Documentos de Académico
Documentos de Profesional
Documentos de Cultura
SimplifyingSecurity&ManagementforEnterpriseLevelApps&BYOD
Layer7Technologies
WhitePaper
SecureMobileAccessfortheEnterprise
Contents
Introduction..................................................................................................................................................3 BYOD&Apps:InnovationThroughConsumerization..................................................................................3 TheBenefitsofEverywhereAccess..........................................................................................................4 TheBYODMovement ...............................................................................................................................4 . MobileIntegration:UsingAppstoLeverageInternalInformationAssets&Services .................................5 . UsingAPIstoEnableEnterpriseMobility.................................................................................................5 AddressingtheChallengesofEnterprise/MobileIntegration......................................................................6 1.AdaptingInternalInformationAssetsforMobileConsumption..........................................................6 2.OptimizingAppPerformanceWhenAccessingEnterpriseInformation...............................................7 3.SecuringMobileAccesstoEnterpriseAPIs...........................................................................................7 4.MakingAPIsDiscoverable&ConsumableforDevelopers....................................................................8 SimplifyingSecureEnterpriseMobilitywithaMobileAccessGateway...................................................9 Layer7SolutionsforSimplifyingSecureEnterpriseMobileAccess.............................................................9 Conclusion.....................................................................................................................................................9 AboutLayer7Technologies........................................................................................................................10 ContactLayer7Technologies.....................................................................................................................10 LegalInformation........................................................................................................................................10
Copyright2012byLayer7Technologies,Inc.(www.layer7.com)
SecureMobileAccessfortheEnterprise
Introduction
MobiletechnologyisrevolutionizingthecorporateITlandscape.Enterpriseswanttoleveragemobileto maximizeemployeeproductivity,efficiencyandavailability.Meanwhile,employeesarealreadytaking theinitiativebyusingtheirownpersonalmobiledevicesforbusinesspurposes.Forenterprises,the benefitsofenterprisemobilityandtherealityofthebringyourowndevice(BYOD)movementare becomingimpossibletoignore. For enterprises, the benefits of enterprise mobility and the reality of BYOD are becoming impossible to ignore. Thetruepotentialofmobiledevicesisintheappstheyrun.Togetrealvalue frommobile,enterprisesneedtoprovidetheiremployeeswithappsthatcan accesscorporateresourcesandinformation,evenwhenthedevicesbeingused arenotundercorporatecontrol.Forenterprises,thiscreatessignificant challengesrelatedtosecurityandinformationadaptation.
2. TheBYODmovementandtheconsumerizationofenterpriseIT
Copyright2012byLayer7Technologies,Inc.(www.layer7.com)
SecureMobileAccessfortheEnterprise
Copyright2012byLayer7Technologies,Inc.(www.layer7.com)
SecureMobileAccessfortheEnterprise
Mobile Integration: Using Apps to Leverage Internal Information Assets & Services
Enterprise IT organizations have often reacted to any new technology paradigm with a rip and replace approach Sohowdoyoubuildappstoenablethemobileworkforce?Inthepast, enterpriseITorganizationsalltoooftenreactedtoanynewtechnology paradigmwitharipandreplaceapproachaccommodatingthenew technologybyattemptingtobuildnewITsystemsorportoldprocessesto newpackagedplatforms.Thisapproachyieldedlimitedreturnsanda moreflexible,efficientalternativewasclearlyneeded.
Overthelastdecade,moreandmoreenterprisearchitectshaveadopted anapproachdrivenbyapplicationprogramminginterfaces(APIs)inordertomakedataandapplication functionalityavailabletootherapplications.Thesearchitectscreateservicesthatallowthemtoeasily consumeandreuseexistingITinvestmentswhilecreatingnewbusinessprocessesbycomposing multipleoperationstogetherintohigherlevelapplications. ThisapproachknownasServiceOrientedArchitecture(SOA)canbeleveragedintheenterprise mobilecontext.Keydataandapplicationscanbeextendedanddeliveredasservices,viaAPIs,tomobile apps.Morespecifically,ServiceOrientedinterfacescanbequicklyadaptedintomobilefriendlyAPIs thatexposeinternalenterpriseinformationassetstomobiledevelopersandtheappstheybuild,using formatsandsecuritymodelsmobiledevicescaneasilyconsume.
Copyright2012byLayer7Technologies,Inc.(www.layer7.com)
SecureMobileAccessfortheEnterprise
Forthesakeofthiswhitepaper,weareprimarilyconcernedwiththecreationofmobileappsbyinternal developersforusebyemployees(andpartners)acrosstheextendedenterprise.Ausecasefrom anotherLayer7customerdemonstrateshoweffectivethisstrategycanbe.Thecustomer,oneofthe largestUSbasedairlines,launchedanambitiousAPIpublishingprogramtargetedatbothinternaland externaldevelopers;employeesandcustomers. Internally,theseAPIsallowedthecompanysdeveloperstocreatearangeofappsdesignedtoenable themobileworkforce.Forexample,anappwascreatedthatwasdesignedtohelpgroundcrews expeditetheloadingandunloadingofbaggagefromflights,decreasingbaggagehandlingtimesto maximizecustomersatisfaction.(Externally,appsweredevelopedthatgavecustomersfulleritinerary managementcapabilitiesbycombiningtheairlinesscheduleandticketinformationwithvalueadded informationprovidedbyoutsidesources.) Layer7srolewastohelpthecompanyaddressthechallengesofpublishing,integratingandsecuring theseAPIs,therebyenhancingkeybusinessprocesseswithoutcompromisingcorporateintegrity.
