App wrapping secures sensitive data even on malware-infected, jail-broken, unmanaged mobile consumer devices
- 07 November, 2013 17:09
When it comes to ensuring secure enterprise mobility, device-oriented approaches adapted from single-vendor environments like BlackBerry simply aren't working in the bring-your-own-device (BYOD) mobile enterprise. Companies need a way to secure devices they don't own or don't already manage using a mobile device management solution.
What is required is a fundamental shift in focus. We need to worry less about trying to secure the device and more about securing specific apps and critical data. Indeed, in the new paradigm you have to assume the device has already been compromised. That's why app wrapping has emerged as a way to give IT the rare opportunity to say "yes" to user choice while simultaneously enabling a more secure, extended enterprise.
BYOD and COPE (corporate owned, personally enabled) are simply leading indicators of a much larger transformation underway in enterprise mobility. While BYOD and COPE address a self-contained, manageable group of employees who use their own devices for corporate access, the larger trend is the emergence of a phenomenon we call the "extended enterprise"--the expanding constellation of customers, contractors, partners, consultants and others that surround an organization who need access to the company's data for legitimate business purposes.
In the extended enterprise, sensitive and proprietary information increasingly resides on any number of mobile platforms in third-party hands that cannot truly be managed because the enterprise doesn't own those devices.
In the extended enterprise, users want the freedom to choose their own devices. And, accustomed to the broader array of apps instantly available for personal use, users want to choose the apps that best solve their problems, make them more productive, save money or create new opportunities.
Security's Evolution: Roadblock to Enabler
Until now, IT has been able to maintain control of mobile resources using device-level mobile device management (MDM) solutions. But management does not equal security. The security challenges of a mobile environment are broader and more intricate than any MDM can solve. So today, enterprise IT must assume that sensitive data will end up in an app on a malware-infected, jail-broken, unmanaged mobile consumer device.
In the data-centric extended enterprise, the app must become the primary vehicle for sensitive data distribution on mobile devices. By securing the app, enterprise IT can be assured that its information is protected, regardless of the device on which the app resides.
But building data protection into an app can be difficult, risky and sometimes ineffective. At times, developers face daunting business and technical challenges. Enterprise data is specific to each organization, and the policies and requirements for protecting that data must be tailored to each organization's needs. This is why a one-size-fits-all approach to app security doesn't work. Adding context-specific data protection can best be accomplished after an application is built.
Additionally, mobile security must be quick and easy to deploy, without requiring custom code development or burdening IT with provisioning setups. Mobile security also must preserve or enhance the user experience. If all of these requirements are not met, the mobile security approach won't be adopted and won't scale across the enterprise.
What IT specifically needs is a way to quickly and easily apply fine-grained security and policy controls around mobile apps, and in parallel, tailor apps to meet specific security policy requirements. And remember, IT needs to achieve this regardless of the app's source, without modifying the user experience or installing a management client or agent on the device.
Enter The Self-Defending App
The app wrapping approach enables enterprise IT to apply security policies to the binary image of virtually any finished application in an automated and replicable way to create a "self-defending app."
App wrapping injects pre-developed security features into an existing application after the development process is done. IT simply selects the security features they want to add to the app, clicks a button to start the process, and the app wrapping software takes care of the rest. No new coding is necessary. And because the injected code has been pre-developed by security experts, IT can be assured of the highest level of security.
App wrapping results in a consistent security approach across all mobile apps, regardless of where they were originally developed, and IT can know they are safe for enterprise use. App wrapping does not require mobile devices to be managed in any way, making it ideal for use with partners, resellers, customers, distributors and others in the extended enterprise
This approach is highly effective at protecting apps and their data, even if the device itself is compromised. Policies can prevent copying and pasting of corporate data out of applications, encrypting data at rest, or even creating a true per-app VPN tunnel back to the enterprise. Self-defending apps fulfill enterprise security requirements while preserving the integrity of the app, its user experience and device battery life, giving all stakeholders in the organization--management, users and IT-- the confidence to more completely mobilize the entire extended enterprise.
San Francisco-based Mocana is a leader in mobile app and smart device security. Launched in 2004, the company has garnered numerous awards including the "2012 Technology Pioneer" award from the World Economic Forum in Geneva, a "2012 Cool Company" award from Gartner, a nod as one of the "Top 100 Private Held Technology Companies in the World" from Red Herring and Frost & Sullivan's "Technology Innovation of the Year" award.
Read more about anti-malware in Network World's Anti-malware section.