructure-level security. For more details, refer to the AWS Security Whitepaper and the AWS Risk and Compliance Whitepaper.
All JourneyApps servers have protections and access controls built in to ensure that no unauthorized access your data can occur. Data is backed up daily and is stored off-site in a secure data centre. Access and security policies for Journey technical staff performing maintenance on infrastructure conforms with the highest industry security standards.
Journey servers are equipped with firewalls to restrict network access. Servers are penetration-tested and operating system upgrades, patches and infrastructure software updates are applied on a regular basis. As a further security measure, JourneyApps makes use of extensive audit trails: Any data modifications on the platform, as well as many other activities, are monitored and recorded. Audit trails are securely stored
Region Geographic Location Infrastructure Provider
United States Virginia Amazon Web Services
European Union Ireland Amazon Web Services
Asia-Pacific Sydney, Australia Amazon Web Services
Middle East and Africa South Africa Hetzner
journeyapps.com
in line with best practice. Access to customer data for troubleshooting and support services by JourneyApps personnel is tightly controlled and audited.
Protection of Data Through Encryption
All communication between mobile devices and Journey servers occur over a Transport Layer Security (TLS) encrypted channel. Journey mobile apps use a secure temporary enrolment token to link itself to the Journey App Back-end and mobile devices authenticate against the Journey servers on each network request.
Data is protected in various states:
State Definition Encrypted in
JourneyApps?
Encryption Details
At Rest When data is stored in the cloud – in the JourneyApps App Backend
Yes Block storage encryption (AWS)
In Transit When data is transferred over the internet Yes TLS/HTTPS for all network communications In Use When data is handled on the mobile device Yes Full on-device encryption of data
Data Life Cycle Management
When a relationship with a customer comes to an end, JourneyApps deletes all data associated with that customer’s solution. A customer can request a copy of the data, in which case a data download can be made to a client-specified storage unit before being deleted.
Backups are kept for 2 months, and data modification audit logs are held for 3 years. Data can also be removed from backup storage on request. Therefore all data can be handed over to clients and will be completely removed from Journey servers, as well as backups if need be. Data always remains the property of the customer.
What Happens When a Device is Lost or Stolen?
One of the weakest links in the security chain is still the user. The JourneyApps Platform ensures that business information is kept secure on devices, even if they are lost or stolen.
User profiles can be easily disabled on the JourneyApps back-end, which will unlink the user from the mobile app and the app will no longer function. The container app does not contain any customer-specific code such as data models or business logic. Data models and business logic are updated over-the-air once the user has been authenticated. If users are unlinked, they will no longer have access.
Further Recommendations
In addition to the security measures that are baked into the JourneyApps platform, there are a host of added security measures available to enterprises. This includes configuring operating system level security settings on mobile devices as an added security measure. This includes, but is not limited to: requiring the user to authenticate using a PIN code every time when the screen is unlocked, wiping the device if a predefined number of incorrect PIN attempts are made, and encrypting the entire file system (if available). Enterprises can also use third party Mobile Application Management (MAM) or Mobile Device Management (MDM) services, or Dual Personas, to increase security.
Mobile Device Management (MDM)
Mobile device management software is usually implemented through a third party and helps companies ensure that employees do not breach corporate policies. MDM software deals with aspects such as corporate data segregation, securing documents and emails, and enforcing corporate policies. It can also apply virtual geographic limits for devices and includes monitoring capabilities that allow enterprises to track and report on information about mobile devices across the enterprise — of both company-owned devices and devices belonging to employees. MDM solutions can manage device firmware and configuration settings and can remotely wipe data or locate devices.
Mobile Application Management (MAM)
MAM can optionally be used to distribute custom-branded versions of the Journey Launcher to a customer’s user base. These versions of the Journey Launcher native container app will sport the name and icon of the customer, whilst under the hood still working exactly the same as the Journey-branded Launcher in the Google Play Store and iTunes App Store.
MAM provides a lower degree of control over the device and focuses on the management of applications. MAM provisions and controls access to internally developed and commercially available mobile apps used on both company owned and personal devices. It enables IT administrators to distribute, update and manage secure applications, as well as configure apps and provision users. MAM also allows for the monitoring and tracking of usage, and companies can easily disable or restrict roles.
MDM and MAM solutions should install malware protection on the device that scans for viruses and quarantines affected applications and files on devices.
Dual Persona Approach
If companies do enforce a BYOD policy, they can use a Dual Persona Approach as an added security measure. On one device there can be a work persona for all work-related tools and communications, and a separate one for personal communication. Organizations can secure work-related content and comply with security policies, and also remotely wipe only work-related content. By doing this, the organization respects the employee’s privacy and can even create separate phone numbers for work and personal use.
journeyapps.com
About JourneyApps
At JourneyApps we build mobile apps that are customised to suit your unique business processes. If you have a mobile workforce, we can help you find efficiencies and address specific business challenges. The JourneyApps platform helps you build robust applications on Android, iOS and Chrome and adheres to the highest security standards. Our team of engineers has years of experience in building mobile apps and understand your needs. They will help brainstorm around your processes and will provide a simple and easy-to-use solution. And we build fast, so we will assist you in proving success quickly and can iterate and deploy on-the-go.
We have deployed solutions in sectors such as financial services, asset management, logistics, field service, healthcare, agriculture and market research. Each month thousands of people use the JourneyApps solutions and we process tens of thousands of job cards, delivery notes, incident reports, etc.
Talk to one of our mobility experts today about how we can help your mobile workforce become more efficient.
[email protected] journeyapps.com
Learn more about JourneyApps
