kony mobile app mgmt
DESCRIPTION
Enterprise mobile device strategies are experiencing enormous disruption ...TRANSCRIPT
Kony Mobile Application Management (MAM)Kony’s Secure Mobile Application Management Feature Brief
Kony’s Secure Mobile Application Management Feature Brief2
Contents
What is Mobile Application Management? 3
Kony Mobile Application Management Solution Overview 4
Features and Benefits of the Kony MAM Solution 5
Process Flow 6
Provisioning 7
Client Components 8
Server Components 8
Kony Application Manager Console 8
Analytics 9
About Kony 10
Kony’s Secure Mobile Application Management Feature Brief 3
Enterprise mobile device strategies are experiencing enormous disruption thanks to sta!
insisting on using their own devices to access work systems and data as part of the bring your
own device (BYOD) trend. Many organizations are considering personally-owned mobile devices
for business apps. Their goal is to drive employee satisfaction and productivity through the use
of new technologies, while simultaneously reducing mobile expenses.
This trend is one of the more dramatic results of the consumerization of IT, in which consumer
preference – not corporate initiative – drives the adoption of technologies in the enterprise.
However, many of these devices were not built with enterprise requirements in mind, so IT
teams often feel uncomfortable about security and supportability of their corporate applications
running on a foreign device over which they have no control.
BYOD is more than just shifting ownership of the device to the employee. It has many complex
and hidden implications; organizations would do well to define a comprehensive BYOD strategy
in advance of implementation.
Businesses want the ability to securely manage mobile applications installed on employee
devices. As a result, IT concerns have begun moving from mobile device management (MDM)
to mobile application management (MAM) as part of a shift in thinking over whether to allow
mobile devices toward how to best take advantage of them.
What is Mobile Application Management?Mobile Application Management is an essential tool for organizations that provide “in-house” apps to employees or contractors using corporate-
liable or individual-liable devices. Unlike Mobile Device Management, Mobile Application Management focuses primarily on the applications
resident on mobile devices, rather than the devices themselves. For example, if a user leaves an organization or group, apps and data belonging
to the organization can be de-provisioned, without resorting to a full “device wipe” which could expose an organization to liability.
Any organization’s BYOD strategy should allow for enterprise applications to be used without compromising its implemented security policies.
The goal is for an employee to be able to use both personal and enterprise applications on the same device, without concerns over privacy
violations by their employer. A Mobile Application Management solution should allow enterprise IT policies to be enforced on enterprise
applications – and only on enterprise applications – and ultimately reduce the cost of ownership for an enterprise.
Kony’s Secure Mobile Application Management Feature Brief4
Kony Mobile Application Management Solution OverviewKony’s Mobile Application Management solution allows an IT organization to securely deploy, manage, and analyze mobile apps – without
compromising enterprise or user data privacy, and all while ensuring total focus on optimizing the mobile user experience.
With the Kony MAM solution you add code to your mobile apps that use Kony’s policy APIs. The APIs let the app communicate with the Kony
App Management server to enforce policies for that app and/or user, such as restricting usage to geo locations or copy/paste into/out the app
or deleting on device data if the user’s permissions are revoked.
The Kony Mobile Application Management component allows administrators to monitor activities – such as an app access – so that they can
then check the current device and application state against the policies. Via the embedded libraries, the app communicates its status and activity
back to the server – not entire device status, which may lay concerns from employees, contractors, and business partners over how invasive
your device management may be.
Importantly, management is embedded in the app, so you don’t have to manage the device itself. Thus, you should be able to extend legitimate
application management to a greater number of users than the universe of devices you actually manage.
Kony’s MAM focuses on role-based security,
provisioning and control of mobile apps in an
organization. Additional capabilities include what is
commonly called “inventory management”, since
MAM provides a complete view of all devices, and
their characteristics such as device type, operating
system, memory, and installed applications.
Figure 1: Kony Mobile Application Management Component View
Device makes the request
at application startup to check for modified policies
Application UI
Device OS
Policy Management
Binary Management /
App Catalog
NativeSDK
Security & Usage Policy
Data
Modified App Native Code
Integrated Kony Policy Framework
Native Code
Policies are returned in
JSON format
Kony’s Secure Mobile Application Management Feature Brief 5
Features and Benefits of the Kony MAM SolutionThe key feature of Kony’s MAM is the concept of a “Secure Mobile Application Management Container” that completely abstracts applications
and data away from the specifics of the device and operating system. Kony’s secure mobile application container provides a separate and secure
virtual environment on the mobile device in which to run Kony and non-Kony applications and store related data.
