Securing Your Mobile Backend

Dimitri Sirota CSO, Layer 7 Technologies

Christian Kane Enterprise Mobility, Infrastructure & Operations Analyst, Forrester Research, Inc.

June 20, 2013

Layer 7 Confidential 2 Layer 7 Confidential 2

Questions -Chat any questions you have and we’ll answer them at the end of this webinar

Twitter - Today’s event hashtag: #L7webinar Follow us on Twitter: @layer7 @forrester

Layer 7 Confidential

Webinar Housekeeping

Layer 7 Confidential 3 Layer 7 Confidential 3 © 2009 Forrester Research, Inc. Reproduction Prohibited

Mobile Enablement: Evolve Your Strategy Beyond MDM

Christian Kane, Analyst

Forrester Research

June 20, 2013

Layer 7 Confidential 4 Layer 7 Confidential 4 © 2012 Forrester Research, Inc. Reproduction Prohibited

The line between personal and work computing is breaking down

Layer 7 Confidential 5 Layer 7 Confidential 5 © 2012 Forrester Research, Inc. Reproduction Prohibited

IT is Consumerizing: We’re all highly influenced by the technology we use at home

Base: 3,258 North American and European technology end users

Source: Forrsights Workforce Employee Survey, Q4 2012

6%

15%

39%

40%

Older Boomers and Seniors (57+)

Younger Boomers (47-56)

Gen X (33-46)

Gen Y (18-32)

“Please indicate how much each statement describes your attitudes toward technology and your lifestyle?”

The technology I have at home is better than the technology I have at work

Layer 7 Confidential 6 Layer 7 Confidential 6

Sample Size = 190 enterprise IT decision makers who are planning, piloting, or have implemented a BYOD program] Source: Forrsights Hardware Survey, Q3 2012

Why does your firm support, or is your IT organization planning to support, bring-your-own device program?

3%

16%

18%

37%

41%

42%

51%

65%

Other reason

HR believes it will help attract new hires to our company

Executive direction or requirement

Lower support costs

Improved self-service for end users

It will help us support a mobile workforce

Lower purchase costs for the company

End users prefer it

This is Driving Demand for mobile BYOD programs

Layer 7 Confidential 7 Layer 7 Confidential 7 © 2012 Forrester Research, Inc. Reproduction Prohibited

IT faces conflicting mobility needs from business decision-makers and employees

Task Workers IT Executives Business Decision Makers

• Productive devices

• Efficient employees

• LOB applications

• Cost effective solutions

• Consistent usage

• Standard, corporate approved devices and applications

• Scalable solutions

• Minimize costs • Ensure security

• Multi-user

• Designed for specific task

• Corporate owned

• Advanced support

Layer 7 Confidential 8 Layer 7 Confidential 8

Source: Forrester’s Forrsights networks and telecommunications survey, Q1 2012

Base: 1,535 mobile technologies and services decision-makers at North American and European companies (multiple responses accepted)

Security in BYOD is top mobile challenges

Layer 7 Confidential 10 Layer 7 Confidential 10

8%

8%

10%

15%

15%

19%

27%

30%

33%

37%

37%

A self-service portal where employees can configure and manage their devices

Mobile service telecom expense software

Access to detailed reporting and usage analytics

Deploy and update custom-developed apps

Deploy and manage third-party productivity apps that the company has vetted/bought for employees

Provision data access and apps based on employee role/function

We do not support any apps besides those that are already on the phone

Help desk support for mobile apps

Break/fix/replace hardware service

Manage security on the device

Device configuration management

Today, which of the following capabilities does your firm provide to support smartphones and tablets?

Source: Forrester’s Forrsights networks and telecommunications survey, Q1 2012

Base: 1,535 mobile technologies and services decision-makers at North American and European companies (multiple responses accepted)

Most firms currently address security by implementing basic mobile device and application management features

Layer 7 Confidential 11 Layer 7 Confidential 11

Most firms start with MDM…

January 2012 “Market Overview: On-Premise Mobile Device Management Solutions”

Layer 7 Confidential 12 Layer 7 Confidential 12

…But realize they’re dealing with this

Cloud Devices Apps

Layer 7 Confidential 13 Layer 7 Confidential 13

What are your firm's plans to adopt the following mobile technologies?

