Solution Extension Best Practices: Subject Matter Expert...
Transcript of Solution Extension Best Practices: Subject Matter Expert...
Solution Extension Best Practices:
Protecting and Securing Your Mobile
Applications
Subject Matter Expert:
Scott Bonnell
Vice President,
Mocana
© 2014 SAP AG. All rights reserved. 2
SAP Mobile Secure An integrated, cloud-based EMM solution
Operating System
Mobile Device Management
Network Connectivity
*Secure Mobile Gateway*
Network Access Control
Data & Applications
Mobile App Management
*Mobile App Security*
Mobile Content Management
Data Loss Prevention
Mobile App Reputation
SAP HANA Enterprise Cloud with complete enterprise integration
© 2014 SAP AG. All rights reserved. 3
Leaders in mobile security
Focus on User
Experience
Transform the mobile user
experience considering all
aspects of the user’s interaction
with products, systems,
processes, and services.
Increase Mobile App
Usage
Drive mobile app usage and
employee productivity for the
success of large scale SAP
Business Suite investment.
App Level Security
within a Broad EMM
portfolio
Provide the foundation for
consuming future enterprise
data. Focus on management
of content, apps and devices.
Mocana and SAP: Vision to improve the user experience
© 2014 SAP AG. All rights reserved. 4
The Usage Gap for Enterprise Mobile Apps
Mobile App Usage in the enterprise is severely impacted due to lack of
beautiful user experience balanced with simple enterprise integration
Driving mobile app usage and employee productivity is critical for the success
of large scale mobile investment
26%*
Employees using
corporate apps report
loss of productivity
43%*
Employees abandon
corporate mobile
apps
© 2014 SAP AG. All rights reserved. 5
EULA, App
Expiration
Per-App VPN Jailbreak/
Rooting
Detection
Geo-fencing Data At Rest
Encryption Secure
Data Transfer
SAP Mobile App Protection Secure the app, its data, and the connection to the enterprise
Disable app when the device is
compromised by jail breaking or rooting
Restrict app usage
to a geographic location
FIPS 140-2 certified encryption for all data
storage. Prevent malware and rogue apps
from accessing sensitive data
Restricts copy and paste to
unsecured area of device
Secure VPN tunnel to
enterprise network
prevents rogue apps and
malware from gaining
unwanted access User
Authentication
Enterprise
App
Passcode policy
enforcement expiration,
lock-out and help-desk
assisted passcode reset
End user license agreement
enforcement, lock-out with app expiration
Federation of apps
Secure transfer among federated
wrapped apps on the device
Mocana Secure Enterprise Browser
Hybrid/Web Apps
3rd Party Apps
Custom B2E/B2B Apps
© 2014 SAP AG. All rights reserved. 6
SAP Mobile App Protection Zero-to-secure in seconds
SAP Mobile App Protection
Web Console and Server
IT Admin/LoB
1. Upload Enterprise App 2. “Point and Click” Policies 3. Distribute Wrapped App
Mobile device mgmt
Mobile app mgmt
Enterprise app store
Intranet
□ Passphrase
Secure copy-paste
Per-app VPN
□ SSL reverse proxy
DAR encryption
FIPS 140-2
□ Lockout recovery
□ Single sign-on
Managed or
Unmanaged User Devices
Data wipe
□ Jailbreak detection
□ Location masking
□ Geofencing
□ App expiration
User agreement
□ App federation
© 2014 SAP AG. All rights reserved. 7
Secure enterprise browser
Mobilize web apps instantly and securely
Extend access to existing SharePoint, corporate intranet sites, web apps, and portals
Provide seamless access to sensitive data across any mobile device
Apply security policies to customize and configure the Browser's security
Extend mobile web apps to unmanaged devices
© 2014 SAP AG. All rights reserved. 8
Pairing SAP Mobile App Protection with Mocana Atlas
Drive Mobile Usage in the Enterprise At Scale SAP Mobile App Protection paired with Mocana Atlas
securely simplifies enterprise integration and connectivity.