This mobile enterprise container provides true “configure once, run
everywhere” capability, o!ering a single, consistent, secure method
to provision applications and synchronize data across all major device
types (e.g., iOS, Android, BlackBerry, and Windows) seamlessly. It
also provides integration of native applications (e.g., calendar, maps,
camera, etc.) and supports embedded HTML.
The primary benefit of the Kony secure container is total security
of all its applications and data on the device. Initial provisioning of
the container itself can be controlled through the use of trusted
“whitelists,” profiles and passwords.
All configurations, application definitions
and data are encrypted. Even if the device
is hijacked, jail broken or the container is
copied, the contents are protected. All
data transmissions over the network are
encrypted.
The container can be locked to a specific
device, meaning that it will not start if
copied to another device.
The container may be “blacklisted,” i.e., all
applications and data will be automatically
removed if an attempt is made to connect
to the host. The container may be
configured to automatically shut down if
idle for a period of time or if the device
goes into sleep mode. HTML can be securely executed inside of the
container without the risks associated with a browser. All provisioning
and access requests are audited.
Following are some of the key features of the Kony container:
Decommissioning and Blacklisting
At any stage, an entire container or specific user may be blacklisted.
This means that the next time that the container is started and
has network access, all the relevant applications and data will be
automatically removed from the device, i.e., reset back to its initial
provisioning state. This functionality is essential if a device is lost
or stolen.
Device Lock
You may “lock” a Kony container to a specific device, i.e., if it is
illegally copied to another device, it will not start. This prevents any
unauthorized backup or replication of the container data.
Security
The primary benefit of the Kony secure container is complete security
of all its applications and data on the device. The following is a
summary of the security features:
Initial provisioning of the container itself can be controlled through the use of trusted “whitelists”, profiles and passwords.
All configuration, application definitions and data are encrypted. Even if the device is hijacked, jail broken or the container is copied, the contents are protected.
All data transmissions over the network are encrypted.
The container can be locked to a specific device, meaning that it will not start if copied to another device.
The container may be “blacklisted,” i.e., all applications and data will be automatically blocked from being accessed.
A range of identity management options can be used to authenticate user access to the container through standard directory services, 3rd party security applications, custom functionality etc.
Users can only access the applications and data that they are authorized to. The role-based provisioning is strictly controlled through the user profiling facility on the central Kony admin console.
The container may be configured to automatically shut down if idle for a period of time or if the device goes into sleep mode.
HTML can be securely executed inside of the container without the risks associated with a browser.
All provisioning and access requests are audited.
The innovative secure container feature provides smarter mobility
by allowing for identity management/role-based provisioning and
modular application implementation.
Figure 1: Example of a policy revoked from a user
Kony’s Secure Mobile Application Management Feature Brief6
Process FlowFigure 2 below describes the complete process flow. Using
enterprise connectors and sync, a Kony developer builds an
application. The application is written with a single code base and
made consumable on any device type and on multiple channels.
Once the application is written with a single code base, i.e.
JavaScript, the developer can publish to a choice of channels as
seen here. Note channels available in native iOS, Android, Windows
Phone, and BlackBerry, as well as HTML5, single page applications
and even desktop and desktop web.
The IT Administrator wraps policies to the binary, assigns the
application to users/group(s)/role and promotes the app to his
enterprise branded app store. In this example, John is assigned an
app based on his role and use credentials. Once John downloads
the app store he will be able to push this app automatically.
John brings his personal device to work. He then has the option of
downloading his company branded app store from the general app
marketplace or via a URL.
Once he logs into his enterprise app store, he is pushed
notifications about apps to which he has access and others that are
suggested for him. One of the first apps that he downloads is the
enterprise mobile container. This container is a secure area where
applications can be loaded and managed separately from the rest of
the applications on his device.
The administrator can then manage the secured container, as
opposed to the entire device, with centralized policy management.
Figure 2: Kony Mobile Application Management Process Flow
Admin Monitors
App
Kony’s Secure Mobile Application Management Feature Brief 7
Provisioning Following are the steps for initial provisioning of the secure application:
1) When the employee wishes to use the company apps on a personal device he or she is instructed to go to an initial URL by the company
system administrator in the form of an email.
2) They login using their Active Directory credentials.
3) The folder app gets downloaded onto the phone after the display of a pop up asking for permission to download the folder app. The default
language for this message is: “Are you sure you want to install the folder that will contain all your corporate apps?”
4) Only the folder app will be downloaded on first use. No other app will be downloaded at that point.
This user experience is demonstrated in Figure 4 below.