17%

22%

28%

23%

53%

35%

33%

18%

Smartphones for employees

Tablets for employees

Mobile applications

Enterprise app store solutions to deploy and manage smartphone and

tablet applications

Planning to implement Implemented or expanding

Source: Forrsights Budgets And Priorities Tracker Survey Q4 2012

Base = 3,753 global IT executives and technology budget decision-makers

Multiple devices means applications become much more important

Layer 7 Confidential 14 Layer 7 Confidential 14

MDM evolves with MAM, data management, security, and support options

- Device support

- Windows Mobile/CE

- Windows / Mac

- App support

- Remote control

- Dual persona

- Expense management

• Application management

› Security

› SDKs/Containers

• Data containers

• Secure file sync & share

Management & Support Apps & Data

Layer 7 Confidential 15 Layer 7 Confidential 15

Source: Forrsights Software Survey, Q4 2012

As your firm considers its mobile strategy and investments, which departments or business groups is it most focused on?

2%

5%

8%

9%

12%

18%

19%

20%

34%

34%

42%

48%

Don't know

Other

Manufacturing (e.g., production planning/execution)

Procurement (e.g., sourcing, supplier selection)

Order fulfillment (e.g., distribution, transportation)

Office of the CEO and other executive management

Corporate services (e.g., finance, human resources)

Research and development (e.g., product portfolio planning …

Marketing (e.g., promotions, campaigns)

Customer service (e.g., returns, complaint management)

Field service (operations and maintenance)

Sales (e.g., customer segmentation, order management)

Base = 704 global software decision-makers

Investing in Customer facing apps that require backend access

Layer 7 Confidential 16 Layer 7 Confidential 16

Base = 1,749 North American and European information workers who use a smartphone for work

Source: Forrsights Workforce Employee Survey, Q2 2012

“What smartphone/tablet applications do you currently use for work?"

15%

18%

19%

20%

21%

25%

25%

28%

32%

36%

39%

40%

58%

73%

85%

Wikis for internal information sharing

Microblogging (e.g. Twitter)

Web meeting or webconferencing

Team document sharing sites (e.g., SharePoint)

Data dashboard or business intelligence application

Expense tracking and/or approval

Travel planning and status

Employee intranet or company portal

Specific line of business applications (e.g. sales)

Social networks (e.g. LinkedIn, Facebook)

Note taking application

Instant messaging/chat (not SMS/texting)

SMS (texting)

Calendar

Email

Investing in business and collaboration apps that need backend access

Layer 7 Confidential 18 Layer 7 Confidential 18

Backend data and application access means enterprises need a strategy beyond basic MDM / MAM support

18

• BYOD strategy

• Mobile device and security management options

• File sync/share

• Securing, provisioning, and managing mobile apps

• Protecting data

• Ensuring secure mobile application development

Layer 7 Confidential 19 Layer 7 Confidential 19

The Path To Enablement Requires Backend Data & Application Access

MDM • Devices:

Smartphones • Access: Email,

contacts, calendar

Device Independence • Devices: Tablets • Access: Some

business apps, file sync & share, corporate systems.

Backend Data Access • Devices: Mobile

+ PC • Access: Any

app, any data.

Layer 7 Confidential 20 Layer 7 Confidential 20 © 2009 Forrester Research, Inc. Reproduction Prohibited

Thank you!

Christian Kane +1 617.613.6467 ckane@forrester.com @ChristianKane

www.forrester.com

Layer 7 Confidential 21 Layer 7 Confidential 21

Mobile Apps Need Enterprise Data

Layer 7 Confidential 22 Layer 7 Confidential 22

Can Your Backend Applications Trust Your Apps

DMZ

DATA

Layer 7 Confidential 23 Layer 7 Confidential 23

MDM / MAM Protect the App But Who Protects Your Applications?