One Time Simple
Access Setup
Tap and Go
Always ON
Always
Connected
Security Post-
Development (FIPS 140-2, Dual
Authentication, SSO)
Scales Smoothly for
Large Enterprise
Deployments
End To End
Visibility
© 2014 SAP AG. All rights reserved. 9
Tap and Go
Tap
and
Go
Mobile Apps with SAP Mobile App
Protection paired with Atlas Current App Login Experience
Cumbersome Login Experience
Many screens, Many seams
1 Tap To Connect
Strong Security, Transparent to User
© 2014 SAP AG. All rights reserved. 10
Customer case study: Consumer Packaged Goods
Customer Background
• Multinational consumer packaged goods company
• Over 15,000 mobile users
• Portfolio of over 50 mobile apps
Key Requirements and Use Cases
• Mobilizing SAP Fiori and other custom apps
• User experience was top priority
• Simplify pen testing process for dozens of mobile apps
• Solution to pair with MDM, but have flexibility to use for extended enterprise in future
Mocana 360 1
0
Why SAP + Mocana?
– Ability to achieve a balance between development, security, and usability
– Avoid cost and time of penetration testing for mobile apps
– User is authenticated once and then gets a certificate to authenticate to all backends
© 2014 SAP AG. All rights reserved. 11
Customer case study: Retail Industry
Customer Background
• Retail vendor delivers services to
approximately 125 million customers
• 300,000 employees
Key Requirements and Use Cases
• Protect apps on tablets at retail Point-of-
Sale locations
• PCI & FIPS 140-2 compliance
• Secure email / browsing
• Multi-factor authentication
• Deliver cohesive security for apps across
multiple MDMs and unmanaged devices
Mocana 360 1
1
Why SAP + Mocana?
– Cross-platform support for iOS and Android
– Uniform app security regardless of which (or whether) an MDM solution was being used
– Mobile analytics and visibility
– Ability to support rapid deployment of new apps and user populations
– Best-in-class security
© 2014 SAP AG. All rights reserved. 12
Customer case study: Insurance industry
Customer Background
Large European financial services firm
Over 10,000 mobile users
Key Requirements and Use Cases
• Field worker app that allows taking
pictures and submitting claims real-
time while meeting with customers
• Mobilizing SAP Fiori
• Secure browser for Intranet access
• Secure third-party email
Mocana 360 1
2
Why SAP + Mocana?
– Seamless user experience particularly easy enrollment of new users and devices, and one-tap access
– Ability to deliver consistent user experience and security policy across multiple operating systems
– Willingness to co-innovate on business critical requirements
Let’s Win Together!
Have a Great 2010!
THANK YOU!
QUESTIONS?
FOR FURTHER INFORMATION PLEASE CONTACT:
MILJA GILLESPIE
© 2014 SAP AG. All rights reserved. 15
Mobile Application Protection Challenges
Facts needed –why does this matter??
Things to consider – 3-4
© 2014 SAP AG. All rights reserved. 16
SAP Mobile Secure An integrated, cloud-based EMM solution
Operating System
Mobile Device Management
Network Connectivity
*Secure Mobile Gateway*
Network Access Control
Data & Applications
Mobile App Management
*Mobile App Security*
Mobile Content Management
Data Loss Prevention
Mobile App Reputation
SAP HANA Enterprise Cloud with complete enterprise integration
© 2014 SAP AG. All rights reserved. 17
Leaders in mobile security
Invented App
Wrapping
Mocana’s platform is
the most widely-
deployed embedded
security technology in
the world
Dozens of patents
granted and pending.
#1
Android Leader
Mocana technology
ships in 5 of the top 7
Android OEMs (over
70% of all Android
handsets).
Recognized By
Analysts
“App enablement is a
growing market cutting
across key B2C, B2B and
B2E organizations. SAP's
end-to-end mobile
portfolio and Mocana's
app wrapping technology
are expected to help
enterprises accelerate the
deployment of game-
changing mobile
applications.”
Why SAP partnered with Mocana?
© 2014 SAP AG. All rights reserved. 18
SAP Mobile App Protection Overview
SAP Mobile App Protection by Mocana helps organizations accelerate mobile initiatives by
automating app security. App wrapping technology enables enterprises to quickly secure
existing corporate and third-party applications without having to write any code. *
Increase flexibility Meet strict regulations Speed mobile initiatives
Ensure security when
managing the device isn’t
ideal (for example, BYOD)
and when building B2B
apps
Accelerate app adoption:
no coding or security
expertise required.
