2. Contents
What is Mobile Application Management? 3
Kony Mobile Application Management Solution Overview 4
Features and Benefits of the Kony MAM Solution 5
Process Flow 6
Provisioning 7
Client Components 8
Server Components 8
Kony Application Manager Console 8
Analytics 9
About Kony 10
2 Kony’s Secure Mobile Application Management Feature Brief
3. Enterprise mobile device strategies are experiencing enormous disruption thanks to staff
insisting on using their own devices to access work systems and data as part of the bring your
own device (BYOD) trend. Many organizations are considering personally-owned mobile devices
for business apps. Their goal is to drive employee satisfaction and productivity through the use
of new technologies, while simultaneously reducing mobile expenses.
This trend is one of the more dramatic results of the consumerization of IT, in which consumer
preference – not corporate initiative – drives the adoption of technologies in the enterprise.
However, many of these devices were not built with enterprise requirements in mind, so IT
teams often feel uncomfortable about security and supportability of their corporate applications
running on a foreign device over which they have no control.
BYOD is more than just shifting ownership of the device to the employee. It has many complex
and hidden implications; organizations would do well to define a comprehensive BYOD strategy
in advance of implementation.
Businesses want the ability to securely manage mobile applications installed on employee
devices. As a result, IT concerns have begun moving from mobile device management (MDM)
to mobile application management (MAM) as part of a shift in thinking over whether to allow
mobile devices toward how to best take advantage of them.
What is Mobile Application Management?
Mobile Application Management is an essential tool for organizations that provide “in-house” apps to employees or contractors using corporate-
liable or individual-liable devices. Unlike Mobile Device Management, Mobile Application Management focuses primarily on the applications
resident on mobile devices, rather than the devices themselves. For example, if a user leaves an organization or group, apps and data belonging
to the organization can be de-provisioned, without resorting to a full “device wipe” which could expose an organization to liability.
Any organization’s BYOD strategy should allow for enterprise applications to be used without compromising its implemented security policies.
The goal is for an employee to be able to use both personal and enterprise applications on the same device, without concerns over privacy
violations by their employer. A Mobile Application Management solution should allow enterprise IT policies to be enforced on enterprise
applications – and only on enterprise applications – and ultimately reduce the cost of ownership for an enterprise.
Kony’s Secure Mobile Application Management Feature Brief 3
4. Kony Mobile Application Management Solution Overview
Kony’s Mobile Application Management solution allows an IT organization to securely deploy, manage, and analyze mobile apps – without
compromising enterprise or user data privacy, and all while ensuring total focus on optimizing the mobile user experience.
With the Kony MAM solution you add code to your mobile apps that use Kony’s policy APIs. The APIs let the app communicate with the Kony
App Management server to enforce policies for that app and/or user, such as restricting usage to geo locations or copy/paste into/out the app
or deleting on device data if the user’s permissions are revoked.
The Kony Mobile Application Management component allows administrators to monitor activities – such as an app access – so that they can
then check the current device and application state against the policies. Via the embedded libraries, the app communicates its status and activity
back to the server – not entire device status, which may lay concerns from employees, contractors, and business partners over how invasive
your device management may be.
Importantly, management is embedded in the app, so you don’t have to manage the device itself. Thus, you should be able to extend legitimate
application management to a greater number of users than the universe of devices you actually manage.
Kony’s MAM focuses on role-based security,
provisioning and control of mobile apps in an
organization. Additional capabilities include what is
commonly called “inventory management”, since Device makes
the request
MAM provides a complete view of all devices, and at application
their characteristics such as device type, operating startup to
Application UI check for
system, memory, and installed applications. modified Binary
policies Management /
Integrated App Catalog
Modified App Kony Policy
Native Code Framework
Native Code
Native Security &
SDK Usage Policy
Data
Policies are
returned in Policy
Device OS JSON Management
format
Figure 1: Kony Mobile Application Management Component View
4 Kony’s Secure Mobile Application Management Feature Brief
5. Features and Benefits of the Kony MAM Solution
The key feature of Kony’s MAM is the concept of a “Secure Mobile Application Management Container” that completely abstracts applications
and data away from the specifics of the device and operating system. Kony’s secure mobile application container provides a separate and secure
virtual environment on the mobile device in which to run Kony and non-Kony applications and store related data.
