Mobile Application Management



Similar documents
Kony Mobile Application Management (MAM)

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

What We Do: Simplify Enterprise Mobility

Ensuring the security of your mobile business intelligence

How To Protect Your Mobile Devices From Security Threats

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

How To Manage A Mobile Device Management (Mdm) Solution

Feature List for Kaspersky Security for Mobile

IBM Endpoint Manager for Mobile Devices

Cisco Mobile Collaboration Management Service

Mobile Application Development Meets the Mainstream

Secure, Centralized, Simple

IBM United States Software Announcement , dated February 3, 2015

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Systems Manager Cloud Based Mobile Device Management

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

Advanced Configuration Steps

Systems Manager Cloud-Based Enterprise Mobility Management

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Statement of Direction

Symantec Mobile Management Suite

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

Athena Mobile Device Management from Symantec

Symantec Mobile Management 7.1

Deploying iphone and ipad Security Overview

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Hands on, field experiences with BYOD. BYOD Seminar

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Guideline on Safe BYOD Management

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

If you can't beat them - secure them

Symantec Mobile Management for Configuration Manager 7.2

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh

Codeproof Mobile Security & SaaS MDM Platform

KonyOne Server Prerequisites _ MS SQL Server

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

perspective The battle between MDM and MAM: Where MAM fills the gap? Abstract - Payal Patel, Jagdish Vasishtha (Jags)

User Manual for Version Mobile Device Management (MDM) User Manual

IT Resource Management vs. User Empowerment

Windows Phone 8.1 in the Enterprise

Sophos Mobile Control Technical guide

Enterprise Mobile App Management Essentials. Presented by Ryan Hope and John Nielsen

IBM MobileFirst Managed Mobility

McAfee Enterprise Mobility Management

Mobile First Government

Symantec Mobile Management 7.1

Corporate-level device management for BlackBerry, ios and Android

AirWatch Solution Overview

IT Resource Management & Mobile Data Protection vs. User Empowerment

Simplifying and Empowering the Implementation of Enterprise Mobile Strategy

MAM - Mobile Application Management

CHOOSING AN MDM PLATFORM

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

ForeScout MDM Enterprise

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

When enterprise mobility strategies are discussed, security is usually one of the first topics

PEGA MOBILITY A PEGA PLATFORM WHITEPAPER

Symantec Mobile Management 7.2

Choosing an MDM Platform

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

Healthcare Buyers Guide: Mobile Device Management

BENEFITS OF MOBILE DEVICE MANAGEMENT

STRONGER AUTHENTICATION for CA SiteMinder

Managing and Securing the Mobile Device Invasion IBM Corporation

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

How To Write A Mobile Device Policy

Securing mobile devices in the business environment

The ForeScout Difference

E-commerce: Competing the Advantages of a Mobile Enterprise

Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Good for Enterprise Good Dynamics

Corporate Mobile Policy Template

Enterprise Mobility Management

Oracle Mobile Security

GO!es MOBILE. YOUR Enterprise. The Challenge. The Solution. Mobilise Your Services Reach Anybody, Anywhere, Anytime

Cloud Services MDM. ios User Guide

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

ipad in Business Security

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Google Identity Services for work

Database FAQs - SQL Server

Enterpise Mobility Lexicon & Terminology

The Future of Mobile Device Management

Transcription:

Kony Write Once, Run Everywhere Mobile Technology WHITE PAPER July 2012 Meeting the BYOD challenge with next-generation application and device management

Overview... 3 The Challenge... 4 MAM Functions... 5 MAM Principles... 6 MAM Users... 7 MAM Workflow... 8 Policy Management... 9 Enterprise App Store... 11 Application and Data Security... 12 Analytics & Reporting... 14 Summary... 15 2

