protect your enterprise by securing all entry and exit points.pdf

SAP White PaperEnterprise Mobility

Protect Your Enterprise by Securing All Entry and Exit PointsHow Enterprise Mobility Management Addresses Modern-Day Security Challenges

© 2

013

SAP

AG o

r an

SAP

affilia

te c

ompa

ny. A

ll rig

hts

rese

rved

.

2 / 11

© 2013 SAP AG or an SAP affiliate company. All rights reserved.

Table of Contents

4 Points of Vulnerability

5 Maintain Security amid Device Proliferation

6 Defend at the App Level for Better End-Point Security

7 Lock Down Content for Risk-Free Enterprise Mobility

8 Secure Communication with Networks and Services

9 Speed Mobile Initiatives with Secure Enterprise Mobility Management

Protect Your Enterprise by Securing All Entry and Exit Points

3 / 11


Along with new opportunities for transformation, enterprise mobility presents businesses with new concerns about security. It’s critical for a modern-day enterprise to understand the changing dynam-ics of mobile technology and what it can do to meet the needs of a mobile workforce while protecting its data. Find out how organizations can gain the freedom to be mobile and still meet their security requirements by getting insight into, and control of, potential points of vulnerability.


4 / 11


Enterprises understand how network security works: defend the perimeter, protect the end points, monitor the network, and keep viruses off the hard drive. But the next chapter in the book on securing the enterprise – mobile security – is still being written.

Even though it’s young, mobile security has a his-tory, and it’s riddled with change. Initially, e-mail was the premier app, and business workers were addicted to their BlackBerry devices. Today, people have dozens of apps and all types of content they manage on Android, iOS, and Windows phones and tablets. And accompanying the bring-your-own-device (BYOD) surge are mobile devices that can be personally or corporately owned.

The mobile user is a different demographic too. While those in executive management and sales roles were at the mobile forefront, sophisticated, savvy mobile users can now be found in every business group and at all levels of responsibility. Everyone is eager to adopt new mobile apps and technologies in real time.

The changing dynamics of mobile technology make securing the enterprise especially challeng-ing. Users, devices, apps, content, and networks are always in flux. But instead of limiting users to mobile access through corporate-sanctioned devices or apps, enterprises need to embrace a flexible, adaptable mobile strategy that offers users the freedom they want. A mobile strategy that addresses security in the enterprise from end to end provides the control that organizations need, balanced with the scalability and flexibility required to support a changing business landscape.

A holistic look at the modern enterprise reveals four entry and exit points that open every orga-nization to risk: devices, apps, content, and communications. Each of these points needs to be locked down to ensure comprehensive, enterprise-wide security.

Points of Vulnerability

Security starts with mobile device management that enables IT to centrally set and enforce device security and compliance policies.


5 / 11


As pointed out in a summary from the Pew Internet & American Life Project, more than 91% of U.S. adults have a mobile phone, and most have more than one.1 A 2012 report from iPass Inc. reveals that the average mobile worker, for example, carries 3.5 mobile devices.2 These Android, Apple, and Windows smartphones and tablets move into and out of enterprises all day long.

MANAgE AND SECuRE DEVICES WIth MDMSecuring mobile devices starts with mobile device management (MDM). With MDM, IT manages and secures mobile devices by preconfiguring a range of settings and enforcing security and com-pliance policies. Centralized device management gives IT access to rich analytics and reporting that can help the team better understand security threats and how to respond to them quickly and proactively.

Lost or stolen devices pose multiple types of security threats to the enterprise. There’s no way to prevent tablets and smartphones from getting into the wrong person’s hands, but you can safe-guard the data stored on the device. For example, remote wipe functionalities allow administrators to instantaneously erase any business data stored on a mobile device. Password protection is another safeguard that prevents unauthorized users from accessing business data stored on mobile devices. A password locks down apps and keeps out intruders.

Additional security measures – including over-the-air software distribution, Wi-Fi and virtual private network (VPN) settings, and certificate management – are best managed at the device level. IT can safely distribute new mobile apps and update existing apps on each mobile device, stopping rogue apps and viruses from causing enterprise mayhem. Managing Wi-Fi settings, VPN settings, and certificates at the device level protects enterprises by ensuring that only autho-rized devices have access to corporate networks and specific apps.

SECuRIty INSIghtS WIth MDM REPoRtINgBased on information from asset management, auditing, and compliance monitoring, MDM reports act as a source of unique insight that can help IT keep the enterprise safe from risk.

Reports can help IT understand how hardware and software are distributed throughout the enter-prise, so the team can respond quickly to known security threats or viruses. Visible, organized device, app, and user information also helps IT to keep track of devices during employee transi-tions and turnover, mergers, and acquisitions.

