Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Oracle Mobile Security Suite forMobile Applications

Victor Ameh Oracle Fusion Middleware Technology ISV Migration Consultant A&C Technology Adoption Office | Partner Business Development, ECEMEA February 12, 2015

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

4

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Program Agenda

1

2

3

4

5

Securing The Extended Enterprise: Mobile Security

Oracle Mobile Security Suite

Secure Mobile Container Apps

Security Services Technical Overview

Demo: Secure Workspace and User Provisioning

Q&A

5

6

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Securing The Extended Enterprise Mobile Security

6

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Mobility is Reshaping The Digital Economy

Tablets are replacing laptops and paper

Mobile apps have changed data creation and retention lifecycle

Innovative uses for Mobile devices in vertical markets

Always-on computing is threatening antiquated architectures and systems

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

80% 67% 89%

By 2015, mobile app development projects will outnumber native PC

projects by 4-to-1

Use tablets to work remotely 65% use to check email

Mobile devices already connect to corporate

networks

Source: Forbes: Mobile Business Statistics For 2012

Mobile Usage in the Enterprise Driven by IT Consumerization

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Mobility Is A Significant Challenge for I.T.

Top Mobility

Challenges for CIOs

CIO Insight: Top Challenges of Enterprise Mobility, 2012

41%

31%

28%

Securing corporate information

Integrating with other systems

Supporting multiple devices

Mobility is Expensive

McKinsey, 2012: Mobility Disruption: A CIO Perspective

41% CIOs cited Mobility is expensive & a critical challenge

Up to$250 per device/ annually

Includes cost of connectivity, infrastructure and support

Bring Your Own Device (BYOD) Practices in 2011

Forbes: Mobile Business Statistics For 2012

74%

74% Allow some sort of BYOD usage.

Less than 10% “FULLY AWARE” of the devices accessing their network

10%

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

58% 35% 76%

Building mobile

application stores

Reported lost

or stolen devices

Store credentials

on the device

10% Store Passwords in Plain Text

Source: Partnerpedia

Survey Aug 2011

Source: Information week

Aug 2011 Source: Norton

Cybercrime 2012

Mobile Apps Create Security Risks

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Requirements for the New Digital Economy Mobile Security

Extend corporate identity to mobile apps

Separate personal and corporate data

Mitigate threats pre-emptively

Extend organizational security policies

Preserve native app experience

Enable IT control while maintaining user privacy

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Oracle Mobile Security Suite

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Oracle Mobile Solution

Complete Protection of Enterprise Information on Mobile Devices

• Secure, touch-enabled enterprise workspace for iOS and Android

• Trusted workspace for enterprise secure mail, browser, file manager, in-

house or 3rd party apps

• Single sign-on just like from your desktop

• No restrictions or controls over personal apps or data

• Increase productivity for mobile workers

• Data leaking control by policy to restrict or allow email, copy/paste, sharing

• Isolate enterprise data access from personal data access

• Manage application and data lifecycle to ensure users only have access to

authorized data

• Manage user credential lifecycle

• Deployment options include on-premise or in the cloud

Preserve User Experience

Enable Enterprise Security and Control Data Leakage Control

Policy Enforcement

Authentication

Encryption in Transit

Encryption at Rest

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Oracle Mobile Solution Secure Mobile Workspace - Separate personal and corporate data

Secure Browser

PIM (email, calendar,

contacts, tasks, notes)

Doc Editor

App Catalog

File Manager

Secure Intranet

Secure Mail

Secure Files

App Distribution

Authentication / SSO Data-at-rest Encryption Data-in-Transit Encryption DLP (Data Leakage Prevention) Policy for remote control

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

SECURITY

WORKSPACE EXPERIENCE CONTROL

Isolate corporate data,

enables secure remote

access

IT managed, policy controls,

selective data wipe, security

layer for mobility

Corporate security to native

apps, single-sign-on, role-

based access

MOBILE SECURITY SUITE

Oracle’s

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Oracle Mobile Security Suite v3.0

