Its confirmed now that Mobile is the new black in market. The workforces are increasingly going mobile and BYOD (Bring Your Own Device) is quickly spreading as the new standard. Mobile Device Management (MDM) and Mobile Application Management (MAM) were amongst the first responses by an Information Security industry for sudden proliferation of mobile devices and BYOD adoption by Enterprises. But MDM and MAM were not perfect in the sense that they created privacy and usability issues as consumer devices were required to always adhere to corporate policies even for personal use. So Oracle has release a new offering Oracle Mobile Security Suite (OMSS) which overcomes those challenges and offer much more flexibility. Please refer here to know main differences between MDM and OMSS.
OMSS – SEPARATE AND SECURE ENTERPRISE APPS AND DATA
OMSS securely extends identity services and policies to mobile devices through authentication, policy enforcement, and single sign-on between applications. It overcomes the challenges by isolating corporate from personal data on
consumers’ personal mobile devices without needing to lockdown the entire
device. Oracle’s Mobile Security Container technology protects corporate apps
and data and enables a Secure Enterprise Workspace that meets enterprise
security requirements without compromising user experience.
It also offers the most integrated solution with Windows® authentication (Kerberos and NTLM) infrastructure for secure Single Sign-on (SSO) to corporate applications.
Other features includes:
a) Comprehensive set of security policies providing strong authentication, encryption and DLP controls.
b) AppTunnel that eliminates need for mobile VPN and protects from rogue apps.
c) Rich set of secure productive apps within the Secure Enterprise Workspace.
a) Mobile Security Container (previously known as Bitzer Secure Container) : It ensures security by isolating personal from corporate data and apps. Provides authentication, Single Sign-on and FIPS 140-2 encryption. Currently supports iOS 6.x and Android 4.x
b) Mobile Security Access Server (previously known as BMAX Gateway): It offers secure Intranet access from mobile devices with zero programming, simple deployment
and low overhead cost. This component typically sits in DMZ and is an app level SSL tunnel ONLY from the Mobile Security Container, which eliminates the need for device-level VPN and risk of rogue apps. It also supports SSO authentication via Kerberos or NTLM protocols utilizing username/password or PIN-protected, PKI certificates. Integrates with Oracle Access Manager, Oracle Web Services Manager and Oracle API Gateway
c) Mobile Security Administrative Console (previously known as Admin Control Panel – ACP): It provides remote management of containers, logging, policy enforcement, application management, application store and remote container lock/wipe. It can be easily integrated with Active Directory or OUD to manage users/groups. It also provides detailed usage statistics and reports and is deployed in the Green Zone on-premise.
d) Mobile Security File Manager (previously known as m/Drive): A component of the Mobile Security Administrative console that provides a WebDAV frontend to internal SMB/CIFS file shares so that they can be exposed in a consistent fashion over HTTP/HTTPS.
e) Mobile Security Application Wrapping Tool (previously known as Bitzer
Containerization Tool): It provides a toolset to inject security functionality into apps running on iOS devices, linking them to the iOS Container. Can be used to containerize and secure native, 3rd party or custom apps with zero code changes. These containerized apps can then be deployed in the Mobile Security Container and can be configured to share content, authentication, encryption keys, policies and participate in SSO between apps without ever needing to cache the password in the device.
There is a collections of Secure Mobile Container Apps available for enterprises to make sure that corporate data is always protected.
|Secure Web Browser||a) Access Intranet sites secured with Kerberos or NTLM
b) Run HTML5 applications including offline support
c) Download files into file manager (if your security policy allows it)
|Secure File Manager||a) Access network files on Windows File System or SharePoint
b) Move or copy files to/from local file store (if your security policy allows it)
|Secure Email, Calendar, Contacts , Tasks, Notes||a) Native client that supports any ActiveSync mail server including Exchange, Google Apps, and Lotus Notes
b) Attachments can be restricted to the containe
Apart from above, here are OMSS’s main advantages:
|User experience - Awesome||Increase effectiveness of touch-enabled devices. Separate corporate data from personal without needing a device-level PIN or VPN. Enable single sign on between mobile apps and secure offline access to data without caching passwords on the device.|
|Data security - Improved and Increased||Enforce a wide range of corporate authentication and data leakage policies without ever needing to lock down the device. Wipe or lock only the corporate workspace when needed.|
|Mobile app deployment - Faster||Zero code wrapping and distribution of security unaware mobile apps to adhere to enterprise security policies.|
|Business responsiveness - Much Better||Get on-the-go users productive faster through immediate access to key applications and systems.|
|Costs - Reduced||Reduce IT costs through efficient self service and common security infrastructure|
References: Various Oracle Documents