In this recent blog post post by Earl Perkins of Gartner, he describes some of the factors behind the increased challenge of supporting mobile workers for security and access to mobile applications. Some of those trends include:
- The improved capabilities (ease of use) of different multiple devices is causing pressure on IT shops to provide identity & access management (IAM) support for these devices.
- The evolution of how applications are delivered as mobile apps is causing demand for IAM for these mobile apps.
- The increased need for mobile device management to merge with existing IAM processes.
Providing access to enterprise applications through mobile devices should be as simple as deploying existing policies & procedures to this new domain. In many cases, however, the breadth of technology in place for management has not yet caught up with the demands of users. What many vendors offer today are point solutions. For example, they may provide application access to one type of device (a point product solution) or a vendor may offer a secure platform that works with many device types (MEAPs). SolarWinds Mobile Admin software blends the best of both worlds by providing a secure platform for multiple devices, and provides out of the box mobile access to over 40 IT management software products. Mobile Admin did not re-invent the wheel to provide secure mobile access but leverages existing security infrastructure.
Mobile Admin’s client-server architecture features a fully-integrated security model that provides both data encryption and user authentication to insure a very high security level across the 40+ IT management features it supports.
Below are examples of how companies can leverage the existing security infrastructure to provide secure mobile access to enterprise applications.
Active Directory integration for Mobile Access
Mobile Admin integrates with Active directory which can be configured so only wanted users can access Mobile Admin and even only specific applications within Mobile Admin. This is a great security feature since the network rights are already determined and the accepted authority is still Active directory.
Encryption with BlackBerry and a BlackBerry Enterprise Server
- If you use a BlackBerry Enterprise Server, all your data is sent over the Mobile Data Service (MDS), and is, by default, automatically encrypted using Triple Data Encryption Standard (TDES or 3DES). While TDES provides the highest industry standard encryption, you can also choose additional layers of encryption.
- All versions of the BlackBerry Enterprise Server use TDES as the default encryption for all data. The BlackBerry Enterprise Server 4.1, however, allows you to choose between using TDES and Advanced Encryption Standard (AES), or both.
- While TDES and AES are generally recognized as the most robust encryption methods available today, the US Government has also certified TDES and AES as compliant with Federal Information Processing Standards (FIPS).
Encryption options for Mobile Admin on Apple iOS and Android devices
- You can Encrypt Apple iOS and Android devices with a Virtual Private Network (VPN). If you use a VPN, all your data is sent over the VPN, and is, by default, automatically encrypted.
Encryption with Hypertext Transfer Protocol – Secured (HTTPS)
- Whether or not you are using the Encryption with the BlackBerry Enterprise Server on BlackBerry devices, or the Encryption with the VPN on iOS and Android devices, you can also add a layer of encryption with Hypertext Transfer Protocol – Secured (HTTPS).
- HTTPS is HTTP encrypted with Transport Layer Security (TLS). When you use HTTPS, all data transmitted between the application server and the wireless handheld is encrypted.
Locking down the firewall with a Proxy Service
- If you have a common server for mobile platform integration, a proxy service can be used and helps to lock down your firewall to have fewer openings for users’ without permission to access servers.
- If a common proxy service is not used, then all SSH/Telnet and RDP/VNC servers must have the appropriate firewall configuration.
- The proxy service proxies SSH/Telnet and RDP/VNC traffic. The mobile app clients authenticate transparently to the proxy if the appropriate rights and permissions have been configured. The proxy service can enable access to SSH/Telnet and RDP/VNC servers through a central port, rather than having to configure access to each individual server.
Mobile Devices: Additional Levels of Authentication
- Primary login authentication (required), from a choice of: Windows user name & password, application-specific user name and password
- Device level password or RSA SecurID/RADIUS (optional)