securing your mobile backend featuring forrester research inc - combine api backend security with...
TRANSCRIPT
Securing Your Mobile Backend
Dimitri Sirota CSO, Layer 7 Technologies
Christian Kane Enterprise Mobility, Infrastructure & Operations Analyst, Forrester Research, Inc.
June 20, 2013
Layer 7 Confidential 2 Layer 7 Confidential 2
Questions -Chat any questions you have and we’ll answer them at the end of this webinar
Twitter - Today’s event hashtag: #L7webinar Follow us on Twitter: @layer7 @forrester
Layer 7 Confidential
Webinar Housekeeping
Layer 7 Confidential 3 Layer 7 Confidential 3 © 2009 Forrester Research, Inc. Reproduction Prohibited
Mobile Enablement: Evolve Your Strategy Beyond MDM
Christian Kane, Analyst
Forrester Research
June 20, 2013
Layer 7 Confidential 4 Layer 7 Confidential 4 © 2012 Forrester Research, Inc. Reproduction Prohibited
The line between personal and work computing is breaking down
Layer 7 Confidential 5 Layer 7 Confidential 5 © 2012 Forrester Research, Inc. Reproduction Prohibited
IT is Consumerizing: We’re all highly influenced by the technology we use at home
Base: 3,258 North American and European technology end users
Source: Forrsights Workforce Employee Survey, Q4 2012
6%
15%
39%
40%
Older Boomers and Seniors (57+)
Younger Boomers (47-56)
Gen X (33-46)
Gen Y (18-32)
“Please indicate how much each statement describes your attitudes toward technology and your lifestyle?”
The technology I have at home is better than the technology I have at work
Layer 7 Confidential 6 Layer 7 Confidential 6
Sample Size = 190 enterprise IT decision makers who are planning, piloting, or have implemented a BYOD program] Source: Forrsights Hardware Survey, Q3 2012
Why does your firm support, or is your IT organization planning to support, bring-your-own device program?
3%
16%
18%
37%
41%
42%
51%
65%
Other reason
HR believes it will help attract new hires to our company
Executive direction or requirement
Lower support costs
Improved self-service for end users
It will help us support a mobile workforce
Lower purchase costs for the company
End users prefer it
This is Driving Demand for mobile BYOD programs
Layer 7 Confidential 7 Layer 7 Confidential 7 © 2012 Forrester Research, Inc. Reproduction Prohibited
IT faces conflicting mobility needs from business decision-makers and employees
Task Workers IT Executives Business Decision Makers
• Productive devices
• Efficient employees
• LOB applications
• Cost effective solutions
• Consistent usage
• Standard, corporate approved devices and applications
• Scalable solutions
• Minimize costs • Ensure security
• Multi-user
• Designed for specific task
• Corporate owned
• Advanced support
Layer 7 Confidential 8 Layer 7 Confidential 8
Source: Forrester’s Forrsights networks and telecommunications survey, Q1 2012
Base: 1,535 mobile technologies and services decision-makers at North American and European companies (multiple responses accepted)
Security in BYOD is top mobile challenges
Layer 7 Confidential 10 Layer 7 Confidential 10
8%
8%
10%
15%
15%
19%
27%
30%
33%
37%
37%
A self-service portal where employees can configure and manage their devices
Mobile service telecom expense software
Access to detailed reporting and usage analytics
Deploy and update custom-developed apps
Deploy and manage third-party productivity apps that the company has vetted/bought for employees
Provision data access and apps based on employee role/function
We do not support any apps besides those that are already on the phone
Help desk support for mobile apps
Break/fix/replace hardware service
Manage security on the device
Device configuration management
Today, which of the following capabilities does your firm provide to support smartphones and tablets?