Overview Chief Information Officers (CIOs) across a variety of industries are today recognizing and grappling with a new and difficult challenge to their ability to secure mission-critical corporate data and applications. This challenge, variously dubbed the Consumerization of IT or the Bring Your Own Device (BYOD) trend, refers to end users increasing demands to access corporate resources from their personal smartphones, tablets, and laptops. As the lines between work and leisure continue to blur, professionals of all types want to be able to review reports, enter data into applications, and access corporate directories from the same devices on which they capture video of their kids sports performances. To meet this demand, IT teams must be able to provision, update, manage, analyze, and report on corporate applications, without impinging on users privacy rights or damaging end users personal property. A well-designed (MAM) solution enables IT teams to achieve fine-grained control over applications across a range of devices, over every type of network and deployment mode. 3

The Challenge Traditionally, application management has been part and parcel of IT s core function, whether across mainframe, minicomputer, client/server, or Webbased application systems. Provisioning, updating, patching, inventorying, monitoring, and retiring applications is most often the province of a centralized IT administrator or admin team, utilizing a variety of application management and security tools, both third-party and custom-developed. With the advent of mobile devices and software, most IT shops have adopted mobile device management (MDM) tools to control and manage company-issued laptops, tablets, and smartphones, ranging from Blackberrys and Windows Mobile phones for knowledge workers to ruggedized phones and tablets for field workers. As their name suggests, MDM tools enable administrators to control these devices at the hardware layer providing such functions as remote lockdown/wipe clean for lost or stolen devices, as well as restriction or suspension of device functions such as camera or barcode scanning. For company issued mobile devices, the type of command-and-control management provided by MDM has been sufficient, if sometimes overbearing. However, as IT shops now grapple with Bring Your Own Device (BYOD) strategies, they are increasingly seeking a more finely tuned, nuanced approach that mirrors traditional desktop application management: the new technology that meets this need is Mobile Application Management (MAM) software. In many ways, MAM solutions bring together the best of both worlds: the sophisticated and layered approach of desktop application management & security systems with the reach and remote, over-the-air capabilities of MDM systems. Mobile Application Management (MAM) Mobile Application Management refers to the ability to manage applications on mobile devices, remotely and from a centralized console. Applications are provisioned to a secure container on device, from which policies and data storage can be established and controlled. Security procedures such as Single Sign On and LDAP authentication are handled within a consistent MAM framework. Mobile Device Management (MDM) Mobile Device Management refers to software that enables IT to control device functions such as camera, GPS, on-device data stores, and more on remote mobile devices including smartphones and tablet computers. 4

MAM Functions MAM solutions help addresses the following key points: Policy enforcement Using a centralized administration console, security administrators can extend and enable policies on mobile applications. Mobile application delivery Using an embedded Enterprise App Store and management console, administrators provision apps to remote devices and make them available within an on-device secure container. Mobile application security Administrators use the centralized console to set policies around application access and usage by roles and other parameters. Mobile application updating Updates can be managed from the centralized consoles, and new application versions can be provisioned over the air or through scheduled synchronizations. User authentication As with desktop application management systems, MAM solutions utilize LDAP and other standardized authentication mechanisms to ensure user authentication User authorization Users can be authorized for application access and usage based on roles and other parameters such as location Version checking Administrators can remotely monitor application versions and usage from the centralized console Push services Managers can push updates and notifications to all remote/mobile users or to subsets as events dictate Reporting and tracking The MAM solution enables complete reporting and analytics on usage, application issues, user activation, downloads, updates, etc. A well-designed MAM solution should be able to manage applications built for the following environments: Native ios (Apple) Android apps Windows Mobile Blackberry HTML5 apps Corporate developed apps (using Apple XCode, Microsoft Visual Studio, etc.) Third party-developed apps MAM solutions enable administrators to add code to mobile apps that utilize specific MAM policy APIs. The APIs let the app communicate with the MAM server to enforce policies for that app and/or user, such as restricting usage to geo locations or copy/paste into/out the app or deleting on device data if the user s permissions are revoked. The MAM solution allows administrators to monitor activities such as app access/usage so that they can then check the current device and application state against the policies. Via the embedded libraries, the app communicates its status and activity back to the server not entire device status, which may allay concerns from employees, contractors, and business partners over how invasive the device management approach may be. Importantly, management is embedded in the app, so administrators do not have to manage the device itself. Thus, IT teams should be able to extend legitimate application management to a greater number of users than the universe of devices you actually manage. 5

