The rapid adoption of mobile technology in recent years has created an opportunity for enterprises to increase the productivity and flexibility of their organizations. This demand for greater mobility has forced enterprises to deliver sensitive applications and data across a wide array of devices and networks.
SecureAuth and Sencha have created an integrated approach to application, data, and user mobility that elegantly addresses these challenges.
-Secure enterprise application deployment
-End-to-end data security with strong encryption
-Managed application container that works on any device
-Developer SDK for creating rich application user experiences
Dev Dives: Streamline document processing with UiPath Studio Web
The Exciting Future of Mobile Application Security
1. Copyright Sencha Inc. 2014
THE EXCITING FUTURE OF MOBILE
APPLICATION SECURITY
Presented by SecureAuth and Sencha
June 12, 2014
www.sencha.com www.secureauth.com
2. PRESENTED BY SENCHA AND SECUREAUTH CORPORATION
Nick Harlow, Sencha
Director of Product Management – Sencha Space
Chris Hayes, SecureAuth Corporation
Chief Solutions Architect
Garret Grajek, SecureAuth Corporation
Co-founder and CTO / COO
• All attendee audio lines are muted
• Questions will be answered at the end of the session
• Submit brief questions on the Q&A panel
• Send longer questions or off-line topics via email to
webinar@secureauth.com
3. AGENDA
Technology Trends: Apps, Identities
Challenges with App Development and Data Security
Solving the App, Identity, and Security Problem: The Integrated Solution
Demo
Q & A
5. Consumerization of IT
Rapid Adoption of
Mobile
Enterprise Cloud Goes
Mainstream
Accelerating Workforce
Virtualization
• Personal devices becoming pervasive in the enterprise
• Organizations must address challenges around BYOD
• Opportunity for productivity gains and cost savings
• Mobile device sales surpass PC sales
• Mobility comes with heightened security risks
• Driving a shift to mobile-first development
• Cloud services gain acceptance for use in production
• Cloud providers adapt offerings for the enterprise
• Cloud IT investment poised for explosive growth
• Collaboration with non-employees is the new normal
• Managing access and data security is a major challenge
• Organizational boundaries increasingly dynamic
TECHNOLOGY TRENDS
SHAPING THE EVOLUTION OF ENTERPRISE MOBILITY
6. THE IDENTITY PROBLEM TODAY
Enterprises have Roles / Policies On-premises
Users Must Obtain Resources Outside of Enterprise
Cloud Apps, Mobile Apps
The Result has been Mass Distribution of Identities across the Internet
7. THE IDENTITY PROBLEM TODAY
Resulting in No Enterprise Control
Identities
Logon Credentials
Hacks on All Resources
Cloud, Mobile, Network, etc.
8. A FEW FACTS
75% of Security Breaches Involve Compromised Credentials
71% Targeted User Devices
13% Leveraged Misuse of Privilege Average Cost: $188 per Record
CIO: Testifying Before the
Senate
$5.37 Billion in
shareholder value
lost
Breach disclosed
in media
10. $ $ $ $ $
Management Security
$ $ $ $ $
$ $ $ $ $
$ $ $ $ $
And these processes and
apps must be managed
and secure to limit risk
…which multiply with
each new supported
mobile OS/device
platform.
Each part of the app
development process
incurs expenses…
INEFFICIENT MOBILITY AND SECURITY WASTES RESOURCES
The cost of mobility can erode its ROI
11. END-TO-END DATA SECURITY
Data security means protecting confidentiality and integrity of data
Management and enforcement across three modes of data use
At-rest – When data is stored on a device
In-motion – When data is traversing the network
In-use – When a user interacts with the data through an app on a device
Ensuring data security as data moves across the range of untrustworthy
networks and devices is not trivial
Overview
13. THE PROBLEM IDENTITY SPRAWL CREATES
Enterprises have Lost Control of the Identities:
Where they are stored
What authentication strength is required
How the identity is asserted
15. THE PROBLEM IDENTITY SPRAWL CREATES
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
• The hackers attack
the weakest points
• Credentials are at r
isk when held outsi
de the enterprise
17. Benefits
Streamline app development process –
Eliminate PhoneGap/Cordova
Deliver HTML5 apps directly to end-
users through a managed, secure
runtime platform
Helps protect your apps and data by
Managing user access
Remotely wiping your data from devices as needed
Keeping your business data separate from other data on
the device
Leverage developer APIs for a rich application
experience
SENCHA SPACE
EASILY MOBILIZE EXISTING WEB AND HTML5 APPS
18. SENCHA SPACE
MANAGEMENT CONSOLE OVERVIEW
Management Console
•Provides centralized management of the user, data,
and application lifecycles
•Improves efficiency of cross-platform application
development, testing, maintenance and deployment
•Allows administrators to enforce policy consistently
•Captures user, device, and application analytics for
additional revenue capture opportunities
19. •Facilitates managed use of HTML5 apps across
multiple OS/device platforms
•Supports iOS and Android (Win Phone 8 and
Blackberry in beta)
•Enforces policies from central management
console
•Secures and segregates application data for fine-
grained management of data and risk
•Provides developer API to OS/Device features
for rich, modern, mobile user experience
Mobile Client Application
SENCHA SPACE
MOBILE CLIENT APPLICATION
20. Data Encryption – All data is stored encrypted in Space
to protect the confidentiality of sensitive, proprietary
information
Network Security – All data transmitted between the
Space client app and management server is SSL-
encrypted
VPN Support – Integration with Cisco and Juniper
clientless SSL VPN for secure connectivity between the
Space client app and back-end data center assets
Authentication – Federated authentication support
using widely accepted SAML open standard
Key Benefits
SENCHA SPACE
SECURITY
Reduce the risk of data
breach
Grant access to applications
and data based only on
business need
Deploy applications securely
to anyone on any device
22. SECUREAUTH PROVIDES
SECURE ENTERPRISE DIRECTORY SSO
Connects to Enterprise Directory
Authenticates based on Existing IDs / Passwords
No Directory Synchronization Required
Connects to AD, LDAP, SQL, ODBC, REST
23. 20+ AUTHENTICATION MECHANISMS
1. SMS OTP
2. Telephony OTP
3. E-mail OTP
4. Static PIN
5. KBA / KBQ
6. Yubikey (USB)
18. Federated IDs
19. Help Desk
20. Password
21. Kerberos
22. Symantic VIP
7. X.509 Native
8. X.509 Java
9. NFC Prox Card
10. CAC / PIV Card
11. PUSH Notification
12. Mobile OATH Token
13. Browser OATH Token
14. Windows Desktop OATH Token
15. Third-party OATH Token
16. Device Fingerprinting
17. Social IDs
YOUR COMPANY NAME
Please choose the delivery method for
your registration code.