Copyright2012byLayer7Technologies,Inc.(www.layer7.com)
SecureMobileAccessfortheEnterprise
Again,aSOAGatewayorAPIProxymaybeabletohelptheenterpriseaddressthesechallenges.Thisis becausesomeSOAGatewaysdeliverawiderangeoffunctionalityformanagingandoptimizingdata trafficloads,including: Throttlingrequeststhatexceedacertainthresholdorshapingtrafficbasedonconsiderations likelocation,timeofdayorsubscriberlevel,thusselectivelylimitingperformancesappingload onbackendapplications. Usingsophisticatedcachingcapabilitiesinorderto:(a)minimizethenumberofrequeststhat getpassedtobackendapplications;(b)improvelatencyresponsetimes. Compressingdataonthefly,tominimizetrafficsenttoandfromamobileapp.SomeGateways canloadbalanceacrossmultiplebackendapplicationinstances,ensuringmoreevenly distributedloadacrossAPIsandsimplifyingscaleoutofbackendapplications. PrioritizingAPIcallstoensurethatpaidsubscribersorkeyusersreceiveaconsistentqualityof service,withguaranteedaccesstoenterpriseresources.Thisfunctioncanalsobeusedto reserveAPIaccesscapacitybasedonaspecifictraffictype.
WhendeployedintheCloud,someSOAGatewayscanalsohelpautoscalebackendservicesandeven dynamicallyaddGatewaynodestoaclusterinordertoprocessmoretraffic.
Copyright2012byLayer7Technologies,Inc.(www.layer7.com)
SecureMobileAccessfortheEnterprise
ToaddressthedilemmascreatedbytheneedtoprovideflexibleyetsecureaccesscontrolforAPIsin thesemorecomplicatedmobile(andsimilarWebbased)scenarios,anewstandardOAuthhas emerged.OAuthisanevolvingprotocolthatmakesitpossibletoidentifyauserandtheresourcesthat userisinterestedinaccessingviaanintermediateapp,withoutnecessarilyrequiringtheusertoentera usernamepasswordcombinationspecifictotheapp. TheOAuthspecificationallowsenterprisestograntauthorizationrightstoanappbasedon:(a)the userspreexistingcredentialswithintheorganization;(b)atrustrelationshipbetweentheenterprise andtheintermediateapp.Thiskindoftransitivetrustandrightspassinghappensinthebackground theuseronlyneedstoestablishtrustoncefortheintermediateapp. WhileOAuthsolvespricklyaccessproblemsparticulartomobileappdynamics,itremainscomplicated forenterprisestosetup.Inparticular,therearechallengesaroundintegratingOAuthwithan enterprisesexistingidentityinfrastructure.Toaddressthesechallenges,anAPIProxymaycomewithan OAuthToolkitortokenserver,whichwillsimplifytheprocessofdeployingandmaintaininganOAuth accessinfrastructureontopofanAPI. Butaccesscontrolisnormallyjustthebeginningofthesecuritychallengesfacinganenterpriseand thesechallengesareexacerbatedinaBYODscenario,wheretheenterprisecannotlockdownmobile devicesthewayitcouldwithdesktopcomputers.Keychallengesinclude: Protectingagainstdenialofservice,crosssitescripting,SQLinjectionandURLtamperingattacks Preventingaccidentaldamagecausedbypoorlywrittenapps DeployingascalablesystemforpreservingdatasecurityincommunicationtoandfromAPIs,in ordertomeetdataprivacystandardslikeFIPS,PCIDSSandHIPAA
Again,someSOAGatewaysandAPIProxiescanhelpenterprisesaddressthesechallengesbyprovidinga rangeofAPI,dataandURLsecurityfeatures.
Copyright2012byLayer7Technologies,Inc.(www.layer7.com)
SecureMobileAccessfortheEnterprise
Conclusion
Enterprisesstandtogainconsiderablebenefitsfromenablingtheirstafftousemobiledevices formissioncriticaldailyworktasks.WiththeBYODmovementgainingmomentum,manyenterprise employeesarealreadyusingtheirownmobiledevicesforwork.Therealpayoffwillcome asmoreenterprisesfindwaystobuildappsthatsecurelyandefficientlyinterfacewithonpremise systemsanddata.
Copyright2012byLayer7Technologies,Inc.(www.layer7.com)
SecureMobileAccessfortheEnterprise
Legal Information
Copyright2012byLayer7Technologies,Inc.(www.layer7.com).Contentsconfidential.Allrightsreserved. SecureSpanisaregisteredtrademarkofLayer7Technologies,Inc.Allothermentionedtradenamesand/or trademarksarethepropertyoftheirrespectiveowners.
Copyright2012byLayer7Technologies,Inc.(www.layer7.com)
10