Strategies to Avoid End-user Vulnerability

Ensuring the security of all that additional IT and application infrastructure requires more than secure connections.

Mocana Mobile App Protection (MAP) is a general purpose application security automation platform that enables service providers to create self-defending mobile applications independent of devices and operating systems. Applications are wrapped post-development, so there is no code to write and adding security to any application can be accomplished at the server by the service provider. Service providers are then able to authenticate transactions on untrusted devices and eliminate the expense of developing unique code for every type of user device, application, or security scenario.

In a digital services environment where all traffic is data and all services are applications, wrappers eliminate many of the security barriers associated with provisioning large numbers of mobile or cloud-based users, while preserving the end user experience. Time consuming and costly enrollment procedures are no longer necessary as customers change or add devices since the application being accessed is secure. Integration with existing IT management and OSS/BSS solutions, app stores, and cloud catalogs is rapidly and seamlessly completed without requiring source code modifications or a software development kit.

Separate the Customer from the Device

Customers demand access to their services, applications, and data anywhere at any time using any connected device. Rather than carrying multiple devices and managing multiple identities, customers will use whatever device is convenient and accessible whether that device is a smart phone, tablet, TV, or laptop. On the surface, that should be advantageous and easier to secure. Create a single instance of a customer and provide access to secure applications, content, and data from anything with a network connection. In reality, however, service providers are struggling to make that vision a reality.  

If all traffic is data and all services are applications, then it follows that the device is not as important as an individual user’s service environment. Rather than focusing on securing each customer device, service providers should focus on securing the individual customer service environment. Constructing that single instance of a user in a service environment requires access to delivery platforms, applications, and connectivity. Each customer retains a unique profile and access credentials that are unique to the user, not the device. Once the server validates a user, applications, content, and data are securely delivered to that customer regardless of device.

The good news is that, with cloud platforms and virtualization, it is easier than ever for service providers to create unique customer instances that are abstracted from both the network and the end user device. Those service environments are then protected from external threats and pose minimal threat to other customers if compromised. Multi-tenant, end-to-end cloud platforms are coming to market from ASG Software Solutions, Ericsson, IBM, Oracle, and others that enable operators to offer consumer cloud services, deliver secure services for business customers, or become managed services providers. The platforms provide cloud building blocks and architecture blueprints to build, provision, and operate multi-tenant end-to-end cloud platforms.

Access to each user service environment is carefully controlled and enabled for only approved applications. The service environment exists independent of user devices to manage access to applications and cloud services in a single secure workspace. Some of the features available using these platforms are the following::

  • Bank-level security access: integrated two-factor authentication and device/location awareness,
  • Modular design to improve application efficiency, performance, and user satisfaction,
  • No vendor or device lock-in: support of any application delivery technology, and
  • Controlled access to all cloud services through single sign-on for improved usability.

Most of the platforms are open and interoperable with multiple external IT and network management tools, OSS/BSS solutions, and security platforms. Some vendors include hosted or white label options to meet service provider requirements for multi-tenant services.

There are numerous other tools that are useful for ensuring that customer and connected devices are well-integrated and do not provide a portal for attacks on service provider infrastructure. Mobile Device Management (MDM) is readily available; and, while MDM is a valuable resource for support personnel to solve problems or help customers configure and manage their devices, the overhead and maintenance required to manage every type and version of device and mobile operating system in real time is time consuming and  costly. In a dynamic digital services environment, service providers are better served to first be selfish and protect their own network, application, and data infrastructure before trying to corral customer devices.



Latest Updates

Subscribe to our YouTube Channel