This mobile enterprise container provides true “configure once, run has network access, all the relevant applications and data will be
everywhere” capability, offering a single, consistent, secure method automatically removed from the device, i.e., reset back to its initial
to provision applications and synchronize data across all major device provisioning state. This functionality is essential if a device is lost
types (e.g., iOS, Android, BlackBerry, and Windows) seamlessly. It or stolen.
also provides integration of native applications (e.g., calendar, maps,
camera, etc.) and supports embedded HTML. Device Lock
You may “lock” a Kony container to a specific device, i.e., if it is
The primary benefit of the Kony secure container is total security
illegally copied to another device, it will not start. This prevents any
of all its applications and data on the device. Initial provisioning of
unauthorized backup or replication of the container data.
the container itself can be controlled through the use of trusted
“whitelists,” profiles and passwords.
Security
All configurations, application definitions The primary benefit of the Kony secure container is complete security
and data are encrypted. Even if the device of all its applications and data on the device. The following is a
is hijacked, jail broken or the container is summary of the security features:
copied, the contents are protected. All
Initial provisioning of the container itself can be controlled through the use
data transmissions over the network are of trusted “whitelists”, profiles and passwords.
encrypted.
All configuration, application definitions and data are encrypted. Even if the
device is hijacked, jail broken or the container is copied, the contents are
The container can be locked to a specific protected.
device, meaning that it will not start if All data transmissions over the network are encrypted.
copied to another device.
The container can be locked to a specific device, meaning that it will not
start if copied to another device.
The container may be “blacklisted,” i.e., all
The container may be “blacklisted,” i.e., all applications and data will be
applications and data will be automatically automatically blocked from being accessed.
Figure 1: Example of a removed if an attempt is made to connect A range of identity management options can be used to authenticate user
policy revoked from to the host. The container may be access to the container through standard directory services, 3rd party
a user configured to automatically shut down if security applications, custom functionality etc.
idle for a period of time or if the device Users can only access the applications and data that they are authorized to.
The role-based provisioning is strictly controlled through the user profiling
goes into sleep mode. HTML can be securely executed inside of the
facility on the central Kony admin console.
container without the risks associated with a browser. All provisioning
The container may be configured to automatically shut down if idle for a
and access requests are audited. period of time or if the device goes into sleep mode.
HTML can be securely executed inside of the container without the risks
Following are some of the key features of the Kony container:
associated with a browser.
All provisioning and access requests are audited.
Decommissioning and Blacklisting
The innovative secure container feature provides smarter mobility
At any stage, an entire container or specific user may be blacklisted.
by allowing for identity management/role-based provisioning and
This means that the next time that the container is started and
modular application implementation.
Kony’s Secure Mobile Application Management Feature Brief 5
6. Process Flow
Figure 2 below describes the complete process flow. Using John brings his personal device to work. He then has the option of
enterprise connectors and sync, a Kony developer builds an downloading his company branded app store from the general app
application. The application is written with a single code base and marketplace or via a URL.
made consumable on any device type and on multiple channels.
Once he logs into his enterprise app store, he is pushed
Once the application is written with a single code base, i.e. notifications about apps to which he has access and others that are
JavaScript, the developer can publish to a choice of channels as suggested for him. One of the first apps that he downloads is the
seen here. Note channels available in native iOS, Android, Windows enterprise mobile container. This container is a secure area where
Phone, and BlackBerry, as well as HTML5, single page applications applications can be loaded and managed separately from the rest of
and even desktop and desktop web. the applications on his device.
The IT Administrator wraps policies to the binary, assigns the The administrator can then manage the secured container, as
application to users/group(s)/role and promotes the app to his opposed to the entire device, with centralized policy management.
enterprise branded app store. In this example, John is assigned an
app based on his role and use credentials. Once John downloads
the app store he will be able to push this app automatically.
Admin
Monitors
App
Figure 2: Kony Mobile Application Management Process Flow
6 Kony’s Secure Mobile Application Management Feature Brief
7. Provisioning
Following are the steps for initial provisioning of the secure application:
1) When the employee wishes to use the company apps on a personal device he or she is instructed to go to an initial URL by the company
system administrator in the form of an email.
