secure mobile applications for the enterprise
DESCRIPTION
As mobile becomes a primary computing platform for the enterprise, every business function will mobilize core operations through apps. Enterprise IT must protect the corporate data in the apps while preserving the end user experience. MaaS360 Application Security helps mobile application developers embed enterprise-grade security in their applications. IT administrators can then containerize these apps and control the corporate data in the apps via policies. Listen to Anar Taori discuss: Managing the full app lifecycle Deploying mobile apps in your organization Real life use case: MaaS360 Worklight IntegrationTRANSCRIPT
Securing Mobile Apps for the Enterprise
Anar Taori | Chris Mitchell
Introductions
Anar Taori Senior Director of Product Management
IBM MaaS360
2
Chris Mitchell MobileFirst Platform Architect
IBM Software Group
#SecureApps
Agenda
1. Mobile Security Trends 2. Application Security 3. Case Study:
MaaS360 Worklight Integration 4. Q&A
3 #SecureApps
Mobility Challenges Continue to Accelerate
60% of employees use personal devices
for work
iOS dominates in the enterprise, but Android
is catching up
By 2017, Half of employers will require BYOD
90% of organizations will support corporate mobile applications on personal devices
Poll question
What is your biggest mobility pain point? a) Mobile device security b) Data leakage prevention c) User behavior d) Hackers e) Vulnerability management
5 #EMMChecklist #SecureApps
Mobile Security Pain Overwhelms the Enterprise
6
MaaS360 Delivers an Integrated Approach
7 One Platform for All Your Mobile Assets
Secure Content Collaboration
Secure Mobile Containers
Comprehensive Mobile Management
Seamless Enterprise Access
Enterprises Need Ability to Secure Work Apps
8
Secure Container for Mobile Collaboration
• MaaS360 Application Security – Framework that secures enterprise
apps, data at an app layer – Independent of device level MDM
• Key Features – Authentication and SSO – Data Leak Prevention
• Restrict Copy/Paste • Restrict File Export
– File & DB Encryption – Selective wipe or block on non-
compliance – Per-app VPN – Remote App Configuration – SPS Integration
#SecureApps
Types of Mobile Apps in the Enterprise
• Types of mobile apps based on code they are written in:
9
Hybrid Nativ Native Web
• Types of mobile apps based on ownership: – Enterprise apps: Apps built in-house by company – Private apps: Apps built by 3rd party, not distributed through public app stores – Public apps: App built by 3rd party, distributed through Google Play, Apple App Store
e.g. Evernote, DropBox #SecureApps
Poll question
What types of enterprise apps are you developing? Select all that apply. a) Native b) Web c) Hybrid d) Other e) None
10 #EMMChecklist #SecureApps
MaaS360 Application Security enhances end-user productivity while protecting corporate information
App Security delivered in two ways: 1. App Wrapping
• Zero-code change, post-compile process
• Automated via MaaS360 portal 2. Software Development Kit (SDK)
• Involves code changes to the app, but offers more granular controls
• To be implemented by app owner Secures native and hybrid mobile apps Native: iOS, Android Hybrid: Cordova-based
11
MaaS360 App Containers
App Wrapping
SDK
Enterprise App ✔ ✔
Private App ✔ ✔
Public App x ✔
iOS ✔ ✔
Android ✔ ✔
Hybrid (Cordova-based)
✔ ✔
12 #SecureApps
Case Study: MaaS360+Worklight Integration
13 #SecureApps
App Development Lifecycle
14 Scan & Certify
Instrument
Test
Integrate Obtain Insight
Manage
Deploy
Design & Develop
#SecureApps
15
Operations
Back-end
Mobile apps go deeper than front-end UI
Front-end
30% of the value and effort is visible (mobile UI)
70% of the value and effort lies under the surface
Short time to market
Web? Hybrid? Native?
Teamwork
Industrialize dev
Integrate with SDLC
T k bl th t
Manage and enforce app
versions
User engagement Connect to back-end
Efficient and flexible push notifications
Value of IBM Worklight
What is IBM Worklight Foundation?
16
IBM Worklight goes beyond mobile app UI creation to deliver mobile optimized, standards-based,
middleware and tools for enterprise-grade mobile applications and services creation
Accelerate Web, Native, and Hybrid Development • Rich infrastructure, enabling developer focus on business logic • Preview, simulation, and testing tools for shortening
development lifecycle • Mechanisms to industrialize app development • Team work facilitation and development lifecycle tools
Facilitate App Security and Trust • Server-enforced authentication • App authenticity and user-app-device binding • Secure and syncable on-device storage • App version enforcement
Engage Users with the Enterprise • Mobile-friendly enterprise integration • Codeless integration • Unified push and SMS notifications • Geo-location and context collections and intelligence
Support Mobile Operations • Operational analytics with efficient data acquisition • Offline and online event management integration • Remote user and app control without MDM
"Best Mobile Development Solution" as voted by SIIA members for 2013 CODiE Awards
Speeding the development, integration and management of mobile applications and infrastructure
“Best Enterprise Mobility Application Development Platform" by Compass Intelligence for 2014 Mobility Awards
IBM Worklight Security Complements MaaS360
17
Protect data on the device
Streamline corporate security approval
processes
Proactively enforce security updates
Provide robust
authentication and
authorization to secure
users
Protect From Known
Application Security Threats
Application Security Objectives
Worklight Security Adds • Develop secure mobile apps using
corporate best practices • Encrypted local storage for data • Offline user access • Challenge response on startup • App authenticity validation • Enforcement of organizational
security policies • Support for 3rd party SSO
– (e.g. Siteminder)
Develop-Deploy-Manage with MaaS360+Worklight
18
With MaaS360 + Worklight Integration • Develop Hybrid, Native, Web apps using Worklight • Instrument apps for management during
development using MaaS360 SDK – SDK provides Cordova Plugin for ease and simplicity of
instrumenting Hybrid and Web apps – SDK provides containerization for apps – Supported and tested configuration that works
• Deploy apps using MaaS360 Enterprise App Catalog • Manage and protect apps, data using MaaS360
Develop
Deploy Manage
#SecureApps
19 #SecureApps
MaaS360 Market
http://www.maas360.com/partner-program/maas360-market
Poll question
Would you like more information? a) Yes, please have IBM Worklight Foundation reach out b) Yes, please have IBM MaaS360 reach out c) Yes, please have both IBM Worklight and MaaS360 reach
out d) No, not at this time
21 #EMMChecklist #SecureApps
#SecureApps
Thank You for Joining!
Try IBM MaaS360 today! Sign up for a 30-day free trial at MaaS360.com
Get started with IBM Worklight Foundation today! http://bit.ly/TryWorklight
Join the IBM MaaS360 WorkPlace Partner Program and expand reach to enterprise customers: http://bit.ly/WorkPlacePP