Securing your mobile apps with MaaS360
KumarAnanthanarayana 310000VRF5 Comments (3) Visits (28403)
MaaS360 Application Security enables enterprises to extend the MaaS360 container capabilities onto enterprise and third party applications, prov
This blogs walks you through the approach for implementing your application security using MaaS360:
Step 1: Understanding Mobile app types - public vs. private apps, native vs. hybrid
Before you decide to secure your mobile apps, it is important to understand the different types of apps out there. This section clarifies these differences:
A) Public vs. Private apps:
B) Native vs. Hybrid apps:
Why are these important? Implementing app security varies for different app types. This will be clarified in the blog, so please read on
Step 2: Understanding MaaS360 Application Security Implementation Modes
MaaS360 Application Security can be implemented in two different ways - App Wrapping and App SDK Integration.
A) App Wrapping:
App Wrapping involves unwrapping the app, injecting MaaS360 container security code and re-wrapping the entire package. This process is automatically done by MaaS360 when the app is uploaded to the MaaS360 portal and the administrator has selected the App Wrapping option.
In order to re-wrap your application after injecting MaaS360 container security code, MaaS360 will need the platform specific artifacts for packaging and signing apps. These include:
Due to this requirement, App Wrapping is only possible with Enterprise and native Apps. Public Apps cannot be wrapped not because they cannot be, but because the app developer will not share code signing certificates and credentials to re-wrap their app.
The App Wrapping process is outlined below:
B) App SDK Integration:
App SDK Integration involves including the MaaS360 App Security Software Development Kit (SDK) during the app development process itself. This provides greater flexibility and fine grained control over how the App security features can be leveraged in your application. App SDK Integration provides the same set of feature of App Wrapping and much more.
The App SDK Integration process is outlined below:
Step 3: What mode should I choose for my enterprise apps?
One of the most common question that I get asked is - what should I choose for my apps? Should I wrap them with MaaS360, or ask our developers to integrate with the MaaS360 SDK or just not wrap at all? What are the benefits of each approach?
The answer to this depends on what type of apps you have and the requirements for your use-cases. Here are some guidelines:
The following table provides more details on all these capabilities.
Step 4: How can I secure my public apps?
App Wrapping and SDK works great for apps that are developed for your enterprise. You have the control over your app development plan and strategy, and control over your artifacts for wrapping and signing. Even apps that are developed by your outsourcing company can be wrapped and signed with your code signing certificate. Hence private / enterprise apps can be easily secured.
What about public apps? How can they be secured? App developers that release their apps to iTunes App Store or Google Play will not share their code signing certificate with corporations that need to wrap apps.
You can still leverage MDM capabilities to distribute, manage and secure public apps, and enforce OS provided MDM restrictions like "Managed Open In" controls that prevent data leak. If there are still requirements to use App Security for public apps, there are a few approaches, but they always require collaboration with the app developer or have them follow some guidelines. Here are the approaches:
A) App Config Community:
The App Config community is a community focused on providing tools and best practices around native capabilities in mobile operating systems to enable a more consistent, open and simple way to configure and secure mobile apps in order to increase mobile adoption in business. Users benefit with instant mobile productivity and a seamless out-of-the box experience, and businesses benefit with secure work-ready apps with minimal setup required while leveraging existing investments in Enterprise Mobility Management (EMM), VPN, and identity solutions. Ultimately, your apps are simpler to configure, secure and deploy.
This community has published guidelines for developing applications to better align apps to meet security requirements of enterprises. These guidelines cover these critical areas:
Please Note: The App Config Community can be leveraged for even enterprise apps - not just public. It really depends on your use-cases. If you just need a way to configure your app and have an MDM, you can leverage app config community. If encrypting apps is a requirement, you will have to use the SDK / Wrapper.
B) MaaS360 WorkPlace Partner Program:
In this program, MaaS360 collaborates with ISV's that develop apps for enterprise use and packages the MaaS360 SDK into these apps. These apps - MaaS360 Trusted WorkPlace apps - get released to public stores. Any enterprise that uses these apps will be able to extend the MaaS360 container security on these apps. Here is how the process works:
The list of apps participating in the MaaS
However, this approach may not work for your enterprise if the app you are interested in does not participate in this program. The app developer would also need to leverage the latest SDK version for their new apps to support latest features.
Due to challenges with this approach, most of our ISV's are being asked to participate in the App Config community for securing public apps.
Hope this blog has helped you better understand approaches for securing your mobile apps in general and specifically with MaaS360.