• WhitePages app for corporate directory (iOS and Android)

• Push notifications support for Oracle Secure Mail Manager

• New policy to disable custom redirects out of workspace

• Improved install/upgrade experience for containerized apps

– Add upgrade alerts for any containerized apps

– Add install on workspace homepage for containerized apps

• New docs

– Workspace Customization and Branding Guide

– App Containerization Tool Guide

Enriching the User Experience on Mobile Platform

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Oracle Mobile Security

• Easily add new applications without requiring source code access (native, custom, 3rd party & hybrid apps)

• De-couple security deployment & app development

• Injection-based approach - No SDK

• Single sign-on (SSO) support – NTLM, Kerberos, OAuth

• Data Leakage Prevention (DLP)

Easily Add Mobile Apps to Secure Workspace

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Oracle Mobile Security

• Introducing AppTunnel™

– Secure communication with enterprise application servers

– Eliminate VPN requirements, reducing costs and risks of rogue invasion

• Provide context-driven, risk-aware access to enterprise apps

• Enterprise app store/catalog

• Device enrollment and provisioning

• Gateway limits access to internal network only for white-listed apps

Secure Authenticated Access

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Securing External Mobile Applications

• Protect user data with API security for Internet facing mobile applications

• Enable consistent user experience across platforms with mobile access management

• Secure mobile app development by externalizing security requirements

Accelerate deployment of Consumer Facing Applications

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

How To Secure Corporate Data In A BYOD World?

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

How To Secure Corporate Data In A BYOD World?

Mobile Device Management: Lock down the phone and treat it as a corporate asset – no personal data

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Mobile Application Management: Create a secure container that separates corporate data and apps from personal

How To Secure Corporate Data In A BYOD World?

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Secure Mobile Container Apps Subtitle

23

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

App Containerization Tool Perfect for in-house built or 3rd party apps to create “trusted workspace”

Shared Integrated Windows Authentication (IWA)

SSO or layered

Shared AppTunnel – benefits over mobile VPN

Shared encryption keys – never stored on device

Shared policy engine – different policies for different users

Restrict sharing (open in, email, copy/paste…) to just “trusted workspace” apps

Enterprise

Distribution

Un-Signed Native App

Containerized

App

Oracle App Wrapping Tool

Distribute to Users

Available for:

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

App Isolation

Separate personal and corporate data

Separate, protect and wipe corporate

applications and data on mobile

devices

Enforce policies to restrict data

movement

Enable “Business Desktop” for access

to apps, applications, files and email

Encrypt data-at-rest, in-transit and in-

use

Monitor exceptions and remediate

violations using admin console

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

App Management

• Deploy apps using ‘Business Appstore’ for IT white-listed apps

• Enable a layer of security and DLP restrictions on apps

• Provision new apps without requiring source code access or coding

• Manage app lifecycle—Provisioning, deployment, Updates through admin console

Provisioning of IT White-listed Mobile Apps

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Secure Access

• Enable secure communication with enterprise application servers, file repository and email

• Eliminate VPN requirements, reducing costs and risks

• Prevent rogue apps, access to internal network only for white-listed apps

• Superior user-experience, maintain connections across network “hops”

Integrated Intranet access to corporate apps and data

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Security Services Technical Overview

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

OMSS Secures Apps and Data

Containerize

Secure

Browser

Native Apps

Web

Applications/ Intranet

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

AppTunnel

• Mutually authenticated SSL tunnel

– Benefits over IPSec = maintains state across networks

• No credentials on device – sophisticated key management for encryption

• Optimized for mobile traffic

– Compression for increased throughput and performance

• Transparent switch over between WIFI and 3G

No need for device-level mobile VPN

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Securing Data

Data-at-rest

• FIPS140-2 Level 1

• Secure storage

– File system

– User preferences

– SQLite

– Cache

• Key management

– Keys derived from user secret

– Multiple keys based on data sensitivity

• User secret never stored on device, never sent in the clear

Strong encryption at rest and in-transit

Data-in-transit

• AppTunnel is not device VPN

– Rogue app protection

– Only trusted apps

• SSL connection

– Maintains connection across networks (hotspots, towers, WiFi to cellular)

