Resco Mobile CRM Security



Similar documents
Salesforce1 Mobile Security Guide

When enterprise mobility strategies are discussed, security is usually one of the first topics

SharePlus Enterprise: Security White Paper

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

FileCloud Security FAQ

Sophos Mobile Control User guide for Apple ios. Product version: 4

Access Your Cisco Smart Storage Remotely Via WebDAV

Security for mobile apps

Mobile Admin Security

Ensuring the security of your mobile business intelligence

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT

Symantec Mobile Management 7.2 SP3 MR1 Release Notes

Preparing for GO!Enterprise MDM On-Demand Service

Soonr Workplace Enterprise Plan Overview

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Mobile Iron User Guide

Phone: Fax: Box: 230

Sophos Mobile Control SaaS startup guide. Product version: 6

Mobile Device Management Version 8. Last updated:

Dashlane Security Whitepaper

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Sophos Mobile Control Installation guide. Product version: 3.5

iphone in Business Security Overview

Deploying iphone and ipad Security Overview

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

Sophos Mobile Control Installation guide

ONE Mail Direct for Mobile Devices

Mobility Manager 9.5. Users Guide

Ensuring the security of your mobile business intelligence

Sophos Mobile Control Administrator guide. Product version: 3.6

Administering Jive Mobile Apps

RESCO MOBILE CRM USER GUIDE. Access your CRM data on any mobile platform ipad, iphone, Android, Windows Phone or Win XP/Vista/7/8

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

NetSuite OpenAir Mobile for Android User Guide Version 1.3

SAS Mobile BI Security and the Mobile Device

RDM+ Desktop for Windows Getting Started Guide

Network Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper

Cloud Services MDM. ios User Guide

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

Faculty & Staff: Office 365 Migration

User Guide. Time Warner Cable Business Class Cloud Solutions Control Panel. Hosted Microsoft Exchange 2007 Hosted Microsoft SharePoint 2007

APPLE & BUSINESS. ios ENTERPRISE SECURITY ENTERPRISE NEEDS CONFIGURATION PROFILES

activecho Driving Secure Enterprise File Sharing and Syncing

Manual for Android 1.5

Sophos Mobile Control Installation guide. Product version: 3.6

Oracle Mobile Security

The Security Behind Sticky Password

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Copyright 2013, 3CX Ltd.

Students Mobile Messaging Registration & Configuration

Quick Start and Trial Guide (Mail) Version 3 For ios Devices

SENSE Security overview 2014

GadgetTrak Mobile Security Android & BlackBerry Installation & Operation Manual

ipad in Business Security

Mobile App User's Guide

Sticky Password 7. Sticky Password 7 is the latest, most advanced, portable, cross platform version of the powerful yet

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

How to wipe personal data and from a lost or stolen mobile device

Sophos Mobile Control Administrator guide. Product version: 3

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

qliqdirect Active Directory Guide

MDM User Guide June 2012

mobilecho: 5-Step Deployment Plan for Mobile File Management

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Windows Phone 8.1 Mobile Device Management Overview

HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP

ios Enterprise Deployment Overview

Employee Active Directory Self-Service Quick Setup Guide

Sophos Mobile Control User guide for Apple ios

Table of Contents. Oxygen Web Client Uploading my files Versioning my files Deleting my files... 36

Sophos Mobile Control Installation guide. Product version: 3

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Kony Mobile Application Management (MAM)

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

IBM Security Access Manager for Enterprise Single Sign-On V8.2 Implementation Exam.

ManageEngine Desktop Central. Mobile Device Management User Guide

RESCO MOBILE CRM QUICK GUIDE. for MS Dynamics CRM. ios (ipad & iphone) Android phones & tablets

VMware Horizon Workspace Security Features WHITE PAPER

How to configure Mac OS X Server

Mobile App User's Guide

Last modified: November 22, 2013 This manual was updated for the TeamDrive Android client version

Lync SHIELD Product Suite

The increasing popularity of mobile devices is rapidly changing how and where we

ProgressBook CentralAdmin User Guide

Installation and Administration Guide

Introduction to the AirWatch Browser Guide

QUANTIFY INSTALLATION GUIDE

WatchDox Administrator's Guide. Application Version 3.7.5

USER GUIDE WWPass Security for (Outlook) For WWPass Security Pack 2.4

Cortado Corporate Server

User Self-Service Configuration Overview

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

NHSmail mobile configuration guide Android mobile devices

Securing Corporate on Personal Mobile Devices

Transcription:

