A lot of businesses have been eagerly awaiting Apple’s iOS 7 release, that finally arrived today. The new OS will undoubtedly have an impact on the entire enterprise mobile management marketplace, and many vendors are sharing their opinions as they relate to their own mobile security solutions. I am asked by leading customers in many industries how the changes in iOS7 impact our products in the SAP Mobile Secure portfolio, including SAP Afaria and SAP Mobile App Protection by Mocana.
SAP put out this iOS7 media alert today, explaining how SAP will support key iOS7 features across all SAP mobile products.
To start, Apple has added many new management features to iOS 7, expanding their focus on the enterprise market by adding important features that address security corporate requirements. Apple is continuing to focus on mobile device management (MDM) as the mechanism for managing and securing all iOS devices. This means that Apple is making MDM an even more important aspect of a company’s mobile strategy.
There are many new features in iOS7 that further consolidate the role of MDM in protecting enterprises against costly downtime or IP theft:
- Open in Management to control sensitive documents and email
- Per App VPN for secure communications
- Single Sign on for enterprise applications
- VPP enhancements to improve licensing of enterprise applications
- Streamlined enrollment for corporate owned devices
iOS 7 and Mobile Device Management
Joe Owen, vp engineering for SAP Mobile Secure has run the Afaria engineering team for more than 12 years. He explained “New features in iOS7 will significantly help our enterprise customers including the simplification of the enrollment process, app configuration, the renewed focus on the enterprise app store and changes to the VPP program. We’re excited to be working with Apple to bring greater device control to our customers.”
Apple is also changing some aspects on how devices are recognized. When the details are made public, we’ll share with you some changes at the Afaria product level that our customers will want to know about. Please see this short 17 minute overview of SAP Afaria for iOS7.
iOS7 and app wrapping
SAP gives customers flexibility and choice in supporting multiple approaches to securing their varied mobile deployments. We are supporting all of the new fantastic iOS7 capabilities, and in addition also support app-specific security policies that compliment a company’s MDM strategy.
There are two main scenarios where additional security capabilities are needed:
- Organizations with strict security policy requirements (such as those in the public sector requiring FIPS 140-2 certified encryption, or financial services and other regulated industries).
- Companies who want to extend enterprise apps to mobile devices that are not under MDM control, such as BYOD devices or the extended enterprise.
Many enterprises will find that as they evaluate what is actually in iOS7 that they may want (and need) more. For companies deploying corporate apps on devices they don’t own or control, including those owned by partners, resellers, distributors or contractors, the iOS features won’t help since iOS7 requires the device to be under MDM.
In a recent article published in CIO magazine, SAP’s Tom Voshell was quoted as saying “Organizations, particularly those moving toward BYOD, have been developing device management policies with features like remote data wiping and encryption, but those policies, if left at the device level, fail to address some unique security concerns associated with mobile apps.”
When looking at approaches to mobile app security in these unique environments, the easiest and most robust approach is App Wrapping. Quickly and easily, you can add new security features to the apps you already have, simply by uploading them to a special portal. App wrapping allows you to wrap certain critical resources – like a keychain and an IP stack – directly into each app. That helps keep apps and their data safer, even when the device gets jailbroken or infected with malware.
When evaluating what mobile security approach is right for your company, there are some areas that you should review closely. For example, evaluate how Per-app VPNs are implemented and see if the vendors approach to single sign on works for you. Some difference might not seem like a big deal, but to security professionals, they may be significant.
SAP’s App Security Strategy
For SAP, mobile security is about securing three business critical areas - devices, apps and content. SAP partnered with Mocana (who invented modern app wrapping) to address the app security part of this trilogy. The industry has witnessed other vendors attempt to duplicate the technology, but according to Mocana in their recent blog on the topic, “most have failed, and consequently some are very quietly stepping off the stage.” This doesn’t mean that app wrapping is not a valid approach.
The changes Apple is implementing in iOS 7 are ultimately a win-win for everyone trying to navigate the mobile security space. At SAP, we are busy addressing all of these new features and provide the industry’s most scalable and best support for iOS 7 with both SAP Afaria and SAP Mobile App Protection by Mocana. Our engineering teams are actively working on adding these new capabilities to SAP Mobile Secure portfolio now and we look forward to sharing it with you soon.