Kony Mobile App Mgmt


Published on

Enterprise mobile device strategies are experiencing enormous disruption ...

  • Be the first to comment

  • Be the first to like this

Kony Mobile App Mgmt

  1. 1. Kony Mobile ApplicationManagement (MAM)Kony’s Secure Mobile Application ManagementFeature Brief
  2. 2. Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview 4 Features and Benefits of the Kony MAM Solution 5 Process Flow 6 Provisioning 7 Client Components 8 Server Components 8 Kony Application Manager Console 8 Analytics 9 About Kony 102 Kony’s Secure Mobile Application Management Feature Brief
  3. 3. Enterprise mobile device strategies are experiencing enormous disruption thanks to staffinsisting on using their own devices to access work systems and data as part of the bring yourown device (BYOD) trend. Many organizations are considering personally-owned mobile devicesfor business apps. Their goal is to drive employee satisfaction and productivity through the useof new technologies, while simultaneously reducing mobile expenses.This trend is one of the more dramatic results of the consumerization of IT, in which consumerpreference – not corporate initiative – drives the adoption of technologies in the enterprise.However, many of these devices were not built with enterprise requirements in mind, so ITteams often feel uncomfortable about security and supportability of their corporate applicationsrunning on a foreign device over which they have no control.BYOD is more than just shifting ownership of the device to the employee. It has many complexand hidden implications; organizations would do well to define a comprehensive BYOD strategyin advance of implementation.Businesses want the ability to securely manage mobile applications installed on employeedevices. As a result, IT concerns have begun moving from mobile device management (MDM)to mobile application management (MAM) as part of a shift in thinking over whether to allowmobile devices toward how to best take advantage of them.What is Mobile Application Management?Mobile Application Management is an essential tool for organizations that provide “in-house” apps to employees or contractors using corporate-liable or individual-liable devices. Unlike Mobile Device Management, Mobile Application Management focuses primarily on the applicationsresident on mobile devices, rather than the devices themselves. For example, if a user leaves an organization or group, apps and data belongingto the organization can be de-provisioned, without resorting to a full “device wipe” which could expose an organization to liability.Any organization’s BYOD strategy should allow for enterprise applications to be used without compromising its implemented security policies.The goal is for an employee to be able to use both personal and enterprise applications on the same device, without concerns over privacyviolations by their employer. A Mobile Application Management solution should allow enterprise IT policies to be enforced on enterpriseapplications – and only on enterprise applications – and ultimately reduce the cost of ownership for an enterprise. Kony’s Secure Mobile Application Management Feature Brief 3
  4. 4. Kony Mobile Application Management Solution OverviewKony’s Mobile Application Management solution allows an IT organization to securely deploy, manage, and analyze mobile apps – withoutcompromising enterprise or user data privacy, and all while ensuring total focus on optimizing the mobile user experience.With the Kony MAM solution you add code to your mobile apps that use Kony’s policy APIs. The APIs let the app communicate with the KonyApp Management server to enforce policies for that app and/or user, such as restricting usage to geo locations or copy/paste into/out the appor deleting on device data if the user’s permissions are revoked.The Kony Mobile Application Management component allows administrators to monitor activities – such as an app access – so that they canthen check the current device and application state against the policies. Via the embedded libraries, the app communicates its status and activityback to the server – not entire device status, which may lay concerns from employees, contractors, and business partners over how invasiveyour device management may be.Importantly, management is embedded in the app, so you don’t have to manage the device itself. Thus, you should be able to extend legitimateapplication management to a greater number of users than the universe of devices you actually manage.Kony’s MAM focuses on role-based security,provisioning and control of mobile apps in anorganization. Additional capabilities include what iscommonly called “inventory management”, since Device makes the requestMAM provides a complete view of all devices, and at applicationtheir characteristics such as device type, operating startup to Application UI check forsystem, memory, and installed applications. modified Binary policies Management / Integrated App Catalog Modified App Kony Policy Native Code Framework Native Code Native Security & SDK Usage Policy Data Policies are returned in Policy Device OS JSON Management format Figure 1: Kony Mobile Application Management Component View4 Kony’s Secure Mobile Application Management Feature Brief
