Saturday, May 4, 2013

The MAP to BYOD?


Recently I had the pleasure of talking with Sara, Brad, and Rob at Mocana. A team with a strong security & data loss prevention (DLP) background that are now utilising their underlying technology to provide mobile application security. I had a great discussion about their Mobile App Protection product MAP. The tool looks feature rich, is easy to use, and is maybe just the 'map' you need to find your way through the BYOD maze.
Essentially the MAP solution allows applications to be "wrapped" with a range of policies to enable secure access and provide DLP. This means in a BYOD situation a wrapped corporate application with specific restrictions (such as communications, firewall settings, copy and paste restriction) can sit beside personal applications that enjoy their usual settings.

I was treated to a demo of the solution and got to see a walkthrough of the different options and settings. From a user-friendly dashboard an administrator is able to upload a finished mobile application (that's apk for Android and ipa for Apple), select policies and associated settings, wrap the application, and finally download the application for distribution. There are a bunch of policies including:
  • Expiry
  • VPN
  • Passcode
  • Firewall
  • Geofencing
  • And more!
As well as individually wrapping applications a Federation concept enables multiple applications to share policies simplifying maintenance and communications. The application was wrapped very quickly well under 10 seconds and the file size increased by a few hundred kb.
A couple of points for consideration: Core Apple iOS applications cannot be wrapped, however typically there is an alternative software offering (email clients, browsers) that can be protected. In some cases this may help with the separation of personal/corporate activities. As an application is wrapped and then distributed the policies and settings cannot be updated without repacking and distributing the application. While this is not particularly different to the way most applications work on the Apple App store and Google Play it was just one of the areas that Mocana has for consideration in the R&D path.

Talking with Mocana I got a sense that they were customer driven. The product settings and features have been built over time based on actual customer needs and specific requests. I also got some insights into their product roadmap which includes additional policies, further federation features, and single sign on. This is a company that provides security solutions to OEMs, government and military applications. So I was pleasantly surprised by the user interface and little features like the protection indicator on the wrapped application. If you want to know a bit more checkout their website or this video.