MAM Principles Well-designed solutions follow a set of guidelines or principles to ensure they meet the needs of corporate IT teams grappling with BYOD challenges. These principles include: Management primarily at the application, not hardware or firmware layer By focusing on provisioning corporate apps within a secure container on device and by abstracting the application and data away from the specifications of the device and OS, MAM solutions ensure that corporate assets can be securely controlled, without impacting users personal device functions or assets including ring tones, games, photos, videos, and personal apps. Management based on policies, rules and roles with the ability to set and enforce policies and assign roles and privileges to users and user groups, MAM software enables finely grained control of applications even on remote devices. Management as collaboration With the use of an enterprise app store, IT administrators can dispense with the command and control approaches of the past and enable users to see and select recommended apps from within an app store view, much as they select and download apps, games, music, videos, and ringtones from the Apple App Store or Google s Android Marketplace. This ability to offer users corporate apps within pre-defined policies meets the needs of BYOD environments while still ensuring corporate data integrity. Configure once, run everywhere. Because a well-designed MAM solution can incorporate management of mobile applications, data, and native device functions (such as GPS and camera), as well as management of embedded HTML and desktop web applications, IT teams can leverage the solution to configure all of their policies and rules, then manage the full range of applications mobile and desktop from a single source. ACL ACL is Access Control List which provides the privilege to an assigned user to perform various tasks such as deleting an application, editing an application, and publishing an application. Geofencing Geofencing refers to the ability to restrict or suspend mobile device and/or mobile application functions based on the location of the device. A classic example is the ability to turn off a device s camera function when the mobile worker is in a restricted or sensitive building or campus area. Visibility everywhere. With the basic foundation of application management within a secure container, MAM solutions can deliver complete visibility into application activity, down to the feature layer. App management policies and rules can also be created and established in the application design and build stage, using MAM development tool extensions. 6

MAM Users As with desktop application management systems, Mobile Application Management software functions are typically driven by IT or security administration teams, who can leverage MAM technologies to extend corporate data management and security procedures to end users personal mobile devices, without the need to control hardware or firmware layers. IT Administrators Deploy apps through a corporate-branded enterprise app store LDAP Lightweight Directory Access Protocol is an authentication server which verifies user name and password. Security and Compliance Officers Extend current security policies and procedure from the back office to the new mobile front office Enforce policies such as user authentication, encryption, offline access, document sharing restrictions without requiring changes to the apps Support BYOD apps on both personal and corporate-owned devices without compromising corporate policies or risking sensitive data loss Software Developers Corporate developers: Write apps with included policies and rules within interactive development environment (IDE) or scripting tools. Easily distribute apps for testing via the enterprise app stores or a custom app store ISV s: Enable apps to go mobile with policy management integrated into the offering 7

MAM Workflow follows a clear workflow beginning with IT management and incorporating IT administrators, application designers, and end users. The IT administrator manages the apps, users and devices from a web-based management console. A developer submits apps for distribution (or IT installs acquired apps) and the IT administrator then chooses which of the corporate policies to apply to the app before distribution. There may be a range of different policies depending on the sensitivity of the app or the data that it accesses. The policies are then applied with no changes required to the app. The IT administrator can then identify the category that the app should reside in and which users or groups of users will have access to it. When a new user is enrolled, the user receives an email with a link to download the secure application container client onto their device. The device can either be corporate-owned or employee-owned. The app installs just like any other mobile app. The user then logs into the Enterprise App Store and can see all of the applications that they are entitled to download and install. If the user already has an app container client, he or she will receive a push notification that there is an app available for them (or an update to an existing app). The user runs the app like any other on their device the fact that the corporate apps are policy-managed is transparent. Following is an example policy establishment and management workflow: Role Action Outcome IT Management IT Administrator IT Admin / User Define IT Management defines policy guidelines. Create & Assign Administrators create and assign a set of Policies, Groups, Roles, and ACLs to the users as per the enterprise guidelines. They can do this manually or import through the ADS. Submit / Deploy Administrators or users submit and deploy applications. Administrators or users publish applications. Once published, it is available for targeted groups with appropriate privileges. Guidelines Policies Applications 8

