Documente Academic
Documente Profesional
Documente Cultură
Mobile devices are now a reality in most organizations. Building on Mobile Device Management
(MDM) and Mobile Application Management (MAM), organizations are increasingly developing
their own enterprise apps for specific job tasks to improve productivity, business partnerships,
customer satisfaction and bottom-line performance. But to achieve these benefits, it is imperative
that mobile security best practices are incorporated throughout the lifecycle of the application.
Mobile Application Lifecycle Management (MALM)
inherits all of the issues introduced at the start of the
mobile era security, compliance and privacy. This
includes the security of corporate and personal data,
compliance with government and industry regulations,
and employee privacy. While building custom mobile
apps might seem like an onerous task, the greater
challenge is ensuring the security of apps and associated
data once deployed.
MaaS360 by Fiberlink, an IBM company and recognized leader in Enterprise Mobility Management
(EMM), offers application security best practices for use during app development and deployment.
For enterprises designing and developing their own mobile apps, these features can be delivered
through a Software Development Kit (SDK) or automatic app wrapping.
Authentication
In addition to device authentication with MaaS360, which can include basic passcode enrollment
or two-factor authentication synchronized with your Active Directory or LDAP, you can embed
authentication into your apps as well. Only the users intended to access specific apps and
associated data will be able to open them, even if distributed to an unauthorized user by mistake.
Single Sign-on
You can design apps for a user to access all of their authorized enterprise apps with a single, shared
passcode. This MaaS360 support feature provides a more user-centric approach when building
mobile apps with a developer platform such as IBM Worklight. You can ensure strong authentication
without impacting the productivity of users. MaaS360 WorkPlace simplifies app design for
Authentication, Single Sign-on, Data Loss Prevention (DLP), In-App VPN and App Blocking across
mobile platforms.
In App VPN
Because mobile devices
are beyond the direct
control of managers and
IT personnel, they are
particularly vulnerable to
employee mistakes and
employee wrongdoing.
While all of the above solidifies security for data at rest on a mobile device, enterprise app
developers must also secure data in motion i.e., any information transmitted from the MaaS360
Workplace container to your corporate servers. To secure those transmissions, there needs be a VPN
connection. App-level tunneling ensures user transmissions can be sent securely through only an
app-level VPN connection without needing a device-level VPN. Leveraging the MaaS360 Mobile
Enterprise Gateway, this can be done independently of any VPN infrastructure.
App Blocking
Your app development can also set policies to block an app from being opened on a device that is
non-compliant with MaaS360s automatic security monitoring features.
More sophisticated
products are also
becoming available
that can monitor
and log the transfer
of sensitive files to
storage devices and to
other computers via
email, file transfer or
instant messaging, or
alternately can block
all such transfers
completely.
Secure Browser
Many organizations have invested significant resources and have well-established business
processes that rely on existing web applications. With the MaaS360 Secure Browser and Enterprise
Gateway, you can enable your employees with secure access to corporate intranet sites and
applications such as private SharePoint, Windows File Sharing, and internal websites from mobile
devices. This allows you to mobilize all your web apps without having to rewrite them as a mobile
app or set up a full device-level VPN.
The Secure Browser also allows your MaaS360 administrator to restrict access to websites from
any device by category, and make exceptions to access restrictions for business purposes. For
instance, if your organization blacklists social networks, the administrator can make exceptions
for a marketing or PR person to use LinkedIn if needed for business posts. Should anyone else try
to access social networks, they will be denied. (The administrator will get audit logs with a time
and date stamp identifying the user and the device for each instance of a user trying to access a
restricted website. Repeat offenders can be warned via the MaaS360 messaging system.)