This is in continuation to the previous blog on ‘Mobile Application Management in the BYOD age’ which explained enough the importance of considering the MAM (Mobile Application Management) for enterprise mobile applications, here is something about the MAM technique provided by ‘GOOD technology’ and its approaches to secure the enterprise mobile applications.
GOOD is one of the tools, which I came across recently to secure and manage the application on the air without compromising user’s privacy. This facilitates storing the application specific data in a FIPS (Federal Information Processing Standard) validated encrypted container, which does not rely on any device specific or OS specific encryption techniques.
“Just wipe the app data and lock the app when you feel your device is not in a safer hand”
GOOD basically comes with two flavors to protect your app.
- You could either choose its SDK to have the security layer over the app, or
- Choose to wrap the app, which IT could easily do without needing your code.
So SDK or wrapping for your app?
The answer depends on the data you want to protect in the GOOD secure place. When we take a mobile app, the application specific data could be stored in different places like application sandbox, device keychain, SQLite DB, preferences/User Defaults, app bundle and so on…
Now if you need to protect/secure all such application specific data, then SIMPLY WRAP it. While programming your application, you need not care about how GOOD is going to protect your data. You can build the application in your own way with no interference of GOOD components. When your build is ready, get in touch with your IT admin to upload the built application to the GOOD server along with your application specific signature certificate and simply have the server “wrap the application”, as simple as that.. This will automatically move all your application specific data to the GOOD secured container without any developer’s effort to rewrite with any GOOD specific code.
What if you do not have to move all your application specific data to the GOOD container? Say you want to move/protect only the sandboxed data of your application… GOOD’s SDK provides native APIs which can be integrate by any intermediate developer. With the SDK, you can selectively safeguard the data you want to.
- with the wrapping approach -> build the app (in your own style) – wrap – distribute.
- with the SDK approach -> build with SDK – distribute.
Above are two different approaches and both deliver security and policy controls required for password Management, data loss prevention, sharing data between apps, locking app or wiping app’s data on the air. (Learn more about the Gamification Mobile app).
Now that the app is distributed, how it is going to be controlled/ managed?
The answer is ‘via a centralized and simple web based console’. When the GOOD enterprise server is deployed, it provides an easy to use, menu driven web console from where the admin can easily control/manage the distributed applications and the access to those apps for different users.
Locking the app/ wiping its data works by the simple series of steps to be followed by IT admin
- Add the GOOD containerized app(s) to the console.
- Add the user(s) to the console to who access are to be provided.
- Map the app provision to each user.
- Provide access key to each user to access specific application. The access key remains unique per application per user per device. Now when the user accesses the app with the provided access key from any device, the device gets automatically added to the devices list along with the accessed app in the GOOD console.
- Now when the user contacts the IT admin under certain circumstances when the device is lost or something, then the admin could lock the app (simply locks the app without wiping any of its data so that app could be unlocked again only on requesting new access code from the admin) or wipe the app data (locks the app as well as wipes off the entire app data, so that unlocking the app does not reveal any stored data) using simple menu options in the console.
The GOOD server could either be deployed on premise or hosted on the cloud space, but when more IT controls are required over the containerized app, then on premise deployment is the better option.
GOOD has recently been acquired and maintained by Blackberry, is continuously working to provide unified experience for securing enterprise data, application & devices and recently extended its support for mobiles running on Blackberry operating system as well.