DMZ

DATA

Layer 7 Confidential 24 Layer 7 Confidential 24

Security Needs to Span Device to Datacenter

Layer 7 Confidential 25 Layer 7 Confidential 25

Creates Need for Mobile Gatekeeper to Backend Data & Applications

Layer 7 Confidential 26 Layer 7 Confidential 26

Mobile Access API Gateway Provides Apps Secure Data Access & Bridge to Enterprise Services

Render backend applications and data-sources (SQL) as RESTful APIs. Translate XML to JSON & SOAP to REST. Compose new API from multiple backend services.

API Adaptation

Protect enterprise application and data against attack or misuse. Secure REST and SOAP APIs. Validate XML and JSON Data. Secure streamed Sockets data.

Mobile Application Firewalling

Translate token types. Map SAML and Web SSO to OAuth. Implement OpenID Connect. Broker SSO with Cloud Services. Integrate with outside Geo-location Services for richer access policies. Enable X-device sessions.

Identity Mapping & SSO

Improve mobile performance through compression, integration with CDN, XML to JSON conversion, pre-fetch on hypermedia APIs, Backend response aggregation, caching on request and response.

Optimization

Broker interactions with external SaaS providers like Salesforce. Mediate social interactions. Push notification services. Connectivity with carrier network APIs.

Cloud Orchestration

Layer 7 Confidential 27 Layer 7 Confidential 27

Layer 7 Mobile Access Gateway Addresses Critical Mobile Security, Management & Adaptation Needs

Identity

Security Adaptation

Optimization

Cloud Orchestration

Layer 7 Confidential 28 Layer 7 Confidential 28

Map Web SSO & SAML to mobile-friendly OAuth, OpenID Connect and JSON Web Tokens

Create granular access policies at user, app and device levels

Build composite access policies combining geolocation, message content and other network attributes

Simplify PKI-based certificate delivery and provisioning

Identity: Extending Enterprise Identity to Mobile

+

Layer 7 Confidential 29 Layer 7 Confidential 29

Protect REST and SOAP APIs against DoS and API attacks

Proxy API streaming protocols like HTML5 Websocket and XMPP messaging

Enforce FIPS 140-2 grade data privacy and integrity

Validate data exchanges, including all JSON, XML, header and parameter content

Security: Mobile Application Firewalling

Layer 7 Confidential 30 Layer 7 Confidential 30

Surface any legacy application or database as RESTful APIs

Quickly map between data formats such as XML and JSON

Recompose & virtualize APIs to specific mobile identities, apps and devices

Orchestrate API mashups with configurable workflow

Adaptation: Translate & Orchestrate Data & APIs

Layer 7 Confidential 31 Layer 7 Confidential 31

Cache calls to backend applications

Recompose small backend calls into efficiently aggregated mobile requests

Compress traffic to minimize bandwidth costs and improve user experience

Pre-fetch content for hypermedia-based API calls

Optimization: Handle Scale

Layer 7 Confidential 32 Layer 7 Confidential 32

Proxy and manage app interactions with social networks

Broker call-outs to cloud services like Salesforce.com

Bridge connectivity to iPhone and Android notification services

Integrate with legacy applications using ESB capabilities

Integration: Centralize Cloud Connectivity

Layer 7 Confidential 33 Layer 7 Confidential 33

Questions?

Dimitri Sirota CSO, Layer 7 Technologies dsirota@layer7.com

Christian Kane Enterprise Mobility, Infrastructure & Operations Analyst, Forrester Research, Inc. ckane@forrester.com

Layer 7 Confidential 34 Layer 7 Confidential 34

Upcoming Events

Layer 7 Tech Talk June 26th – 9am PDT APIs: Fueling Mobile, Social, IoT & Big Data http://layer7.com/live