FLExIBILIty IN MDM DEPLoyMENtOrganizations can opt for on-premise or cloud-based MDM. While both options provide robust security and give the IT team flexibility, MDM in the cloud offers a cost-effective alternative for IT departments with small staffs or limited re-sources. IT can secure the organization without committing internal resources to supporting and managing the growing mobile device and app population.

Maintain Security amid Device Proliferation

FOOTNOTES

1. Pew Internet & American Life Project, June 2013, http://pewinternet .org/Commentary/2012/February/Pew-Internet-Mobile.aspx.2. iPass Inc.,”Understanding Mobility Trends and Mobile Usage Among Business Users,” The iPass Global Mobile Workforce Report, March 2012, http://www.wballiance.com/wba/wp-content/uploads /downloads/2012/07/ipass_mobileworkforcereport_q1_2012.pdf.

http://pewinternet.org/Commentary/2012/February/Pew-Internet-Mobile.aspx

http://pewinternet.org/Commentary/2012/February/Pew-Internet-Mobile.aspx

http://www.wballiance.com/wba/wp-content/uploads/downloads/2012/07/ipass_mobileworkforcereport_q1_2012.pdf

http://www.wballiance.com/wba/wp-content/uploads/downloads/2012/07/ipass_mobileworkforcereport_q1_2012.pdf


6 / 11


hoW APP WRAPPINg WoRkSApp wrapping considers applications as end points. It empowers the apps to be self-defending with the type of end-point defenses that were formerly reserved for PC end points. The apps have granular, app-level security – including data encryption, authentication, and VPN functionalities – in a matter of seconds.

An app-specific VPN tunnel prevents rogue apps and malware from accessing enterprise networks, and both data at rest and data in motion are en-crypted to keep confidential information private. Any app data accessed is protected, preventing intentional and unintentional data leakage. IT can add strict controls around where, how, and by whom data is accessed.

Geofencing is a good example of controlling access to certain apps with an application-level policy. For example, access to medical records apps can be restricted to doctors working strictly within the confines of the hospital.

SECuRE DIStRIButIoN FoR WRAPPED APPSOnce apps are secured, enterprises can make them available through an internal app store or distribute them via MDM. Corporate app stores, while similar to the familiar Apple and Google stores, allow employees or the extended ecosys-tem of contractors, partners, or distributors to safely download business apps. This is possible because security policies are applied before the apps are downloaded to the devices. An app store also helps IT with central procurement, license reconciliation, application discovery, and updates that ensure consistency across the enterprise.

The number of mobile apps available on corporate stores hosted by Apple, Google, SAP, and others is staggering – and increasing daily. Most of today’s apps are developed for the consumer, but the quantity and quality of both in-house and third-party enterprise apps is showing a fast and steady climb. These business apps enhance productivity, improve efficiencies, and deliver better business results.

FASt, RELIABLE SECuRIty thRough APP WRAPPINgBecause certifying, testing, encrypting, and sand-boxing apps require significant time and resources, enterprises need a fast, reliable method for secur-ing the mobile apps they develop internally or purchase from third parties. App wrapping has proved itself to be a ready, dependable method for securing the apps. App wrapping separates app security from the app development process and provides fine-grained usage and security policies in mobile apps.

Companies with strict security requirements and those in highly regulated industries – such as financial services, healthcare, retail, and govern-ment – are realizing the advantages of app wrap-ping. App wrapping secures mobile apps easily and simply, enabling a company to speed mobile initiatives while complying with industry standards. A security strategy that includes app wrapping also adds flexibility in BYOD environments, and it speeds the development process for companies building business-to-business and business-to-consumer apps.

Defend at the App Level for Better End-Point Security


7 / 11


Every day, employees move business files onto their mobile devices so they can work at home, on the road, or at client sites. The mobile work-force is a reality. In fact, a 2012 study by SkyDox revealed that 80% of employees say they need to access work documents – Microsoft Word docu-ments, spreadsheets, PDFs, videos, presentations, and more – from outside the office. 3

But employees often use insecure, consumer-based file transfer tools, e-mail, or iTunes to access their files. These options are easy but unsafe. Confidential information is often exposed to the public on insecure servers. This includes business data, such as financial insider information or product road maps that can potentially be used to harm companies. Enterprises need a safe, reliable platform for moving and tracking content on mobile devices.

SECuRIty thRough MoBILE CoNtENt MANAgEMENtAn enterprise-ready mobile content management (MCM) platform provides security through authen-tication controls, password locks, remote wipe, certification, encryption, usage reports, and

rights-controlled sharing. Employees can sync files easily between desktop, laptop, tablet, and smartphone, so they can work remotely or share files with customers, coworkers, and partners.

