kony mobile app mgmt

10
Kony Mobile Application Management (MAM) Kony’s Secure Mobile Application Management Feature Brief

Upload: jim-porter

Post on 18-Nov-2014

1.918 views

Category:

Documents


2 download

DESCRIPTION

Enterprise mobile device strategies are experiencing enormous disruption ...

TRANSCRIPT

Page 1: Kony Mobile App Mgmt

Kony Mobile Application Management (MAM)Kony’s Secure Mobile Application Management Feature Brief

Page 2: Kony Mobile App Mgmt

Kony’s Secure Mobile Application Management Feature Brief2

Contents

What is Mobile Application Management? 3

Kony Mobile Application Management Solution Overview 4

Features and Benefits of the Kony MAM Solution 5

Process Flow 6

Provisioning 7

Client Components 8

Server Components 8

Kony Application Manager Console 8

Analytics 9

About Kony 10

Page 3: Kony Mobile App Mgmt

Kony’s Secure Mobile Application Management Feature Brief 3

Enterprise mobile device strategies are experiencing enormous disruption thanks to sta!

insisting on using their own devices to access work systems and data as part of the bring your

own device (BYOD) trend. Many organizations are considering personally-owned mobile devices

for business apps. Their goal is to drive employee satisfaction and productivity through the use

of new technologies, while simultaneously reducing mobile expenses.

This trend is one of the more dramatic results of the consumerization of IT, in which consumer

preference – not corporate initiative – drives the adoption of technologies in the enterprise.

However, many of these devices were not built with enterprise requirements in mind, so IT

teams often feel uncomfortable about security and supportability of their corporate applications

running on a foreign device over which they have no control.

BYOD is more than just shifting ownership of the device to the employee. It has many complex

and hidden implications; organizations would do well to define a comprehensive BYOD strategy

in advance of implementation.

Businesses want the ability to securely manage mobile applications installed on employee

devices. As a result, IT concerns have begun moving from mobile device management (MDM)

to mobile application management (MAM) as part of a shift in thinking over whether to allow

mobile devices toward how to best take advantage of them.

What is Mobile Application Management?Mobile Application Management is an essential tool for organizations that provide “in-house” apps to employees or contractors using corporate-

liable or individual-liable devices. Unlike Mobile Device Management, Mobile Application Management focuses primarily on the applications

resident on mobile devices, rather than the devices themselves. For example, if a user leaves an organization or group, apps and data belonging

to the organization can be de-provisioned, without resorting to a full “device wipe” which could expose an organization to liability.

Any organization’s BYOD strategy should allow for enterprise applications to be used without compromising its implemented security policies.

The goal is for an employee to be able to use both personal and enterprise applications on the same device, without concerns over privacy

violations by their employer. A Mobile Application Management solution should allow enterprise IT policies to be enforced on enterprise

applications – and only on enterprise applications – and ultimately reduce the cost of ownership for an enterprise.

Page 4: Kony Mobile App Mgmt

Kony’s Secure Mobile Application Management Feature Brief4

Kony Mobile Application Management Solution OverviewKony’s Mobile Application Management solution allows an IT organization to securely deploy, manage, and analyze mobile apps – without

compromising enterprise or user data privacy, and all while ensuring total focus on optimizing the mobile user experience.

With the Kony MAM solution you add code to your mobile apps that use Kony’s policy APIs. The APIs let the app communicate with the Kony

App Management server to enforce policies for that app and/or user, such as restricting usage to geo locations or copy/paste into/out the app

or deleting on device data if the user’s permissions are revoked.

The Kony Mobile Application Management component allows administrators to monitor activities – such as an app access – so that they can

then check the current device and application state against the policies. Via the embedded libraries, the app communicates its status and activity

back to the server – not entire device status, which may lay concerns from employees, contractors, and business partners over how invasive

your device management may be.

Importantly, management is embedded in the app, so you don’t have to manage the device itself. Thus, you should be able to extend legitimate

application management to a greater number of users than the universe of devices you actually manage.

Kony’s MAM focuses on role-based security,

provisioning and control of mobile apps in an

organization. Additional capabilities include what is

commonly called “inventory management”, since

MAM provides a complete view of all devices, and

their characteristics such as device type, operating

system, memory, and installed applications.

Figure 1: Kony Mobile Application Management Component View

Device makes the request

at application startup to check for modified policies

Application UI

Device OS

Policy Management

Binary Management /

App Catalog

NativeSDK

Security & Usage Policy

Data

Modified App Native Code

Integrated Kony Policy Framework

Native Code

Policies are returned in

JSON format

Page 5: Kony Mobile App Mgmt

Kony’s Secure Mobile Application Management Feature Brief 5

Features and Benefits of the Kony MAM SolutionThe key feature of Kony’s MAM is the concept of a “Secure Mobile Application Management Container” that completely abstracts applications

and data away from the specifics of the device and operating system. Kony’s secure mobile application container provides a separate and secure

virtual environment on the mobile device in which to run Kony and non-Kony applications and store related data.

