The usage of mobile devices and their adoption into business is ever-increasing. Improved hardware performance, a robust platform feature set and increased communication bandwidth, contribute towards expanding mobile capabilities beyond voice and email. Usage of smart phones in companies have created new strategies in business processes as never before because of their capability to access back-end information from anywhere anytime. As a result enterprises want to seize every opportunity using mobile to speedup business processes, increase productivity and create a best ROI. The overwhelming enthusiasm of industries towards mobilizing their enterprises involves security risks. Overlooking these security vulnerabilities may lead to serious data threat to an enterprise.
According to enterprise security expert Jack Gold, organizations will lose three to four times as many smartphones as notebooks each year. Gold (rhetorically) asks us “with 32 or 64 GB of memory, how many records does a lost smartphone or tablet contain?” At an estimated cost of more than $250 per lost record, a data breach can be expensive. In fact, some research estimates the cost of a mobile breach at more than $400,000 for an enterprise and more than $100,000 for a small business, and in some cases these costs can range into the millions.
This concern resonates as an increasing number of smartphones and tablets not only connect to the corporate network but also access an increasing number of business applications and content repositories. Beyond data, enterprise IT and security departments are concerned about the risk of opening up the internal network to a diverse array of mobile devices. In many cases, smartphones and tablets are neither governed nor monitored, meaning that they can introduce network threats and negatively impact an organization’s compliance status.
What layers of an enterprise mobile solution should an enterprise secure?
To answer this very important question, you need to peel the different layers of the enterprise mobility onion. SAP is a back-end for large number of enterprises across the globe, here are few Security Challenges in Enabling SAP Enterprise Mobility. Enterprises must secure their corporate data and prevent any security vulnerabilities/threats around three different layers:
1. Components Security
Enterprises much secure the different components of an enterprise mobile solution:
Data - Protecting corporate data from breach and leakage is of paramount importance. Securing, controlling and protecting integrity of the enterprise data, data at rest and data during transmission need to be monitored. The mobile security solution your enterprise implements must ensure that the data is protected at an application, cache and messaging database level.
Device - A robust mobile device management (MDM) solution is critical in securing corporate owned devices and data. Managing, monitoring, controlling and protecting the data/configuration settings reduces costs and business risks. In situations where a device is lost or stolen, it is important your enterprise has the capability to remotely wipe data and lock devices.
Servers - Hardening of servers, platforms and infrastructure of enterprise servers such as SAP Mobile Platform, MDM, MAM and Licensing Servers is critical in avoiding security vulnerabilities on the server layer.
2. Application Security
Enterprises must look into mobile application security to enable bring-your-own-device (BYOD) policies. Comprehensive mobile application management (MAM) solutions encrypt app data at rest, creates per-App VPN, app data wipe, app expiration, jail breaking, and geo fencing etc.
3. Authentication & Authorization
SSO (Single Sign On) - With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.
SSO2 - The purpose of SAP NWBC is to having all the required applications, traditional SAP transaction at a single platform. To allow access for the client to the backend, activating SSO2 cookies is requied as the NetWeaver Business Client(NWBC) uses SSO2 cookies for authentication.
SAML - It is an open standard data format which is XML-based for exchanging authentication and authorization data between an identity provider and a service provider.
X509 - To secure data which is intended restricted visuality X.509 certificates can also be used so that others will not be able to see it. It is done by using a mathematical concept known as asymmetric key cryptography.
DATA vault - The data vault provides encrypted storage of occasionally used, small pieces of data. Data in data vault are encrypted with an AES-256 bit key. Content can include user and application login credentials, encryption keys, synchronization profile settings, and certificates. It requires a password to unlock the data from the application.
App Passcode - Setting a passcode for the device can go long way towards improving the security of the device.
Topics:
Previous Article
Responses
0 Respones to "Security Challenges in Enabling SAP Enterprise Mobility. How does your Enterprise Prevent Data Breach and Data Leakage?"
Post a Comment