Unvired Mobile Enterprise Application Platform

Unvired Mobile Enterprise Application Platform
Unvired Mobile Enterprise
Application Platform - Security
Srinivasan Subramanian – CTO
Unvired Mobile Enterprise Application Platform - Security
Executive Summary
Unvired Infrastructure (UNI) is a Mobile Enterprise Application Platform connecting enterprise systems
(like SAP, Salesforce.com, etc) with mobile devices (all leading smart phones and tablets). UNI can be
used both on-premise and as a cloud service. Security is a cornerstone of enterprise systems. In the
following pages the security features of UNI are highlighted. In the following sections device shall mean
smart phones / tablets and middleware shall mean UNI.
1. Secure communication.
All communication between the device and the middleware are sent over a secure HTTPS (Hypertext
Transfer Protocol Secure) channel. It provides encrypted communication and secure identification of
the Unvired Infrastructure server. This is similar to the way data is exchanged between your browser
and your bank website and is safe.
In addition all credentials that are sent are additionally encrypted using the Advanced Encryption
Standard (AES) standard which is adopted by the US Government and is a trusted mechanism to secure
data. The Unvired Infrastructure encrypts the credentials that are exchanged using AES with 256 bits
key which provides additional security.
2. Login to the Admin Cockpit on the cloud is protected with Two-factor
authentication.
The Unvired Infrastructure is administered and monitored by the Unvired Cockpit. The Unvired Cockpit
can be accessed using a Secure HTTPS URL only. Further the login is protected with a two-factor
authentication using the Google Authenticator mechanism. This ensures that administrators need to
know their password and additionally enter a one-time, time limited token that is generated by the
Google Authenticator application to get access. The two-factor login ensures that the system cannot be
accessed by unauthorized personnel.
3. Data partitioned and encrypted across customers on the Cloud server.
The data that is saved in the Unvired Infrastructure is partitioned across customers so that data for that
customer is isolated. In addition the customer’s data is encrypted using their own unique keys. All
sensitive data including business content, system information, credentials etc that are saved on the
Unvired Infrastructure are encrypted using the AES algorithm with 256 bits key providing the maximum
possible security.
The unique keys of the customer are encrypted with standard Public Key - Private Key cryptography and
stored securely to ensure no unauthorized access is allowed. Data is held unencrypted in memory only
for the minimum required duration and then discarded.
www.unvired.com
1
© Copyright 2012
Unvired Mobile Enterprise Application Platform - Security
4. Business content stored in Unvired Infrastructure only until delivery to
device.
The business content that is stored securely on the server is kept only until guaranteed delivery to the
device is completed. Once the device acknowledges having received the message successfully, the data
is discarded. This ensures that the business content is saved only as long as required and is never
permanent.
5. Viewing of stored business content on the Unvired Infrastructure server is
protected with Two-factor authentication.
The encrypted business content can be decrypted and viewed only by Administrator users. Further the
administrators are allowed access only after they validate successfully by entering a one-time, time
limited token that is generated by the Google Authenticator on their smart phones. The two-factor
validation ensures that the data cannot be viewed by unauthorized personnel.
6. Data posted from the device is protected with a One-Time token.
The data that is posted from the device to the server is additionally protected with a one-time token.
The server validates this before accepting the message. This ensures that the data is originating from
the trusted device and not an impersonation. Data which fails the one-time token check is rejected on
the server and logged for further audit by the administrators.
7. Secure Agent to connect to your on-premise infrastructure from the cloud.
The Unvired Infrastructure cloud servers connect to your on-premise infrastructure (like SAP ERP, CRM,
other systems providing web-services etc.) via a Secure Agent that runs inside your landscape using the
HTTPS protocol. This ensures that there is no firewall reconfiguration or placing systems in the DMZ
(Demilitarized Zone) is required while still accessing from the cloud. Further the Secure Agent is open
source and can be audited by the customers. The Secure Agent further has configurations that limit
access to only the required systems and for the authorized users. The system can be fully audited by
administrators to keep track of the actual data that is sent and received via the Secure Agent.
8. Audit logs on the Unvired Infrastructure server.
Every critical and sensitive operation performed on the Unvired Infrastructure server is logged in the
Audit log with the date / time of the operation and the administrator user who performed it. This
provides complete track and trace functionality to check all changes performed on the system, by whom
and when.
9. Only trusted devices can connect to the Unvired Infrastructure server.
The system is centrally administered using the Unvired Cockpit. Only trusted applications that have
been uploaded to the Unvired Infrastructure can be used. Unvired users are managed and accepted
enterprise devices are assigned by the Administrator. Only such trusted users / devices can use the
assigned applications affording complete security of enterprise data. Users who do not have access to
www.unvired.com
2
© Copyright 2012
Unvired Mobile Enterprise Application Platform - Security
the business functionalities any more can be disabled on the Unvired Infrastructure rendering the device
application unusable.
10. Password protection on device applications.
All device applications work with a centrally configured password policy. This ensures that access to the
data and business functionality on the device is available only to authorized and authenticated users.
11. Data is stored encrypted and protected on the mobile device.
The business content that is stored on the device is always encrypted and protected using native
capabilities of the device. For example the data that is stored on the BlackBerry can only be read on
that device and cannot be accessed outside. Similarly data is protected on all supported devices.
12. Remote wipe of data on lost or compromised devices.
Unvired Infrastructure can wipe out the business content from devices that are lost or compromised.
This is controlled centrally from the Unvired Infrastructure server and can be performed by the
administrator. This ensures the additional safety of business content on the mobile devices.
www.unvired.com
3
© Copyright 2012
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising