The ubiquity of smartphones and mobile devices in the workplace has presented enterprises with incredible opportunities for maximizing productivity. By creating mobile apps that allow access to backend systems, enterprises can empower their employees to leverage mission-critical application functionality and data anywhere, at any time, from any device.
With these opportunities come security risks, particularly in BYOD (“bring-your-own-device”) scenarios. Enterprises need to deploy identity and access management (IAM) systems able to ensure their apps are only being used by authorized personnel and that these individuals are receiving appropriate levels of access to sensitive enterprise resources.
Most IAM technologies are not sufficiently secure in enterprise mobile use cases because they:
These limitations can be addressed by deploying an enterprise-grade single sign-on (SSO) solution that enables users sign in only once to securely access a range of enterprise resources. This solution should both simplify and secure the process through users sign in to apps by leveraging the strong authentication capabilities inherent to mobile operating systems.
The solution should mediate between mobile devices and enterprise IAM, enabling not only SSO, but also the ability to leverage SSO to enable secure local storage, geo-location and even integration with identities from social networks like Facebook. Finally, the solution should leverage device-specific security–not only encryption, but also hardening solutions such as Samsung Knox.
CA Technologies offers a complete, standards-based and proven solution for simplifying enterprise-level mobile security through SSO. This solution is built upon CA Mobile API Gateway, a lightweight, low-latency mobile middleware that helps solve critical, mobile-specific identity and security challenges.
CA Mobile API Gateway uses OAuth 2.0, OpenID Connect and PKI standards to leverage existing enterprise IAM investments. Communication is secured through the gateway via client-side libraries. CA Mobile API Gateway ships with a Mobile SDK, which makes it simple for developers to implement mobile SSO for iOS and Android devices. The Mobile SDK delivers:
SSO is implemented via the gateway’s Management API, which simplifies the development process by ensuring that developers do not have to directly deal with the complex OAuth/OpenID Connect protocol flow between mobile device and gateway. For maximum security, communication is secured through the gateway via mutual SSL configuration.
Securely open enterprise and cloud applications to mobile devices.
Simplify security and management for enterprise-level apps and BYOD.
Securely leverage enterprise information assets to create custom mobile apps.
OAuth works—using a common setting to reflect parallels to make the technology more easily understood.