Mocana Enhances Mobile App Solution with iOS 7 Wrapping

As the bring your own device (BYOD) phenomenon continues to become pervasive in enterprises of all sizes around the world, Apple’s iPhones and iPads has been a major part of what some in the IT security business still consider an unwanted invasion. That said, there is growing recognition that BYOD is not something to be feared but rather embraced in the enterprise.  

Yes, BYOD produces an exponential increase in the number of vectors of vulnerability that need to be protected. However, as I highlighted regarding SAP’s implementation of solutions and best practices for its 25,000 global users, even the largest of enterprises can go well beyond merely accommodation of BYOD and in fact leverage it for competitive advantage without compromising security. The SAP experience also focuses on the new realities that people, their devices, the apps on those devices, third-party content and the networks that access and transport critical information all need to be secured.

The reason for the above introduction is to draw attention to the announcement, by mobile enterprise security provider Mocana, of an enhanced version of its Mobile App Protection (MAP) solution. As the name describes, the solution addresses the increasingly important area of mobile app management (MAM), and the enhancements are the first commercially available app wrapping security solution for iOS 7 apps.

Major enhancements for MAM in the enterprise

The new MAP version 2.5.6:

• Enables enterprises to add strong security features to iOS 7 apps in seconds.
• Enhances Mocana's Secure Enterprise Browser with additional configurability and single sign-on (SSO) capabilities—increasing IT’s ability to protect against problems when a device is jailbroken or infected with malware.
• Enhances secure mobile browsing with support for government Suite B algorithms and expanded VPN gateway interoperability with additional RFC support.

The good news here is that the enhancements help enterprises provide seamless access to sensitive data across all of their Android and iOS devices, even those not managed by a mobile device management (MDM) solution. Plus, as Mocana notes, the new MAP capabilities can be deployed without needing to write a single line of code, integrate an SDK, or even be a security expert.

“Mocana is excited by the direction that Apple is taking with iOS 7. Our new release of MAP builds on these advances to provide the extra protection our enterprise customers need,” said Kurt Stammberger, CISSP, vice president of market development at Mocana.

Mocana provides interesting insights into why the enhancements are so important. For example, when it comes to jailbroken devices, iOS 7 apps and their data are vulnerable because those apps rely on a system-level keychain and communications stack. The enhanced MAP wraps its own keychain and TCP/IP stack directly into enterprise apps, making them much tougher to crack. Plus, MAP’s app wrapping enables true per app VPNs, which go beyond iOS 7’s built-in capabilities. Per app VPNs enable apps to launch separate, simultaneous encrypted tunnels that terminate at the individual app instead of at the device perimeter.

Schematic as to how all this fits together is worthy examining.

Source: Mocana (click to enlarge)

As noted, this is not just about iOS 7 apps. The secure enterprise browser in MAP version 2.5.6 can also be used with Android devices.

Additional security features along with the increasingly critical SSO and customization ones in MAP include:

• FIPS 140-2 data-at-rest encryption
• The per app VPN capability
• Copy/paste protections
• Data wipe

Tushar Patel, senior director of product management/marketing at Mocana, explained to MobilityTechzone, “The focus should be around the mobile application, and give IT control back by enabling the ability to provide different policies to manage all possible areas of leakage. That is why the enhancements are about wrapping and the browser.”

On the latter front, MAP lets enterprises balance the Mocana browser functionality, such as disabling external sites, with browser security. And, the browser can be deployed across an extended enterprise in a kiosk mode, where it is pinned to a single site, or customized to provide one-click access to multiple web apps and intranet sites for employees. 

The capabilities in MAP 2.5.6 enable enterprises to give employees and partners access to sensitive enterprise content on networks, Sharepoint servers, corporate intranet sites, Web apps, and portals in just minutes, while still protecting data. Enterprises can securely mobilize sensitive internal data, even to devices not managed on their MDM solution.

SAP was mentioned above since it is a global reseller of MAP, as well as a user. SAP offers Mocana’s solution as the SAP Mobile App Protection solution by Mocana. In fact, said Senthil Krishnapillani, global vice president and head of Mobile Secure Group, Business Information Technology, SAP commented that, “We are pleased to see Mocana continue to roll out valuable improvements to its core MAP offering…We expect that iOS 7 support and the ability to place limits on which sites can be accessed by the MAP secure browser can greatly enhance its market applicability.”

The importance of the approach of decoupling app security implementation from core app development is at the heart of the matter. It enables enterprises to accelerate wide-scale deployment of enterprise mobile apps by adding a security shield to any mobile app in seconds via app security automation. In short, it is not just safer but faster as well. This is not to be underestimated given the growing propensity of users to by-pass IT to download apps they find useful but have not gone through what typically can be a long vetting process. 

Patel made two observations that are worth noting since they sum up the new MAP enhancements rather succinctly. First, he said that a good way to think about them was that wrapping was in essence providing a “containerless container.” He also characterized the latest release as being, Like an applications development tool.” 

While the benefits of the latest enhancements are predicated on use of the Mocana browser, given the breadth and depth of the added protection being offered this appears to be an example where as the old axiom goes, “An ounce of prevention is worth a pound of cure.”