Source: Forrester’s Forrsights networks and telecommunications survey, Q1 2012
Base: 1,535 mobile technologies and services decision-makers at North American and European companies (multiple responses accepted)
Most firms currently address security by implementing basic mobile device and application management features
Layer 7 Confidential 11 Layer 7 Confidential 11
Most firms start with MDM…
January 2012 “Market Overview: On-Premise Mobile Device Management Solutions”
Layer 7 Confidential 12 Layer 7 Confidential 12
…But realize they’re dealing with this
Cloud Devices Apps
Layer 7 Confidential 13 Layer 7 Confidential 13
What are your firm's plans to adopt the following mobile technologies?
17%
22%
28%
23%
53%
35%
33%
18%
Smartphones for employees
Tablets for employees
Mobile applications
Enterprise app store solutions to deploy and manage smartphone and
tablet applications
Planning to implement Implemented or expanding
Source: Forrsights Budgets And Priorities Tracker Survey Q4 2012
Base = 3,753 global IT executives and technology budget decision-makers
Multiple devices means applications become much more important
Layer 7 Confidential 14 Layer 7 Confidential 14
MDM evolves with MAM, data management, security, and support options
- Device support
- Windows Mobile/CE
- Windows / Mac
- App support
- Remote control
- Dual persona
- Expense management
• Application management
› Security
› SDKs/Containers
• Data containers
• Secure file sync & share
Management & Support Apps & Data
Layer 7 Confidential 15 Layer 7 Confidential 15
Source: Forrsights Software Survey, Q4 2012
As your firm considers its mobile strategy and investments, which departments or business groups is it most focused on?
2%
5%
8%
9%
12%
18%
19%
20%
34%
34%
42%
48%
Don't know
Other
Manufacturing (e.g., production planning/execution)
Procurement (e.g., sourcing, supplier selection)
Order fulfillment (e.g., distribution, transportation)
Office of the CEO and other executive management
Corporate services (e.g., finance, human resources)
Research and development (e.g., product portfolio planning …
Marketing (e.g., promotions, campaigns)
Customer service (e.g., returns, complaint management)
Field service (operations and maintenance)
Sales (e.g., customer segmentation, order management)
Base = 704 global software decision-makers
Investing in Customer facing apps that require backend access
Layer 7 Confidential 16 Layer 7 Confidential 16
Base = 1,749 North American and European information workers who use a smartphone for work
Source: Forrsights Workforce Employee Survey, Q2 2012
“What smartphone/tablet applications do you currently use for work?"
15%
18%
19%
20%
21%
25%
25%
28%
32%
36%
39%
40%
58%
73%
85%
Wikis for internal information sharing
Microblogging (e.g. Twitter)
Web meeting or webconferencing
Team document sharing sites (e.g., SharePoint)
Data dashboard or business intelligence application
Expense tracking and/or approval
Travel planning and status
Employee intranet or company portal
Specific line of business applications (e.g. sales)
Social networks (e.g. LinkedIn, Facebook)
Note taking application
Instant messaging/chat (not SMS/texting)
SMS (texting)
Calendar
Investing in business and collaboration apps that need backend access
Layer 7 Confidential 18 Layer 7 Confidential 18
Backend data and application access means enterprises need a strategy beyond basic MDM / MAM support
18
• BYOD strategy
• Mobile device and security management options
• File sync/share
• Securing, provisioning, and managing mobile apps
• Protecting data
• Ensuring secure mobile application development
Layer 7 Confidential 19 Layer 7 Confidential 19
The Path To Enablement Requires Backend Data & Application Access
MDM • Devices:
Smartphones • Access: Email,
contacts, calendar
Device Independence • Devices: Tablets • Access: Some
business apps, file sync & share, corporate systems.
Backend Data Access • Devices: Mobile
+ PC • Access: Any
app, any data.
Layer 7 Confidential 20 Layer 7 Confidential 20 © 2009 Forrester Research, Inc. Reproduction Prohibited
Thank you!
Christian Kane +1 617.613.6467 [email protected] @ChristianKane
www.forrester.com
Layer 7 Confidential 21 Layer 7 Confidential 21
Mobile Apps Need Enterprise Data
Layer 7 Confidential 22 Layer 7 Confidential 22
Can Your Backend Applications Trust Your Apps
DMZ
DATA
Layer 7 Confidential 23 Layer 7 Confidential 23
MDM / MAM Protect the App But Who Protects Your Applications?