This mobile enterprise container provides true “configure once, run

everywhere” capability, o!ering a single, consistent, secure method

to provision applications and synchronize data across all major device

types (e.g., iOS, Android, BlackBerry, and Windows) seamlessly. It

also provides integration of native applications (e.g., calendar, maps,

camera, etc.) and supports embedded HTML.

The primary benefit of the Kony secure container is total security

of all its applications and data on the device. Initial provisioning of

the container itself can be controlled through the use of trusted

“whitelists,” profiles and passwords.

All configurations, application definitions

and data are encrypted. Even if the device

is hijacked, jail broken or the container is

copied, the contents are protected. All

data transmissions over the network are

encrypted.

The container can be locked to a specific

device, meaning that it will not start if

copied to another device.

The container may be “blacklisted,” i.e., all

applications and data will be automatically

removed if an attempt is made to connect

to the host. The container may be

configured to automatically shut down if

idle for a period of time or if the device

goes into sleep mode. HTML can be securely executed inside of the

container without the risks associated with a browser. All provisioning

and access requests are audited.

Following are some of the key features of the Kony container:

Decommissioning and Blacklisting

At any stage, an entire container or specific user may be blacklisted.

This means that the next time that the container is started and

has network access, all the relevant applications and data will be

automatically removed from the device, i.e., reset back to its initial

provisioning state. This functionality is essential if a device is lost

or stolen.

Device Lock

You may “lock” a Kony container to a specific device, i.e., if it is

illegally copied to another device, it will not start. This prevents any

unauthorized backup or replication of the container data.

Security

The primary benefit of the Kony secure container is complete security

of all its applications and data on the device. The following is a

summary of the security features:

Initial provisioning of the container itself can be controlled through the use of trusted “whitelists”, profiles and passwords.

All configuration, application definitions and data are encrypted. Even if the device is hijacked, jail broken or the container is copied, the contents are protected.

All data transmissions over the network are encrypted.

The container can be locked to a specific device, meaning that it will not start if copied to another device.

The container may be “blacklisted,” i.e., all applications and data will be automatically blocked from being accessed.

A range of identity management options can be used to authenticate user access to the container through standard directory services, 3rd party security applications, custom functionality etc.

Users can only access the applications and data that they are authorized to. The role-based provisioning is strictly controlled through the user profiling facility on the central Kony admin console.

The container may be configured to automatically shut down if idle for a period of time or if the device goes into sleep mode.

HTML can be securely executed inside of the container without the risks associated with a browser.

All provisioning and access requests are audited.

The innovative secure container feature provides smarter mobility

by allowing for identity management/role-based provisioning and

modular application implementation.

Figure 1: Example of a policy revoked from a user

Page 6: Kony Mobile App Mgmt

Kony’s Secure Mobile Application Management Feature Brief6

Process FlowFigure 2 below describes the complete process flow. Using

enterprise connectors and sync, a Kony developer builds an

application. The application is written with a single code base and

made consumable on any device type and on multiple channels.

Once the application is written with a single code base, i.e.

JavaScript, the developer can publish to a choice of channels as

seen here. Note channels available in native iOS, Android, Windows

Phone, and BlackBerry, as well as HTML5, single page applications

and even desktop and desktop web.

The IT Administrator wraps policies to the binary, assigns the

application to users/group(s)/role and promotes the app to his

enterprise branded app store. In this example, John is assigned an

app based on his role and use credentials. Once John downloads

the app store he will be able to push this app automatically.

John brings his personal device to work. He then has the option of

downloading his company branded app store from the general app

marketplace or via a URL.

Once he logs into his enterprise app store, he is pushed

notifications about apps to which he has access and others that are

suggested for him. One of the first apps that he downloads is the

enterprise mobile container. This container is a secure area where

applications can be loaded and managed separately from the rest of

the applications on his device.

The administrator can then manage the secured container, as

opposed to the entire device, with centralized policy management.

Figure 2: Kony Mobile Application Management Process Flow

Admin Monitors

App

Page 7: Kony Mobile App Mgmt

Kony’s Secure Mobile Application Management Feature Brief 7

Provisioning Following are the steps for initial provisioning of the secure application:

1) When the employee wishes to use the company apps on a personal device he or she is instructed to go to an initial URL by the company

system administrator in the form of an email.

2) They login using their Active Directory credentials.

3) The folder app gets downloaded onto the phone after the display of a pop up asking for permission to download the folder app. The default

language for this message is: “Are you sure you want to install the folder that will contain all your corporate apps?”

4) Only the folder app will be downloaded on first use. No other app will be downloaded at that point.

This user experience is demonstrated in Figure 4 below.