  5. 5. Features and Benefits of the Kony MAM SolutionThe key feature of Kony’s MAM is the concept of a “Secure Mobile Application Management Container” that completely abstracts applicationsand data away from the specifics of the device and operating system. Kony’s secure mobile application container provides a separate and securevirtual environment on the mobile device in which to run Kony and non-Kony applications and store related data.This mobile enterprise container provides true “configure once, run has network access, all the relevant applications and data will beeverywhere” capability, offering a single, consistent, secure method automatically removed from the device, i.e., reset back to its initialto provision applications and synchronize data across all major device provisioning state. This functionality is essential if a device is losttypes (e.g., iOS, Android, BlackBerry, and Windows) seamlessly. It or stolen.also provides integration of native applications (e.g., calendar, maps,camera, etc.) and supports embedded HTML. Device Lock You may “lock” a Kony container to a specific device, i.e., if it isThe primary benefit of the Kony secure container is total security illegally copied to another device, it will not start. This prevents anyof all its applications and data on the device. Initial provisioning of unauthorized backup or replication of the container data.the container itself can be controlled through the use of trusted“whitelists,” profiles and passwords. Security All configurations, application definitions The primary benefit of the Kony secure container is complete security and data are encrypted. Even if the device of all its applications and data on the device. The following is a is hijacked, jail broken or the container is summary of the security features: copied, the contents are protected. All Initial provisioning of the container itself can be controlled through the use data transmissions over the network are of trusted “whitelists”, profiles and passwords. encrypted. All configuration, application definitions and data are encrypted. Even if the device is hijacked, jail broken or the container is copied, the contents are The container can be locked to a specific protected. device, meaning that it will not start if All data transmissions over the network are encrypted. copied to another device. The container can be locked to a specific device, meaning that it will not start if copied to another device. The container may be “blacklisted,” i.e., all The container may be “blacklisted,” i.e., all applications and data will be applications and data will be automatically automatically blocked from being accessed.Figure 1: Example of a removed if an attempt is made to connect A range of identity management options can be used to authenticate userpolicy revoked from to the host. The container may be access to the container through standard directory services, 3rd partya user configured to automatically shut down if security applications, custom functionality etc. idle for a period of time or if the device Users can only access the applications and data that they are authorized to. The role-based provisioning is strictly controlled through the user profilinggoes into sleep mode. HTML can be securely executed inside of the facility on the central Kony admin console.container without the risks associated with a browser. All provisioning The container may be configured to automatically shut down if idle for aand access requests are audited. period of time or if the device goes into sleep mode. HTML can be securely executed inside of the container without the risksFollowing are some of the key features of the Kony container: associated with a browser. All provisioning and access requests are audited.Decommissioning and Blacklisting The innovative secure container feature provides smarter mobilityAt any stage, an entire container or specific user may be blacklisted. by allowing for identity management/role-based provisioning andThis means that the next time that the container is started and modular application implementation. Kony’s Secure Mobile Application Management Feature Brief 5
  6. 6. Process FlowFigure 2 below describes the complete process flow. Using John brings his personal device to work. He then has the option ofenterprise connectors and sync, a Kony developer builds an downloading his company branded app store from the general appapplication. The application is written with a single code base and marketplace or via a URL.made consumable on any device type and on multiple channels. Once he logs into his enterprise app store, he is pushedOnce the application is written with a single code base, i.e. notifications about apps to which he has access and others that areJavaScript, the developer can publish to a choice of channels as suggested for him. One of the first apps that he downloads is theseen here. Note channels available in native iOS, Android, Windows enterprise mobile container. This container is a secure area wherePhone, and BlackBerry, as well as HTML5, single page applications applications can be loaded and managed separately from the rest ofand even desktop and desktop web. the applications on his device.The IT Administrator wraps policies to the binary, assigns the The administrator can then manage the secured container, asapplication to users/group(s)/role and promotes the app to his opposed to the entire device, with centralized policy management.enterprise branded app store. In this example, John is assigned anapp based on his role and use credentials. Once John downloadsthe app store he will be able to push this app automatically. Admin Monitors App Figure 2: Kony Mobile Application Management Process Flow6 Kony’s Secure Mobile Application Management Feature Brief
  7. 7. ProvisioningFollowing are the steps for initial provisioning of the secure application: 1) When the employee wishes to use the company apps on a personal device he or she is instructed to go to an initial URL by the company system administrator in the form of an email. 2) They login using their Active Directory credentials. 3) The folder app gets downloaded onto the phone after the display of a pop up asking for permission to download the folder app. The default language for this message is: “Are you sure you want to install the folder that will contain all your corporate apps?” 4) Only the folder app will be downloaded on first use. No other app will be downloaded at that point.This user experience is demonstrated in Figure 4 below.Figure 4: Kony MAM Provisioning Steps Kony’s Secure Mobile Application Management Feature Brief 7