Voice
E-mail
SMS
Submit
24. THEN SECUREAUTH PROVIDES
SSO TO ALL RESOURCES
Cloud Apps
Google, Office 365, Salesforce, Box
Concur, WebEx, ADP
Mobile Apps
Android, iOS, Windows
Built-in SSO to Enterprise Web Apps
SharePoint, WebSphere, ASP.NET
Oracle, J2EE, PeopleSoft
25. SECUREAUTH PROVIDES
2-FACTOR AUTHENTICATION FOR SENCHA SPACE
Enterprise Enforcement of 2-Factor Enrollment and Access of
Sencha Space
20+ Authentication Mechanisms
Pre-built Browser Forms
Easy User Deployment
We see four key trends shaping the evolution of enterprise mobility:
Consumerization of IT is the phenomenon, where consumers are bringing personal devices such as smart phones, tablets, and personal laptops into the corporate IT environment. This behavior gives rise to the Bring Your Own Device (BYOD) phenomenon, which can make IT security more complicated and risky. Nonetheless, recent surveys show that more organizations are preparing to support BYOD to some extent than not. This means that IT managers will need to address the new challenges and risks of BYOD.
Sales of smart mobile devices have surpassed new PC sales. Because of the advanced capabilities of these devices, many end-users now rely on mobile devices at least to some extent to do their jobs. Without an official IT policy around mobility, users have used the most convenient tools, services, and mechanisms to move necessary data onto these devices, creating the risk of data loss as proprietary moves off of IT-secured and managed systems to unmanaged personal devices.
The drive toward increased mobility has been further accelerated by the increasing acceptance of cloud-based services. Organizations have begun to adopt cloud services of all sorts for production use and mission-critical functions. In some instances, this results in proprietary data being stored and accessed in the cloud and via mobile devices. This has resulted in greater productivity and operational efficiency. However, it also creates another potential vector for data breach.
Organizations are increasingly comprised of employees, consultants, and contractors collaborating remotely across geographies and over non-corporate networks. Managing and securing this collaboration is increasingly complex, especially for non-employee business associates, over whom IT cannot easily enforce specific mandates or policies.
These statistics may seem a little dry, so let’s take a recent real-world example. A large national discount retailer disclosed a massive data breach that involved large-scale theft of payment card data.
1. This is that organization’s stock price
Here’s where it was when the breach was disclosed
Here’s their CIO testifying before the US Senate
I didn’t hear what exactly he told them, but I’m sure he’s thinking about $5.37 billion in shareholder value destroyed when the stock price dropped
Although, providing mobile access to business applications and data can result in productivity improvements, mobile application development and delivery can quickly become excessively complex and expensive if not managed correctly. Both native and hybrid application development for example require packaging and testing applications across a myriad of mobile OS and device combinations. Delivering the applications to end-users can be an additional challenge, requiring either publication through mobile device application stores or deployment through an enterprise app store.
For native applications, supporting more than one platform typically requires re-writing an application for each target OS. Each of these codebases must then be maintained over time. Managing the application lifecycle and securing the application data are additional challenges that organizations must face.
Sencha Space is designed to help organizations adjust to the rapidly evolving technology trends and corresponding challenges around enterprise mobility. It consists of a centralized management console and a mobile client application. The mobile client application is a native app that runs on the device and provides a consistent runtime platform, on which to run mobile web and HTML5 applications.
The management console provides centralized management of mobile application security, deployment, and access control policy. It allows administrators to easily manage and enforce security policy across devices, even for external collaborators, whose devices are not subject to existing MDM/MAM compliance policies.
The Space mobile client application provides a consistent, managed runtime environment for cross-platform mobile web and HTML5 applications. It provides strong, fine-grained encryption to protect the confidentiality of proprietary data. The Space client app enables end-users to have a superior, modern mobile user experience on any supported mobile OS platform. It allows for instantaneous deployment of applications, remote wiping of proprietary data on a per user or per device basis, and blocking users or specific devices as needed.
Using Space can eliminate the need to wrap HTML5 apps with native packaging tools and distribute the resulting hybrid apps from the target platforms’ mobile application store. This can result in significant time and cost savings during the application development process.
The Space client also provides a rich set of developer APIs that provide access to Space’s secure storage facilities, as well as mobile OS/device bindings.
Space focuses on protecting your proprietary data at-rest, in-motion, and in-action. For data at-rest, Space provides a secure storage mechanism that uses strong cryptography to protect the confidentiality and integrity of your data. For data in-motion, all network communication between Space and the administration console is encrypted via SSL; application communication within Space can be encrypted via integration with your existing SSL-VPN. Space facilitates secure ease-of-access for end-users by supporting widely deployed single sign-on protocols. This allows you to make it easy for your users to access required resources without sacrificing management of access entitlements.