2) They login using their Active Directory credentials.
3) The folder app gets downloaded onto the phone after the display of a pop up asking for permission to download the folder app. The default
language for this message is: “Are you sure you want to install the folder that will contain all your corporate apps?”
4) Only the folder app will be downloaded on first use. No other app will be downloaded at that point.
This user experience is demonstrated in Figure 4 below.
Figure 4: Kony MAM Provisioning Steps
Kony’s Secure Mobile Application Management Feature Brief 7
8. Client Components
Kony Mobile Application Management also includes client KonyOne Server – KonyOne provides an enterprise grade mobile
components, which consist of: application server that sits on top of traditional J2EE application
servers. The KonyOne Server provides key services such as device
1) Client App Framework – Provides isolation of application from other
applications and ensures a secure framework. App Management detection, a services bus, session state, security services, analytics,
Capabilities include: reporting, and more. KonyOne runs on open, industry standard J2EE
technology like IBM WebSphere, Oracle Weblogic, and Tomcat
i. Authorize application
ii. Handling, creation, validation and revocation of tokens / certificates Integration Services – Integrate into backend systems with web
services, direct database access, through Java or via any of Kony’s pre-
iii. Remote wipe of data in application
built Connectors for SAP, Oracle and Microsoft enterprise systems.
iv. Remote revocation of application authorization
v. Interfaces to authentication and authorization services
2) HTML5 Renderer – HTML5 Compliant rendering components including
Kony Application Manager Console
application UI caching, navigation and branding.
Kony provides a single location to manage app security, app usage
3) Local Data Management – Manage offline data container including policies, app updating and securitizing, provisioning apps to the
handling of data encryption and content classification metadata Enterprise App Store and more, thereby ensuring a manageable and
4) Content Policy Engine – Policy engine for controlling application end-to-end solution for the IT Policy Officer. Working in conjunction
functionality in offline and online mode based on content classification. with your mobile device management vendor if present, KonyOne
Platform provides an integrated console through which changes can
5) Inter-App Communication – This is how the communication occurs
within the folder from one app to another. be made and tracked, while also providing a wide range of analytics
and reports to help optimize the employee experience, and that of
6) App Management – Provides connection point for remote
your corporation.
administration of application and content and distribution of offline
policies.
Employee Authentication and Authorization Services – Integration
with SiteMinder/Active Directory and other security based systems.
This includes Enterprise App Distribution to control access to
Server Components applications allowing only employees authorized to download
In addition to client components, Kony Mobile Application the apps.
Management contains server elements that are critical to executing
comprehensive application management:
Kony provides a single location to manage app security, app usage policies, app
updating and securitizing, provisioning apps to the Enterprise App Store and more,
thereby ensuring a manageable and end-to-end solution for the IT Policy Officer.
8 Kony’s Secure Mobile Application Management Feature Brief
9. Administrators gain complete visibility into their applications, so
they can immediately see when users are experiencing performance
issues – rather than waiting for them to complain about crashes, slow
response times, or error messages. As a result, you can take immediate
troubleshooting action.
With Kony’s Application Management Console, customers can
automatically:
Monitor App performance
Manage App errors/faults/crashes and ensure optimum service provided by
your Apps
Evaluate log files (across myriad devices) to determine reasons for crashes
and understand what a user was attempting to do when a fault or crash
occurs
Monitor start/end times for App usage, as well as transaction processing
times
Minimize the burden of help desk support Figure 5: Kony Application Manager Console
Analytics
Report, analyze, and audit using built-in modules and industry
standards like Adobe Omniture, IBM Coremetrics, Google Analytics,
and Webtrends Analytics.
4 types of report views are available:
Tabular
Bar
Line
Pie
Two types of report selections are available:
Apps: Total apps per platform
Downloads: Total downloads per platform
Figure 6: Kony Application Manager Console Report
Mandatory apps not installed per user
Information on users per device and per OS – number of apps downloaded
Information on apps – number of users per device and per OS
These reports can also be scheduled to run at different times. These
could include scheduling reports daily, per hour, per week etc.
Kony’s Secure Mobile Application Management Feature Brief 9