partner webcast – oracle mobile security suite for mobile applications
TRANSCRIPT
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Security Suite forMobile Applications
Victor Ameh Oracle Fusion Middleware Technology ISV Migration Consultant A&C Technology Adoption Office | Partner Business Development, ECEMEA February 12, 2015
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
4
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
1
2
3
4
5
Securing The Extended Enterprise: Mobile Security
Oracle Mobile Security Suite
Secure Mobile Container Apps
Security Services Technical Overview
Demo: Secure Workspace and User Provisioning
Q&A
5
6
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Securing The Extended Enterprise Mobile Security
6
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Mobility is Reshaping The Digital Economy
Tablets are replacing laptops and paper
Mobile apps have changed data creation and retention lifecycle
Innovative uses for Mobile devices in vertical markets
Always-on computing is threatening antiquated architectures and systems
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
80% 67% 89%
By 2015, mobile app development projects will outnumber native PC
projects by 4-to-1
Use tablets to work remotely 65% use to check email
Mobile devices already connect to corporate
networks
Source: Forbes: Mobile Business Statistics For 2012
Mobile Usage in the Enterprise Driven by IT Consumerization
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Mobility Is A Significant Challenge for I.T.
Top Mobility
Challenges for CIOs
CIO Insight: Top Challenges of Enterprise Mobility, 2012
41%
31%
28%
Securing corporate information
Integrating with other systems
Supporting multiple devices
Mobility is Expensive
McKinsey, 2012: Mobility Disruption: A CIO Perspective
41% CIOs cited Mobility is expensive & a critical challenge
Up to$250 per device/ annually
Includes cost of connectivity, infrastructure and support
Bring Your Own Device (BYOD) Practices in 2011
Forbes: Mobile Business Statistics For 2012
74%
74% Allow some sort of BYOD usage.
Less than 10% “FULLY AWARE” of the devices accessing their network
10%
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
58% 35% 76%
Building mobile
application stores
Reported lost
or stolen devices
Store credentials
on the device
10% Store Passwords in Plain Text
Source: Partnerpedia
Survey Aug 2011
Source: Information week
Aug 2011 Source: Norton
Cybercrime 2012
Mobile Apps Create Security Risks
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Requirements for the New Digital Economy Mobile Security
Extend corporate identity to mobile apps
Separate personal and corporate data
Mitigate threats pre-emptively
Extend organizational security policies
Preserve native app experience
Enable IT control while maintaining user privacy
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Security Suite
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Solution
Complete Protection of Enterprise Information on Mobile Devices
• Secure, touch-enabled enterprise workspace for iOS and Android
• Trusted workspace for enterprise secure mail, browser, file manager, in-
house or 3rd party apps
• Single sign-on just like from your desktop
• No restrictions or controls over personal apps or data
• Increase productivity for mobile workers
• Data leaking control by policy to restrict or allow email, copy/paste, sharing
• Isolate enterprise data access from personal data access
• Manage application and data lifecycle to ensure users only have access to
authorized data
• Manage user credential lifecycle
• Deployment options include on-premise or in the cloud
Preserve User Experience
Enable Enterprise Security and Control Data Leakage Control
Policy Enforcement
Authentication
Encryption in Transit
Encryption at Rest
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Solution Secure Mobile Workspace - Separate personal and corporate data
Secure Browser
PIM (email, calendar,
contacts, tasks, notes)
Doc Editor
App Catalog
File Manager
Secure Intranet
Secure Mail
Secure Files
App Distribution
Authentication / SSO Data-at-rest Encryption Data-in-Transit Encryption DLP (Data Leakage Prevention) Policy for remote control
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
SECURITY
WORKSPACE EXPERIENCE CONTROL
Isolate corporate data,
enables secure remote
access
IT managed, policy controls,
selective data wipe, security
layer for mobility
Corporate security to native
apps, single-sign-on, role-
based access
MOBILE SECURITY SUITE
Oracle’s