Figure 4: Kony MAM Provisioning Steps
Kony’s Secure Mobile Application Management Feature Brief8
Client ComponentsKony Mobile Application Management also includes client
components, which consist of:
1) Client App Framework – Provides isolation of application from other applications and ensures a secure framework. App Management Capabilities include:
i. Authorize application
ii. Handling, creation, validation and revocation of tokens / certificates
iii. Remote wipe of data in application
iv. Remote revocation of application authorization
v. Interfaces to authentication and authorization services
2) HTML5 Renderer – HTML5 Compliant rendering components including application UI caching, navigation and branding.
3) Local Data Management – Manage o"ine data container including handling of data encryption and content classification metadata
4) Content Policy Engine – Policy engine for controlling application functionality in o"ine and online mode based on content classification.
5) Inter-App Communication – This is how the communication occurs within the folder from one app to another.
6) App Management – Provides connection point for remote administration of application and content and distribution of o"ine policies.
Server ComponentsIn addition to client components, Kony Mobile Application
Management contains server elements that are critical to executing
comprehensive application management:
KonyOne Server – KonyOne provides an enterprise grade mobile
application server that sits on top of traditional J2EE application
servers. The KonyOne Server provides key services such as device
detection, a services bus, session state, security services, analytics,
reporting, and more. KonyOne runs on open, industry standard J2EE
technology like IBM WebSphere, Oracle Weblogic, and Tomcat
Integration Services – Integrate into backend systems with web
services, direct database access, through Java or via any of Kony’s pre-
built Connectors for SAP, Oracle and Microsoft enterprise systems.
Kony Application Manager ConsoleKony provides a single location to manage app security, app usage
policies, app updating and securitizing, provisioning apps to the
Enterprise App Store and more, thereby ensuring a manageable and
end-to-end solution for the IT Policy O#cer. Working in conjunction
with your mobile device management vendor if present, KonyOne
Platform provides an integrated console through which changes can
be made and tracked, while also providing a wide range of analytics
and reports to help optimize the employee experience, and that of
your corporation.
Employee Authentication and Authorization Services – Integration
with SiteMinder/Active Directory and other security based systems.
This includes Enterprise App Distribution to control access to
applications allowing only employees authorized to download
the apps.
Kony provides a single location to manage app security, app usage policies, app updating and securitizing, provisioning apps to the Enterprise App Store and more, thereby ensuring a manageable and end-to-end solution for the IT Policy O#cer.
Kony’s Secure Mobile Application Management Feature Brief 9
AnalyticsReport, analyze, and audit using built-in modules and industry
standards like Adobe Omniture, IBM Coremetrics, Google Analytics,
and Webtrends Analytics.
4 types of report views are available:
Tabular
Bar
Line
Pie
Two types of report selections are available:
Apps: Total apps per platform
Downloads: Total downloads per platform
Mandatory apps not installed per user
Information on users per device and per OS – number of apps downloaded
Information on apps – number of users per device and per OS
These reports can also be scheduled to run at di!erent times. These
could include scheduling reports daily, per hour, per week etc.
Administrators gain complete visibility into their applications, so
they can immediately see when users are experiencing performance
issues – rather than waiting for them to complain about crashes, slow
response times, or error messages. As a result, you can take immediate
troubleshooting action.
With Kony’s Application Management Console, customers can
automatically:
Monitor App performance
Manage App errors/faults/crashes and ensure optimum service provided by your Apps
Evaluate log files (across myriad devices) to determine reasons for crashes and understand what a user was attempting to do when a fault or crash occurs
Monitor start/end times for App usage, as well as transaction processing times
Minimize the burden of help desk support Figure 5: Kony Application Manager Console
Figure 6: Kony Application Manager Console Report
© 2012 Kony Solutions, Inc. All rights reserved. Kony and the Kony Platform are trademarks of Kony Solutions, Inc. Apple and iPhone are trademarks of Apple Inc., registered in the U.S. and other countries. BlackBerry is a registered trademark of Research In Motion. Android is a trademark of Google Inc. Other product names mentioned are the property of their respective holders.
7380 West Sand Lake RoadSuite #390Orlando, Florida 32819
Tel: 1.321.293.KONY (5669)Toll free: 1.888.323.9630Fax: 321.293.0161
About KonyKony and the KonyOne Platform™ enable Fortune 500 companies to o!er consumers and employees feature-rich mobile applications in less
time and at lower costs than any other solution. Leveraging a Write Once, Run Everywhere single application definition, applications are designed
and developed just once, in a device independent manner, and deployed across multiple channels, including native applications, device-
optimized HTML5 and HTML4 mobile web, SMS, web gadgets, kiosks, and tablets.
Kony’s unique platform is proven to future-proof a company’s mobile investment by enabling applications to be changed once for all channels,
ensuring faster adoption of new operating systems and standards as they are introduced, while eliminating maintenance, upgrade and future
development costs.
More information can be found at www.kony.com/mobile-application-management