DMZ
DATA
Layer 7 Confidential 24 Layer 7 Confidential 24
Security Needs to Span Device to Datacenter
Layer 7 Confidential 25 Layer 7 Confidential 25
Creates Need for Mobile Gatekeeper to Backend Data & Applications
Layer 7 Confidential 26 Layer 7 Confidential 26
Mobile Access API Gateway Provides Apps Secure Data Access & Bridge to Enterprise Services
Render backend applications and data-sources (SQL) as RESTful APIs. Translate XML to JSON & SOAP to REST. Compose new API from multiple backend services.
API Adaptation
Protect enterprise application and data against attack or misuse. Secure REST and SOAP APIs. Validate XML and JSON Data. Secure streamed Sockets data.
Mobile Application Firewalling
Translate token types. Map SAML and Web SSO to OAuth. Implement OpenID Connect. Broker SSO with Cloud Services. Integrate with outside Geo-location Services for richer access policies. Enable X-device sessions.
Identity Mapping & SSO
Improve mobile performance through compression, integration with CDN, XML to JSON conversion, pre-fetch on hypermedia APIs, Backend response aggregation, caching on request and response.
Optimization
Broker interactions with external SaaS providers like Salesforce. Mediate social interactions. Push notification services. Connectivity with carrier network APIs.
Cloud Orchestration
Layer 7 Confidential 27 Layer 7 Confidential 27
Layer 7 Mobile Access Gateway Addresses Critical Mobile Security, Management & Adaptation Needs
Identity
Security Adaptation
Optimization
Cloud Orchestration
Layer 7 Confidential 28 Layer 7 Confidential 28
Map Web SSO & SAML to mobile-friendly OAuth, OpenID Connect and JSON Web Tokens
Create granular access policies at user, app and device levels
Build composite access policies combining geolocation, message content and other network attributes
Simplify PKI-based certificate delivery and provisioning
Identity: Extending Enterprise Identity to Mobile
+
Layer 7 Confidential 29 Layer 7 Confidential 29
Protect REST and SOAP APIs against DoS and API attacks
Proxy API streaming protocols like HTML5 Websocket and XMPP messaging
Enforce FIPS 140-2 grade data privacy and integrity
Validate data exchanges, including all JSON, XML, header and parameter content
Security: Mobile Application Firewalling
Layer 7 Confidential 30 Layer 7 Confidential 30
Surface any legacy application or database as RESTful APIs
Quickly map between data formats such as XML and JSON
Recompose & virtualize APIs to specific mobile identities, apps and devices
Orchestrate API mashups with configurable workflow
Adaptation: Translate & Orchestrate Data & APIs
Layer 7 Confidential 31 Layer 7 Confidential 31
Cache calls to backend applications
Recompose small backend calls into efficiently aggregated mobile requests
Compress traffic to minimize bandwidth costs and improve user experience
Pre-fetch content for hypermedia-based API calls
Optimization: Handle Scale
Layer 7 Confidential 32 Layer 7 Confidential 32
Proxy and manage app interactions with social networks
Broker call-outs to cloud services like Salesforce.com
Bridge connectivity to iPhone and Android notification services
Integrate with legacy applications using ESB capabilities
Integration: Centralize Cloud Connectivity
Layer 7 Confidential 33 Layer 7 Confidential 33
Questions?
Dimitri Sirota CSO, Layer 7 Technologies [email protected]
Christian Kane Enterprise Mobility, Infrastructure & Operations Analyst, Forrester Research, Inc. [email protected]
Layer 7 Confidential 34 Layer 7 Confidential 34
Upcoming Events
Layer 7 Tech Talk June 26th – 9am PDT APIs: Fueling Mobile, Social, IoT & Big Data http://layer7.com/live