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Security Suite v3.0
• WhitePages app for corporate directory (iOS and Android)
• Push notifications support for Oracle Secure Mail Manager
• New policy to disable custom redirects out of workspace
• Improved install/upgrade experience for containerized apps
– Add upgrade alerts for any containerized apps
– Add install on workspace homepage for containerized apps
• New docs
– Workspace Customization and Branding Guide
– App Containerization Tool Guide
Enriching the User Experience on Mobile Platform
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Security
• Easily add new applications without requiring source code access (native, custom, 3rd party & hybrid apps)
• De-couple security deployment & app development
• Injection-based approach - No SDK
• Single sign-on (SSO) support – NTLM, Kerberos, OAuth
• Data Leakage Prevention (DLP)
Easily Add Mobile Apps to Secure Workspace
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Security
• Introducing AppTunnel™
– Secure communication with enterprise application servers
– Eliminate VPN requirements, reducing costs and risks of rogue invasion
• Provide context-driven, risk-aware access to enterprise apps
• Enterprise app store/catalog
• Device enrollment and provisioning
• Gateway limits access to internal network only for white-listed apps
Secure Authenticated Access
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Securing External Mobile Applications
• Protect user data with API security for Internet facing mobile applications
• Enable consistent user experience across platforms with mobile access management
• Secure mobile app development by externalizing security requirements
Accelerate deployment of Consumer Facing Applications
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
How To Secure Corporate Data In A BYOD World?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
How To Secure Corporate Data In A BYOD World?
Mobile Device Management: Lock down the phone and treat it as a corporate asset – no personal data
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Mobile Application Management: Create a secure container that separates corporate data and apps from personal
How To Secure Corporate Data In A BYOD World?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Secure Mobile Container Apps Subtitle
23
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
App Containerization Tool Perfect for in-house built or 3rd party apps to create “trusted workspace”
Shared Integrated Windows Authentication (IWA)
SSO or layered
Shared AppTunnel – benefits over mobile VPN
Shared encryption keys – never stored on device
Shared policy engine – different policies for different users
Restrict sharing (open in, email, copy/paste…) to just “trusted workspace” apps
Enterprise
Distribution
Un-Signed Native App
Containerized
App
Oracle App Wrapping Tool
Distribute to Users
Available for:
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
App Isolation
Separate personal and corporate data
Separate, protect and wipe corporate
applications and data on mobile
devices
Enforce policies to restrict data
movement
Enable “Business Desktop” for access
to apps, applications, files and email
Encrypt data-at-rest, in-transit and in-
use
Monitor exceptions and remediate
violations using admin console
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
App Management
• Deploy apps using ‘Business Appstore’ for IT white-listed apps
• Enable a layer of security and DLP restrictions on apps
• Provision new apps without requiring source code access or coding
• Manage app lifecycle—Provisioning, deployment, Updates through admin console
Provisioning of IT White-listed Mobile Apps
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Secure Access
• Enable secure communication with enterprise application servers, file repository and email
• Eliminate VPN requirements, reducing costs and risks
• Prevent rogue apps, access to internal network only for white-listed apps
• Superior user-experience, maintain connections across network “hops”
Integrated Intranet access to corporate apps and data
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Security Services Technical Overview
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
OMSS Secures Apps and Data
Containerize
Secure
Browser
Native Apps
Web
Applications/ Intranet
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
AppTunnel
• Mutually authenticated SSL tunnel
– Benefits over IPSec = maintains state across networks
• No credentials on device – sophisticated key management for encryption