Policy Management Policies are a set of rules which govern the device operations while the device is accessing enterprise resources. Policies can be created based on various constraints such as Current Security Rules, Network Permissions, Device Storage Permissions, Clipboard Permissions, Application Feature Permissions, and Phone Features. Policy management enables administrators to create, edit, publish, unpublish, delete, and change the state of the policy. Administrators create policies in a centralized web management console, then adjust and apply them to applications in the enterprise app store. To extend policies developed in other environments, administrators would follow these steps: The administrator first understands the signature of the API definition on a per platform basis. The administrator writes a custom policy for native API s and packages it as a library which then will co-exist with an existing MAM policy library. The administrator then registers the custom policy for a native API in the MA policy XML file. The infrastructure then invokes the new policy and as part of the build process, the admin console is regenerated. The administrator then carries out all the testing (including regression) necessary. The following is an example of customizing/extending a policy in the Kony Mobile App Manager solution: Identify the native API (e.g. the camera open () API) Extend the KonyPolicyWrapper class where policies are passed (i.e. allow or deny camera) is passed (for example: XYZPolicyWrapper) Write a method in XYZPolicyWrapper to implement the policy Map the native camera API with XYZPolicyWrapper in the XML file and the MAM infrastructure takes care of the rest. The Kony policy framework will invoke custom or Kony policy for a native API as defined in the MAM policy xml file. Example Policies Offline access On Device Data protection Restrict /Secure Data communication b/w device and server Authentication Camera, SMS, Phone, GPS, Email, and other API Document Sharing Restrict Cut, Copy and Paste from App to other App App - Idle time out and Expiration Time Allow App usage for pre- determined time [business hours only] Deny access to app while driving [GPS & cell triangulation data] 9

Fig 2: Example MAM management console screen 10

Enterprise App Store As mentioned previously, for IT teams to enable Bring Your Own Device strategies, a collaborative approach with users is called for. With an Enterprise App Store, employees are able to browse, discover, access, download and install approved apps quickly and conveniently, just as they can in Apple's App Store or Google's Android Market. To enable this, the well-designed MAM solution includes a customizable enterprise app store that is tightly integrated with the MAM console to ensure application distribution, security and policy administration. From a design standpoint, the ideal solution delivers this as an end-to-end, integrated approach to ensure any administration changes are immediately enabled and the employee experiences the appropriate storefront content and policies without errors or delays. Fig 3: Apps are submitted to the Enterprise App Store through the Management Console 11