Resco Mobile CRM Security Out-of-the-box Security 1. Overview The Resco Mobile CRM application (client) communicates directly with the Dynamics CRM server. The communication uses standard Dynamic CRM Web Services provided by Microsoft. There is no middleware server or component. The CRM data is not stored (or cached) anywhere except for the client local storage. The client local storage (SQL database and files) is used to store a configured subset of the CRM data. Some CRM data (entities) can be configured to be online only, in which case it is not stored on the client. For Mobile CRM Client Access License validation we use only minimal data, which allows validating the license for the particular Dynamics CRM users. Section 4 provides more details about the data sent to the Resco Licensing Service. For overall architecture security there are 3 important parts described in the following sections: Mobile client security Dynamics CRM/Communication security Data provided for the license validation

2/4/2013 Resco Mobile CRM Security 2/10 2. Resco Mobile CRM Client The encryption is enabled by default. It must be explicitly disabled. 2.1. User Password The main security token for the application is the user password. This is the password used to authenticate with the CRM server. The same password serves to secure data encryption as described later. The application can be configured to either Require the user to enter the password each time the application is launched (or resumed from background), or Store the password in the device secure storage so that the user does not need to type it again and again. Explanation: The secure storage is protected by the device PIN and cannot be decrypted until the device is unlocked. The device secure storage implementation is platform specific. 1 The device PIN prevents access to the device. Most platforms allow for the PIN to be disabled, in which case the application should not rely on storing the password in device secure storage. 2.2. Data Encryption Details Data encryption is based on an application key. The application key is randomly generated and protected by the user password. The key is then used to encrypt all local CRM data. The details of this procedure are explained below. The application key is created (randomly generated) when the database is created. Afterwards, it is stored in an encrypted form in the device file system and decrypted when needed. The 1 ios secure storage (keychain) security http://sit.sit.fraunhofer.de/studies/en/sc-iphone-passwords.pdf

2/4/2013 Resco Mobile CRM Security 3/10 application key AES256 is used together with the user password (PBKDF2), a random IV and salt for encryption/decryption. The following explains how the application key is used to secure application data. Remember there are two data stores: the database and the blob store (attachments). For encrypting the SQLite database the application key is passed to the SQLite database driver. The driver uses the application key and IV to encrypt/decrypt individual database pages using AES128 in CFB mode. Each page (1024 bytes) is encrypted separately. The IV is the page header (contains variable/unpredictable data). Each file in the blob store (attachment store) contains a header with random IV (16 bytes) and encrypted data. The blob data is encrypted with AES256 in CBC mode using the application key, file header IV. PKCS7 is used for data alignment.

2/4/2013 Resco Mobile CRM Security 4/10 3. Microsoft Dynamics CRM It is important to mention that it is the responsibility of the end user to provide a reliable and secured network connection to their Dynamics CRM server and to make sure the Dynamics CRM server is properly configured to reject all unauthorized requests. The minimal requirement for the synchronization with the Dynamics CRM server is the Dynamics CRM web services and the authentication services availability. In case of the Internet Facing configuration, the Active Directory Federation Services (ADFS) must be accessible too. In cases where the Dynamics CRM server and the Active Directory Federation Services must not be exposed to the Internet, use VPN or Direct Access connection. Note: The default configuration of Dynamics CRM with Active Directory authentication uses HTTP protocol. It is highly insecure to expose the server to the Internet in this configuration. We strongly recommend using either VPN or Direct Access, or changing the configuration to use HTTPS to secure the data exchange between the Mobile CRM client and the Dynamics CRM Server.

2/4/2013 Resco Mobile CRM Security 5/10 4. Resco Licensing Service The Resco Mobile CRM Client Access License is validated online by Resco Licensing Service. For this purpose, we send Dynamics CRM organization specific information, such as CRM Organization ID and CRM User unique ID created by Dynamics CRM server and stored also in the CRM Organization SQL database. A typical request looks like <MobileClient> <Version>6.1.0.0</Version> <Edition>Resco</Edition> <DeviceId>45d780e4f18354949676f743b0h11633951652bc</DeviceId> <DeviceInfo>iPad 2 Wi-Fi only (ipad2,1) iphone OS 6.0</DeviceInfo> <OrganizationId>4F767AFF-B33F-437C-A7CB-00249948C82B</OrganizationId> <OrganizationUrl>https://testcrm.resco.net</OrganizationUrl> <OrganizationName>testcrm</OrganizationName> <UserId>661BAC34-1128-40B1-9653-00B9F54158CD</UserId> </MobileClient> For specific cases, when the accessibility of the Resco Licensing Service available at https://iservices.resco.net can t be granted an offline license stored in the CRM organization can be used. However, the OrganizationId, OrganiationUrl and UserId must be supplied for offline license issuing purposes.