• Optimized for mobile traffic
– Compression for increased throughput and performance
• Transparent switch over between WIFI and 3G
No need for device-level mobile VPN
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Securing Data
Data-at-rest
• FIPS140-2 Level 1
• Secure storage
– File system
– User preferences
– SQLite
– Cache
• Key management
– Keys derived from user secret
– Multiple keys based on data sensitivity
• User secret never stored on device, never sent in the clear
Strong encryption at rest and in-transit
Data-in-transit
• AppTunnel is not device VPN
– Rogue app protection
– Only trusted apps
• SSL connection
– Maintains connection across networks (hotspots, towers, WiFi to cellular)
– Mobile IPSec drops connections, causes user frustration
• FIPS140-2 Level 1
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Security
• Introducing AppTunnel™
– Secure communication with enterprise application servers
– Eliminate VPN requirements, reducing costs and risks of rogue invasion
• Provide context-driven, risk-aware access to enterprise apps
• Enterprise app store/catalog
• Device enrollment and provisioning
• Gateway limits access to internal network only for white-listed apps
Secure Authenticated Access
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Authentication
• Authentication
– Single Sign-on • Kerberos, NTLM, SAML, OAuth
– Strong authentication – PKI
– Multi-factor • Virtual smart card (PIN protected x509 cert)
• RADIUS-based OTP token (RSA certified)
– Integration with OAM now & Mobile & Social
Enterprise Auth/SSO
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Policy Control
Data Leakage Protection
• Dynamic based on identity
• Add controls to 3rd party apps
• Controls
– No backup
– Restrict open-in
– Restrict copy/paste
– No email, messaging
– No chat, social sharing
– No print
All policy defined on server and enforced on the client
Policy Enforcement • Per app - dynamic policy engine
• Remote lock/wipe
• Authentication strength
• Authentication frequency
• App Catalog
• Compromised platform
• Inactivity duration
• DLP
• Time-fence / geo-fence
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Security Suite - End State Architecture Corporate DMZ Corporate Network
HT
TP
/RE
ST
/SO
AP
/OA
UT
H
SOAP/REST and Legacy
Web Services
Oracle Mobile Access
Server
Oracle API Gateway
App Tunnel
REST/Mobile Security
Corporate Resources
Oracle IDM Stack
Oracle Mobile
Security
Oracle Identity
Governance Oracle Access
Management
Unified Device & Policy
Registry
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Demo: Secure Workspace and User Provisioning
36
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 37
Summary
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Summary
• Mobility is Reshaping The Digital Economy
• Mobile Security has become a major requirement by the enterprise
• Oracle Mobile Security Suite (OMSS) addresses the BYOD challenges by isolating corporate from personal data on consumers’ personal mobile devices without needing to lockdown the entire device.
• OMSS provides App Containerization Tool for APPs isolation, secured workspace and management.
• Enterprise Authorization /Single sign on
• OMSS enforces centalised enterprise data protection and enforces policy controls
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
For Futher Information…
Oracle Mobile Security Suite 3.0 Product Documentation Library accessible at: http://docs.oracle.com/cd/E52357_01/index.htm Oracle Mobile and Social Access Service Administration Topics accessible at: http://docs.oracle.com/cd/E40329_01/admin.1112/e27239/part_oic.htm#CIHDHDJI Oracle Mobile and Social Access Service Development Topics accessible at: http://docs.oracle.com/cd/E40329_01/dev.1112/e27134/part3.htm#BCFDJHCC Java API Reference for Oracle Access Management Mobile and Social accessible at: http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28281/toc.htm
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Q&A
40
Victor Ameh Oracle ISV Migration Center Consultant [email protected] ISV Migration Center blog: http://blogs.oracle.com/imc ISV Migration Center email: [email protected]
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
• CONNECT WITH US
• COMMUNICATE WITH US • [email protected]
• oracle.com/subscribe
ASSISTING YOU ADOPT & IMPLEMENT THE LATEST ORACLE TECHNOLOGY
blogs.oracle.com/IMC
twitter.com/oracleIMC
youtube.com/OracleIMCTeam
facebook.com/oracleIMC
ORACLE.COM/PARTNERS/GOTO/HUB-ECEMEA
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 42