Application and Data Security solutions handle application and data security primarily through the use of a secure app container, which gets delivered to the mobile device as its own meta application. The primary benefit of the secure container is total security of all its applications and data on the device. Initial provisioning of the container itself can be controlled through the use of trusted whitelists, profiles and passwords. All configurations, application definitions and data are encrypted. Even if the device is hijacked, jail broken or the container is copied, the contents are protected. All data transmissions over the network are encrypted. In addition, the container can be locked to a specific device, meaning that it will not start if copied to another device. Push Notifications Push Notifications is a generic service which allows you to send notifications to the registered devices on an event occurrence to multiple platform devices. If needed, the container can also be blacklisted, i.e., all applications and data will be automatically removed if an attempt is made to connect to the host. The container may be configured to automatically shut down if idle for a period of time or if the device goes into sleep mode. HTML can be securely executed inside of the container without the risks associated with a browser. All provisioning and access requests are audited. Secure App Container Following are some of the key features of a secure app container: Decommissioning and Blacklisting At any stage, an entire container or specific user may be blacklisted. This means that the next time that the container is started and has network access, all the relevant applications and data will be automatically removed from the device, i.e., reset back to its initial provisioning state. This functionality is essential if a device is lost or stolen. Device Lock Administrators may lock a container to a specific device, i.e., if it is illegally copied to another device, it will not start. This prevents any unauthorized backup or replication of the container data. Security The primary benefit of the secure container is complete security of all its applications and data on the device. The following is a summary of the security features: Initial provisioning of the container itself can be controlled through the use of trusted whitelists, profiles and passwords. All configuration, application definitions and data are encrypted. Even if the device is hijacked, jail broken or the container is copied, the contents are protected. All data transmissions over the network are encrypted. The container can be locked to a specific device, meaning that it will not start if copied to another device. The container may be blacklisted, i.e., all applications and data will be automatically blocked from being accessed. 12

A range of identity management options can be used to authenticate user access to the container through standard directory services, 3rd party security applications, custom functionality etc. Users can only access the applications and data that they are authorized to. The role-based provisioning is strictly controlled through the user profiling facility on the central Kony admin console. The container may be configured to automatically shut down if idle for a period of time or if the device goes into sleep mode. HTML can be securely executed inside of the container without the risks associated with a browser. All provisioning and access requests are audited. The secure container feature provides a flexible solution for mobility by allowing for identity management/rolebased provisioning and modular application implementation. 13

Analytics & Reporting To enable complete and effective BYOD strategies, the well-designed MAM solution should deliver integrated analytics and reporting capabilities. Administrators should be able to report, analyze and audit mobile application activity using build-in modules and industry standard analytic tools such as Adobe Omniture, IBM Coremetrics, Google Analytics, and Webtrends Analytics. Below are some example reports that can be run via the console: Apps: Total apps per platform Downloads: Total downloads per platform Mandatory apps not installed per user Information on users per device and per OS number of apps downloaded Information on apps number of users per device and per OS Fig 4: Example MAM analytics screen 14

Summary As end users accelerate the trend toward consumerization, IT leaders will need to implement management solutions that address the variety of devices, apps, and operating systems that make up today s increasingly diverse corporate computing environment. systems offer an approach that takes into account both the need to manage and control corporate data and the need to support end user autonomy and control over their own personal computing assets. Through innovations such as secure ondevice containers, policy injection and management, and targeted device management, MAM solutions can empower IT with the type of finely tuned architecture they need to meet the BYOD challenge. 15

About Kony Kony and the KonyOne Platform enable Fortune 500 companies to offer consumers and employees feature-rich mobile applications in less time and at lower costs than any other solution. Leveraging a Write Once, Run Everywhere single application definition, applications are designed and developed just once, in a device independent manner, and deployed across multiple channels, including native applications, device-optimized HTML5 and HTML4 mobile web, SMS, web gadgets, kiosks, and tablets. Kony s unique platform is proven to future-proof a company s mobile investment by enabling applications to be changed once for all channels, ensuring faster adoption of new operating systems and standards as they are introduced, while eliminating maintenance, upgrade and future development costs. Learn more at www.kony.com KONY SOLUTIONS, INC 7380 West Sand Lake Road #390 Orlando, Florida 32819 +1.321.293.KONY (5669) Toll Free: 1.888.323.9630 2012 Kony Solutions, Inc. All rights reserved. Kony and the Kony Mobile Application Platform are trademarks of Kony Solutions. Apple and iphone are trademarks of Apple Inc., registered in the U.S. and other countries. BlackBerry is a registered trademark of Research In Motion. Android is a trademark of Google Inc. Other product names mentioned are the property of their respective holders.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information