Balancing productivity with security
Today’s mobile apps empower employees to be more productive across the business, whether in sales, HR, field service, or other functions. It’s no wonder there is tremendous interest in building apps for enterprise use; the ability to provide the right information at the right time is truly a game-changer. Successful enterprise mobility management, however, balances productivity with security.
Securing apps using policy injection and wrapping
Enteprise Mobilibity Management (EMM) solutions offer two approaches for securing apps and their data.1. Policy injection. This method lets you bundle a security library with the rest of the app source code during the build process, allowing administrators to control app behavior by setting policy rules on a central server. Policy updates can be pushed to change app behavior as required.
2. App wrapping. App wrapping takes an existing binary and rebuilds it with the security library. This approach is often employed if you don’t have source code of legacy apps or want to simplify the develop/publish cycle. The end result is the same as policy injection: a secure, policy-contained app. The wrapping process also allows app developers to focus on app functionality, with security and policy created separately by independent groups within the enterprise.
Both methods ensure that app data is encrypted and contained separately from the
user-Securing mobile apps
in the Enterprise
Available policies include:
• Geo-fencing to control where an app can be launched, e.g. within corporate locations
• Time and date to restrict app usage outside official hours
• Copy-Paste to implement the simplest method of data loss prevention by restricting copy-paste of text and/or images
• Device features to restrict usage of SMS, phone, or camera during app use • Network usage to restrict app’s data transmission to whitelisted or
secure wi-fi networks, reducing the chance of data leaking over unsecure networks, such as at a café or airport
• VPN on demand and direct app tunnels to automatically route all communication from a specific app through a secure channel back to your enterprise
• • •
Authenticating users
To reduce the risks posed by the app binary leaking out of your network, it’s imperative that only authorized users can launch an enterprise app. Integrate authentication against your corporate Active Directory or other LDAP server as part of your app launch sequence for ease of access for users. Some advanced enterprise mobile management (EMM) solutions simplify this by providing single sign-on capabilities within the secure app container, reducing the login burden on employees.
Your EMM solution should also distribute and manage client-side certificates for strong authentication when coupled with username and password. If the certificate is revoked or deleted, then further access to enterprise apps or data is denied.
Creating an enterprise app store
An enterprise app store specific to your company allows your employees to search and download enterprise apps in a similar way to the public app stores they’re used to. After securing your apps using policy injection or app wrapping, you can publish them to your custom-branded app store. It’s possible to make an app available to all or a few users, using role or group membership information from AD integration. With an advanced app store,
Restricting jailbroken and rooted devices
Many users like to jailbreak (iOS) or root (Android) their device to gain administrative privileges that allow endless customization. However, this access also gives malware the same elevated rights, posing a risk to stored app data as well data in transmission. Malware can also use enterprise apps’ connections to your servers to piggyback into your IT infrastructure. Most EMM solutions handle these scenarios in a straightforward way, making it trivial to block jailbroken and rooted devices from your network entirely. Double down by setting app policy to also disable the app download and launch on jailbroken and rooted devices. This additional layer of security addresses the common BYOD (Bring Your Own Device) model, where users can have jailbroken or rooted devices, but only certain apps are authorized. The ability to detect and automatically block launch as appropriate on an app by app basis in this way is critical to an enterprise BYOD strategy.
Using strong security methods
Use app policies to force HTTPS usage for all data transmission between app and server. Your EMM solution should take care of encrypting the app’s data storage when you inject or wrap the security library. This reduces the risk of data loss if the device is stolen or lost.
Check to see if the EMM solution is FIPS 14002 certified, which is a federal computer security standard that accredits cryptographic modules. Using an EMM solution that is FIPS certified provides extra assurance to your business and IT users.
Don’t neglect standard security steps
Following the steps outlined above will help secure your mobile apps, protect your data, and keep your users both comfortable and compliant. However, don’t forget the fundamentals: carry out basic code review, run vulnerability analyses, and utilize techniques such as fuzzy testing to harden your apps against attacks.
Conclusion
For successful enterprise mobility, secure and deploy applications using advanced EMM solutions that meet your business needs. Consider Kony Management Cloud, part of Kony’s Experience Platform, an end-to-end integrated suite that spans across all stages of the Software Development Life-Cycle (SDLC) including define, design, develop, test, deploy and manage.
About Kony, Inc.
Kony is the fastest growing cloud-based mobile application development platform (MADP) in the industry with over 600 live multi-channel apps, serving over 20 million end users across 45 countries, and generating over 1 billion sessions. The Kony Experience Platform is an integrated software development lifecycle (SDLC) platform to define, design, develop, test, deploy, and manage multi-channel applications from a single code base. With Kony, you can deliver stunning user-first experiences, get to market faster, and lower your application TCO. Kony also offers a suite of more than 33 ready-to-run B2E and B2C apps that enable customers to quickly extend their business.
For more information, please visit www.kony.com and connect with Kony on Twitter, Facebook, and LinkedIn.