2/4/2013 Resco Mobile CRM Security 6/10 Enterprise Security As important as it is to get the data about your customers, is to keep them secure once you have them. Especially on a mobile device. With Resco Enterprise Security pack, you don t need to worry anymore. Now you are able to apply enterprise security measures and restrictions, set rules and user rights, select which data can be downloaded to the application, or even wipe-out the data from the application. And you can do it all remotely, fortified with push technology. It does not matter anymore what mobile platform your employees use, you can take control of all your mobile device s security rules through one simple mobile device management (MDM) console. Mobile Device Management tools: 1. Index You can index all your mobile devices in one structured list. This feature will give you a quick access to all the necessary information about all the mobile devices used to access CRM data in your company. 2. Groups. Divide the mobile devices into groups and apply different security rules. You can create unlimited number of groups and assign them various security policies. The group can consist of many devices or contain just a single device. It is up to you and your needs. 3. Model, OS and ID. View details of the mobile device like model, running OS and device ID. 4. App version and user. Woodford allows you to see also the currently installed version of MobileCRM app and user of the mobile device. This is helpful to keep your staff updated. You can just view which version of the app is your mobile user currently using and force the update.

2/4/2013 Resco Mobile CRM Security 7/10 5. Synchronization log. See when your employees lastly synchronized the app. Keep track of the synchronizations and if it is necessary force the synchronization remotely. Picture 1: Resco's MDM tool Mobile Application Management tools: 1. Lock In the case an device is stolen or you have any kind of concerns about the security of your data are able to lock the application remotely on a single device, or a whole group of devices, in just one click and block the user to open the application. 2. Wipe out In the worst case scenario you can completely wipe out the data from the application. All is done remotely just by one click and regardless the synchronization. This means that you delete the data remotely from the mobile device and nobody will be longer available to see them.

2/4/2013 Resco Mobile CRM Security 8/10 3. Force full sync Just by one click you can force the application to fully synchronize the data during next synchronization of the app. Picture 2: Resco's MAM tool 4. Session Timeout: By enabling this option you set the rule that the application locks automatically after X minutes of inactivity. After the lock Log-in is required to work again with the application. Let s assume that the device is lost. If you have this feature enabled the potential traitor will not be able to work with the data through the mobile application because it is for sure locked. How easy and smart is that. 5. AppLock: In a case of need you can remotely locks the application. The user won t be able to work with the application anymore until he is re-enabled by the admin. 6. AppWipe: Wipe out the data from the application remotely.

2/4/2013 Resco Mobile CRM Security 9/10 7. Check security policy on login If there is a policy set for the user or for the group of users, the application will verify it directly before login. This is how you make sure the security policies will apply anytime the user launches the application so the data will be safe for sure. 8. Force server connection: The mobile device must connect to the server every X hours otherwise login is refused. By enabling this options you make sure that if the mobile user does not connect to the internet and does not connect to the server though the application, the app will refuse the login next time. This is useful because you can force your mobile users to actively work with the application to prevent this scenario from happening. 9. Force wipe: If the app does not connect to the server in X hours data will be wiped out. You can set the interval you consider most accurate to secure your data. It means that even if the device is left somewhere unattended and you have the interval set to e.g. 5 minutes the potential traitor won t be able to see the data because they were wiped out of the device. Simple, smart & safe. 10. Business hours You can basically set the business hours to allow user to work with the app only during the pre-set working hours. For example if you set the working hours to be 10am-5pm the user will not be able to work with the application in any other time. You can set this rule for one user or for group of user, and you can do it all remotely without even letting the users know about it. 11. Password validation Locks the app or wipes out the data after a number of incorrect password entry attempts. This is great feature to prevent your data from being misused. If somebody will try to login to your mobile CRM application and you have this option enabled he will lock the application directly after e.g. 2 incorrect login credentials entries. All the Enterprise Security features can be combined to create ideal security policy to keep your data safe from misusage.

2/4/2013 Resco Mobile CRM Security 10/10 Picture 3: Resco's MSM tool

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information