Figure 4: Kony MAM Provisioning Steps

Page 8: Kony Mobile App Mgmt

Kony’s Secure Mobile Application Management Feature Brief8

Client ComponentsKony Mobile Application Management also includes client

components, which consist of:

1) Client App Framework – Provides isolation of application from other applications and ensures a secure framework. App Management Capabilities include:

i. Authorize application

ii. Handling, creation, validation and revocation of tokens / certificates

iii. Remote wipe of data in application

iv. Remote revocation of application authorization

v. Interfaces to authentication and authorization services

2) HTML5 Renderer – HTML5 Compliant rendering components including application UI caching, navigation and branding.

3) Local Data Management – Manage o"ine data container including handling of data encryption and content classification metadata

4) Content Policy Engine – Policy engine for controlling application functionality in o"ine and online mode based on content classification.

5) Inter-App Communication – This is how the communication occurs within the folder from one app to another.

6) App Management – Provides connection point for remote administration of application and content and distribution of o"ine policies.

Server ComponentsIn addition to client components, Kony Mobile Application

Management contains server elements that are critical to executing

comprehensive application management:

KonyOne Server – KonyOne provides an enterprise grade mobile

application server that sits on top of traditional J2EE application

servers. The KonyOne Server provides key services such as device

detection, a services bus, session state, security services, analytics,

reporting, and more. KonyOne runs on open, industry standard J2EE

technology like IBM WebSphere, Oracle Weblogic, and Tomcat

Integration Services – Integrate into backend systems with web

services, direct database access, through Java or via any of Kony’s pre-

built Connectors for SAP, Oracle and Microsoft enterprise systems.

Kony Application Manager ConsoleKony provides a single location to manage app security, app usage

policies, app updating and securitizing, provisioning apps to the

Enterprise App Store and more, thereby ensuring a manageable and

end-to-end solution for the IT Policy O#cer. Working in conjunction

with your mobile device management vendor if present, KonyOne

Platform provides an integrated console through which changes can

be made and tracked, while also providing a wide range of analytics

and reports to help optimize the employee experience, and that of

your corporation.

Employee Authentication and Authorization Services – Integration

with SiteMinder/Active Directory and other security based systems.

This includes Enterprise App Distribution to control access to

applications allowing only employees authorized to download

the apps.

Kony provides a single location to manage app security, app usage policies, app updating and securitizing, provisioning apps to the Enterprise App Store and more, thereby ensuring a manageable and end-to-end solution for the IT Policy O#cer.

Page 9: Kony Mobile App Mgmt

Kony’s Secure Mobile Application Management Feature Brief 9

AnalyticsReport, analyze, and audit using built-in modules and industry

standards like Adobe Omniture, IBM Coremetrics, Google Analytics,

and Webtrends Analytics.

4 types of report views are available:

Tabular

Bar

Line

Pie

Two types of report selections are available:

Apps: Total apps per platform

Downloads: Total downloads per platform

Mandatory apps not installed per user

Information on users per device and per OS – number of apps downloaded

Information on apps – number of users per device and per OS

These reports can also be scheduled to run at di!erent times. These

could include scheduling reports daily, per hour, per week etc.

Administrators gain complete visibility into their applications, so

they can immediately see when users are experiencing performance

issues – rather than waiting for them to complain about crashes, slow

response times, or error messages. As a result, you can take immediate

troubleshooting action.

With Kony’s Application Management Console, customers can

automatically:

Monitor App performance

Manage App errors/faults/crashes and ensure optimum service provided by your Apps

Evaluate log files (across myriad devices) to determine reasons for crashes and understand what a user was attempting to do when a fault or crash occurs

Monitor start/end times for App usage, as well as transaction processing times

Minimize the burden of help desk support Figure 5: Kony Application Manager Console

Figure 6: Kony Application Manager Console Report

Page 10: Kony Mobile App Mgmt

© 2012 Kony Solutions, Inc. All rights reserved. Kony and the Kony Platform are trademarks of Kony Solutions, Inc. Apple and iPhone are trademarks of Apple Inc., registered in the U.S. and other countries. BlackBerry is a registered trademark of Research In Motion. Android is a trademark of Google Inc. Other product names mentioned are the property of their respective holders.

7380 West Sand Lake RoadSuite #390Orlando, Florida 32819

Tel: 1.321.293.KONY (5669)Toll free: 1.888.323.9630Fax: 321.293.0161

About KonyKony and the KonyOne Platform™ enable Fortune 500 companies to o!er consumers and employees feature-rich mobile applications in less

time and at lower costs than any other solution. Leveraging a Write Once, Run Everywhere single application definition, applications are designed

and developed just once, in a device independent manner, and deployed across multiple channels, including native applications, device-

optimized HTML5 and HTML4 mobile web, SMS, web gadgets, kiosks, and tablets.

Kony’s unique platform is proven to future-proof a company’s mobile investment by enabling applications to be changed once for all channels,

ensuring faster adoption of new operating systems and standards as they are introduced, while eliminating maintenance, upgrade and future

development costs.

More information can be found at www.kony.com/mobile-application-management