– Mobile IPSec drops connections, causes user frustration

• FIPS140-2 Level 1

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Oracle Mobile Security

• Introducing AppTunnel™

– Secure communication with enterprise application servers

– Eliminate VPN requirements, reducing costs and risks of rogue invasion

• Provide context-driven, risk-aware access to enterprise apps

• Enterprise app store/catalog

• Device enrollment and provisioning

• Gateway limits access to internal network only for white-listed apps

Secure Authenticated Access

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Authentication

• Authentication

– Single Sign-on • Kerberos, NTLM, SAML, OAuth

– Strong authentication – PKI

– Multi-factor • Virtual smart card (PIN protected x509 cert)

• RADIUS-based OTP token (RSA certified)

– Integration with OAM now & Mobile & Social

Enterprise Auth/SSO

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Policy Control

Data Leakage Protection

• Dynamic based on identity

• Add controls to 3rd party apps

• Controls

– No backup

– Restrict open-in

– Restrict copy/paste

– No email, messaging

– No chat, social sharing

– No print

All policy defined on server and enforced on the client

Policy Enforcement • Per app - dynamic policy engine

• Remote lock/wipe

• Authentication strength

• Authentication frequency

• App Catalog

• Compromised platform

• Inactivity duration

• DLP

• Time-fence / geo-fence

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Oracle Mobile Security Suite - End State Architecture Corporate DMZ Corporate Network

HT

TP

/RE

ST

/SO

AP

/OA

UT

H

SOAP/REST and Legacy

Web Services

Oracle Mobile Access

Server

Oracle API Gateway

App Tunnel

REST/Mobile Security

Corporate Resources

Oracle IDM Stack

Oracle Mobile

Security

Oracle Identity

Governance Oracle Access

Management

Unified Device & Policy

Registry

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Demo: Secure Workspace and User Provisioning

36

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 37

Summary

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Summary

• Mobility is Reshaping The Digital Economy

• Mobile Security has become a major requirement by the enterprise

• Oracle Mobile Security Suite (OMSS) addresses the BYOD challenges by isolating corporate from personal data on consumers’ personal mobile devices without needing to lockdown the entire device.

• OMSS provides App Containerization Tool for APPs isolation, secured workspace and management.

• Enterprise Authorization /Single sign on

• OMSS enforces centalised enterprise data protection and enforces policy controls

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

For Futher Information…

Oracle Mobile Security Suite 3.0 Product Documentation Library accessible at: http://docs.oracle.com/cd/E52357_01/index.htm Oracle Mobile and Social Access Service Administration Topics accessible at: http://docs.oracle.com/cd/E40329_01/admin.1112/e27239/part_oic.htm#CIHDHDJI Oracle Mobile and Social Access Service Development Topics accessible at: http://docs.oracle.com/cd/E40329_01/dev.1112/e27134/part3.htm#BCFDJHCC Java API Reference for Oracle Access Management Mobile and Social accessible at: http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28281/toc.htm

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Q&A

40

Victor Ameh Oracle ISV Migration Center Consultant victor.amehl@oracle.com ISV Migration Center blog: http://blogs.oracle.com/imc ISV Migration Center email: partner.imc@beehiveonline.oracle.com

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

• CONNECT WITH US

• COMMUNICATE WITH US • partner.imc@beehiveonline.oracle.com

• oracle.com/subscribe

ASSISTING YOU ADOPT & IMPLEMENT THE LATEST ORACLE TECHNOLOGY

blogs.oracle.com/IMC

twitter.com/oracleIMC

youtube.com/OracleIMCTeam

facebook.com/oracleIMC

ORACLE.COM/PARTNERS/GOTO/HUB-ECEMEA

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 42