To speed deployment, enterprises should con sider implementing an MCM platform that integrates easily with existing content management systems, such as Microsoft SharePoint. Integration with lightweight directory access protocol (LDAP) and Microsoft Active Directory helps ensure that the MCM platform works well with other business-critical infrastructures and allows consistent security policies across users, groups, and the enterprise.

As enterprise collaboration becomes increasingly important, the MCM platform can make file sharing seamless and safe. Group management features support reliable file sharing, and policy enforce-ment prevents files from being shared with non-authorized users. Users can limit access to con-fidential documents by preventing them from being printed or e-mailed. Users can also set an expiration date to prevent old, out-of-date data from staying in circulation.

Lock Down Content for Risk-Free Enterprise Mobility

FOOTNOTE

3. SkyDox,”Workforce Mobilization: What Your IT Department Should Know,” 2012, http://www.skydox.com/workforce -mobilization-what-your-it-department-should-know.

An enterprise-ready mobile content management platform helps ensure the security of valuable con-tent employees move daily across mobile devices.

http://www.skydox.com/workforce-mobilization-what-your-it-department-should-know

http://www.skydox.com/workforce-mobilization-what-your-it-department-should-know


8 / 11


Secure Communication with Networks and Services

Mobile communications depend on the enter-prise’s wireless network and mobile carriers’ networks. Any added controls an enterprise can put into place will make it more secure.

Employees, partners, customers, and guests log in to the wireless network throughout the day. To maintain security, enterprises can prevent rogue devices from joining the network or accessing e-mail by controlling the wireless connections at the device level. They can also manage the certifi-cates needed to connect to the network.

By understanding mobile usage and adding usage policies that prevent international service fees, enterprises can also safeguard budgets and better manage costs.

Enterprises need to lock down four vulnerable entry and exit points that open them to security risks: devices, apps, content, and communication.


9 / 11


Speed Mobile Initiatives with Secure Enterprise Mobility Management

Enterprises are relying on point solutions to address mobile security, but that’s not enough to fully protect an organization. Point solutions merely patch a gap, leaving holes that leak busi-ness data or let in hackers, rogues, and viruses.

Enterprises need a broad, end-to-end approach that secures the organization at four vulnerable mobile points: devices, apps, content, and com-munications. Often, IT has little insight into the types of devices on the network, the apps loaded on those devices, the content accessed, or com-munication activity. It’s a mystery that can quickly turn dangerous if left unsolved.

When IT controls the vulnerable points and has insight into the devices, apps, content, and com-munication activity, organizations gain the free-dom to be mobile and still meet their security requirements. Enterprise mobility management casts such a wide, powerful net that enterprises may soon boast mobile security that outperforms their LAN and WAN security.

BESt PRACtICES FoR ENtERPRISE MoBILE SECuRIty

• Plan for end-to-end security rather than point solutions • Defend the enterprise at all entry and exit points: devices, apps, content,

and communications • Provide IT with the control it needs and users with the mobile access

they want • Rely on flexible security solutions that support on-premise, cloud, and

hybrid solutions • Be prepared for mobile initiatives to expand by choosing scalable

solutions that support additional apps, back-end systems, users, and mobile devices


10 / 11


LEARN MoREFor information about enterprise mobility management and security, call your SAP sales representative or visit us on the Web at www.sap.com/mobile/emm.

ENtERPRISE MoBILIty MANAgEMENt SECuRIty FEAtuRES

Devices • Remote wipe • Password enforcement • Over-the-air software distribution • Wi-Fi settings and virtual private network (VPN) settings • Certificate management • Asset management • Auditing and compliance monitoring

Apps • Granular app-level security including per-app VPN • Federal Information Processing Standard, or FIPS, publication

140-2 compliance • Encryption of data at rest and data in motion • Application discovery and private app store • Secure software updates for applications

Content • File access, file sharing, file sync, and time-sensitive file

distribution • Password lock, remote wipe, encryption, data loss prevention,

and certifications • Lightweight directory access protocol (LDAP) and Microsoft

Active Directory integration, group management, and policy enforcement

Communications • Billing cost management • Wi-Fi connectivity management • Mobile VPN security • Systems management • Network access management

© 2013 SAP AG or an SAP affi liate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifi cations may vary.

These materials are provided by SAP AG and its affi liated companies (“SAP Group”) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.

Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.

http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark

protect your enterprise by securing all entry and exit points.pdf

Documents

enterprise mobile security

mobile devices

mobile forefront

mobile access

mobile workforce

enterprisewide security

new mobile apps

modernday enterprise