Eliminate security
bottlenecks for operational
app deployments at scale
Protect corporate data and
meet compliance and audit
requirements in highly
regulated industries with
additional encryption and
security requirements
* Available on-premise or in the cloud.
© 2014 SAP AG. All rights reserved. 19
EULA, App
Expiration
Per-App VPN Jailbreak/
Rooting
Detection
Geo-fencing Data At Rest
Encryption Secure
Data Transfer
SAP Mobile App Protection Secure the app, its data, and the connection to the enterprise
Disable app when the device is
compromised by jail breaking or rooting
Restrict app usage
to a geographic location
FIPS 140-2 certified encryption for all data
storage. Prevent malware and rogue apps
from accessing sensitive data
Restricts copy and paste to
unsecured area of device
Secure VPN tunnel to
enterprise network
prevents rogue apps and
malware from gaining
unwanted access User
Authentication
Enterprise
App
Passcode policy
enforcement expiration,
lock-out and help-desk
assisted passcode reset
End user license agreement
enforcement, lock-out with app expiration
Federation of apps
Secure transfer among federated
wrapped apps on the device
Mocana Secure Enterprise Browser
Hybrid/Web Apps
3rd Party Apps
Custom B2E/B2B Apps
© 2014 SAP AG. All rights reserved. 20
SAP Mobile App Protection Zero-to-secure in seconds
SAP Mobile App Protection
Web Console and Server
IT Admin/LoB
1. Upload Enterprise App 2. “Point and Click” Policies 3. Distribute Wrapped App
Mobile device mgmt
Mobile app mgmt
Enterprise app store
Intranet
□ Passphrase
Secure copy-paste
Per-app VPN
□ SSL reverse proxy
DAR encryption
FIPS 140-2
□ Lockout recovery
□ Single sign-on
Managed or
Unmanaged User Devices
Data wipe
□ Jailbreak detection
□ Location masking
□ Geofencing
□ App expiration
User agreement
□ App federation
© 2014 SAP AG. All rights reserved. 21
Best Practice Example: (customer name)
© 2014 SAP AG. All rights reserved. 22
Secure enterprise browser
Mobilize web apps instantly and securely
Extend access to existing SharePoint, corporate intranet sites, web apps, and portals
Provide seamless access to sensitive data across any mobile device
Apply security policies to customize and configure the Browser's security
Extend mobile web apps to unmanaged devices
© 2014 SAP AG. All rights reserved. 23
The Usage Gap for Enterprise Mobile Apps
Mobile App Usage in the enterprise is severely impacted due to lack of
beautiful user experience balanced with simple enterprise integration
Driving mobile app usage and employee productivity is critical for the success
of large scale mobile investment
26%*
Employees using
corporate apps report
loss of productivity
43%*
Employees abandon
corporate mobile
apps
© 2014 SAP AG. All rights reserved. 24
Pairing SAP Mobile App Protection with Mocana Atlas
Drive SAP Fiori Mobile Usage in the Enterprise At Scale
One Time Simple
Access Setup
Tap and Go
Always ON
Always
Connected
Security Post-
Development (FIPS 140-2, Dual
Authentiation, SSO)
Scales Smoothly for
Large Enterprise
Deployments
End To End
Visibility
© 2014 SAP AG. All rights reserved. 25
Best Practice Example: (customer name)
© 2014 SAP AG. All rights reserved. 26
SAP Fiori,
SAP MoBI and
other mobile apps
SAP Mobile App Protection paired with
Atlas
Elegantly
Mobilized
Experience
One Time
Simple Access
Setup
Tap To Go
Always On
Always
Connected
Improving the user experience
© 2014 SAP AG. All rights reserved. 27
Tap and Go
Tap
to Go
Mobile Apps with SAP Mobile App
Protection paired with Atlas Current App Login Experience
Cumbersome Login Experience
Many screens, Many seams
1 Tap To Connect
Strong Security, Transparent to User
Let’s Win Together!
Have a Great 2010!
THANK YOU!
QUESTIONS?
FOR FURTHER INFORMATION PLEASE CONTACT:
MILJA GILLESPIE