Bring Your Own Device But Don’t Bring Your Risks

The introduction of iPhone forever changed the mobile device landscape for enterprise IT. Consumer mobile devices, namely iOS and Android devices have surpassed Blackberry and Palm devices as the preferred mobile computing platform for business use. Employees demand to connect their latest iOS, Android, and Windows devices to the corporate network. It is now commonly accepted that employees will buy and upgrade mobile devices on their own dime due to mixed business and personal use. Enterprises that cannot support a bring-your-own-device (BYOD) strategy risk losing talented employees. A secure and scalable BYOD strategy is required to manage the risks introduced by these devices not owned by the enterprise. An effective BYOD strategy can also produce significant savings in IT hardware budget.

Adopt An API-Centric BYOD Strategy with Vordel API Server

The smartphone and tablet form factors are technically and physically less secure than notebook computers. These devices are frequently lost and stolen. The hardware and operating systems are light-weight and less hardened. Mobile access is mostly via untrusted domains and VPN use is not always practical. Most BYOD strategies seem to centre around two themes: contained access and remote wipe. Mobile devices are often allowed to connect to guest network only. Some organization go as far as white-listing devices. This containment strategy is inconvenient and breaks down as more enterprises embrace Cloud based services. The other focus area is remote wiping devices once the devices become compromised. Remote wiping requires IT to gain control over the user’s devices with special software and access. This approach is intrusive and expensive to scale. Vordel API Sever enable IT to adopt a more secure and scalable strategy leveraging mobile APIs.

Control Access Using Mobile APIs with Vordel API Server

Mobile applications are light-weight clients that do not do much local processing. Enterprise mobile applications need to connect to Cloud or on-premise business systems to access data and execute transactions. Thus it is more secure and scalable to control access at the API level than at the device level. Vordel API Server enables enterprise to deploy rigorous access control on APIs for mobile use. Authentication and authorization controls basic API access. Vordel API Server provides out-of-the-box integrations with all the leading identity management platforms such as CA, IBM, and Oracle. Adding contextual authorization to APIs can dynamically adjust access to data and functions based on context such as application type, device location, network, time of the day, and access behaviour. Lastly, adding multi-factor authentication can further establish the trust level of the device and the device user. Controlling access at the API level enforces access decisions instantly and is more secure against compromised devices and applications.

Limit Data Storage on Devices Using Mobile APIs with Vordel API Server

Remote wiping is required because sensitive data are being stored locally on the devices. Mobile applications store data locally because connectivity is not always available and APIs are generally not designed to factor in the security risks of mobile devices. Instead of wiping the device after the fact, it is more secure and scalable to limit the amount of data stored on the devices in the first place. Connectivity is becoming ubiquitous and faster. With proper design of mobile applications and mobile APIs, it is possible to drastically reduce or completely eliminate on-device data storage. By moving more features to the API level, enterprise can also rely on web applications and less on native applications. Mobile-specific APIs can be based on existing general purpose APIs, but with additional data security and management policies to help reduce the need for on-device data storage. Vordel API Server helps enterprises create and deploy different versions of APIs for different API consumers, including mobile devices and applications.