  8. 8. Client ComponentsKony Mobile Application Management also includes client KonyOne Server – KonyOne provides an enterprise grade mobilecomponents, which consist of: application server that sits on top of traditional J2EE application servers. The KonyOne Server provides key services such as device 1) Client App Framework – Provides isolation of application from other applications and ensures a secure framework. App Management detection, a services bus, session state, security services, analytics, Capabilities include: reporting, and more. KonyOne runs on open, industry standard J2EE technology like IBM WebSphere, Oracle Weblogic, and Tomcat i. Authorize application ii. Handling, creation, validation and revocation of tokens / certificates Integration Services – Integrate into backend systems with web services, direct database access, through Java or via any of Kony’s pre- iii. Remote wipe of data in application built Connectors for SAP, Oracle and Microsoft enterprise systems. iv. Remote revocation of application authorization v. Interfaces to authentication and authorization services 2) HTML5 Renderer – HTML5 Compliant rendering components including Kony Application Manager Console application UI caching, navigation and branding. Kony provides a single location to manage app security, app usage 3) Local Data Management – Manage offline data container including policies, app updating and securitizing, provisioning apps to the handling of data encryption and content classification metadata Enterprise App Store and more, thereby ensuring a manageable and 4) Content Policy Engine – Policy engine for controlling application end-to-end solution for the IT Policy Officer. Working in conjunction functionality in offline and online mode based on content classification. with your mobile device management vendor if present, KonyOne Platform provides an integrated console through which changes can 5) Inter-App Communication – This is how the communication occurs within the folder from one app to another. be made and tracked, while also providing a wide range of analytics and reports to help optimize the employee experience, and that of 6) App Management – Provides connection point for remote your corporation. administration of application and content and distribution of offline policies. Employee Authentication and Authorization Services – Integration with SiteMinder/Active Directory and other security based systems. This includes Enterprise App Distribution to control access toServer Components applications allowing only employees authorized to downloadIn addition to client components, Kony Mobile Application the apps.Management contains server elements that are critical to executingcomprehensive application management: Kony provides a single location to manage app security, app usage policies, app updating and securitizing, provisioning apps to the Enterprise App Store and more, thereby ensuring a manageable and end-to-end solution for the IT Policy Officer.8 Kony’s Secure Mobile Application Management Feature Brief
  9. 9. Administrators gain complete visibility into their applications, sothey can immediately see when users are experiencing performanceissues – rather than waiting for them to complain about crashes, slowresponse times, or error messages. As a result, you can take immediatetroubleshooting action.With Kony’s Application Management Console, customers canautomatically: Monitor App performance Manage App errors/faults/crashes and ensure optimum service provided by your Apps Evaluate log files (across myriad devices) to determine reasons for crashes and understand what a user was attempting to do when a fault or crash occurs Monitor start/end times for App usage, as well as transaction processing times Minimize the burden of help desk support Figure 5: Kony Application Manager Console Analytics Report, analyze, and audit using built-in modules and industry standards like Adobe Omniture, IBM Coremetrics, Google Analytics, and Webtrends Analytics. 4 types of report views are available: Tabular Bar Line Pie Two types of report selections are available: Apps: Total apps per platform Downloads: Total downloads per platformFigure 6: Kony Application Manager Console Report Mandatory apps not installed per user Information on users per device and per OS – number of apps downloaded Information on apps – number of users per device and per OS These reports can also be scheduled to run at different times. These could include scheduling reports daily, per hour, per week etc. Kony’s Secure Mobile Application Management Feature Brief 9
  10. 10. About KonyKony and the KonyOne Platform™ enable Fortune 500 companies to offer consumers and employees feature-rich mobile applications in lesstime and at lower costs than any other solution. Leveraging a Write Once, Run Everywhere single application definition, applications are designedand developed just once, in a device independent manner, and deployed across multiple channels, including native applications, device-optimized HTML5 and HTML4 mobile web, SMS, web gadgets, kiosks, and tablets.Kony’s unique platform is proven to future-proof a company’s mobile investment by enabling applications to be changed once for all channels,ensuring faster adoption of new operating systems and standards as they are introduced, while eliminating maintenance, upgrade and futuredevelopment costs.More information can be found at www.kony.com/mobile-application-management 7380 West Sand Lake Road Tel: 1.321.293.KONY (5669) © 2012 Kony Solutions, Inc. All rights reserved. Kony and the Kony Platform Suite #390 Toll free: 1.888.323.9630 are trademarks of Kony Solutions, Inc. Apple and iPhone are trademarks Orlando, Florida 32819 Fax: 321.293.0161 of Apple Inc., registered in the U.S. and other countries. BlackBerry is a registered trademark of Research In Motion. Android is a trademark of Google Inc. Other product names mentioned are the property of their respective holders.