Afaria in the Cloud & Mocana
I was fortunate enough to be invited to participate in the Bloggers Program at SAPPHIRENOW in Orlando last week.
For me, the main announcements on Day 1 were at the “Mobile Press Conference” that was held in the afternoon. As far as I recall none of this news was mentioned at any of the keynote presentations – which seems a bit odd. Also there seems to have been little coverage anywhere else either.
The press conference was led by Sanjay Poonen who is now focussed on the mobile space in his role as Head of Mobile Division at SAP.
Sanjay explained how SAP “see the world of mobile device management is becoming one of mobile security“. In response they have created a new umbrella brand for their offerings in this area and named it SAP Mobile Secure. There were several aspects to the SAP Mobile Secure portfolio but I must admit I didn’t really grasp what they all were and given the first question from the audience asked for clarification I suspect others were a bit mystified as well.
Here is the overview slide.
Following the positioning of SAP Mobile Secure the first announcement was that SAP are providing Afaria in the Cloud as a SaaS offering.
This is something many people have been advocating for some time. It always seemed to me that Afaria was a natural fit for a SaaS offering. To be able to subscribe to it and manage your mobile devices immediately rather than have to put in your own infrastructure and connectivity solutions for highly mobile devices always seemed to me an obvious thing to do. I was pleasantly surprised that SAP chose to run this service themselves, on Amazon AWS infrastructure, rather than partner with telecommunications companies. Lock in to regional telecommunications providers is just a bad idea for a global solution so well done all around for avoiding this pitfall.
And the real kicker – Afaria in the Cloud is available immediately for 1 Euro per device per month. You can signup for a free 30 day trial at http://sapafaria.com/ and give it a go. SAP claim that the price point is significantly lower than competing offerings and when I checked with some of the mobile peeps who are closer to this market than I am this seemed to be validated.
For me the pricing was the big news. Not so much for the specifics of this offering but because it demonstrates SAP’s willingness to look at innovative and appropriate pricing models that address the needs of their customers.
For 1 Euro per month you can envisage parents using the service to manage their children’s smartphones – but more realistically it makes Afaria immediately available for all IT shops seeking to manage the mobile device challenge no matter what their size or budget. This opens up a huge market that SAP has struggled to get into. Sanjay showed a slide predicting 50 billion “things” connected to the internet by 2020. If just a smidgin of these devices sign-up for Afaria in the Cloud it will be a significant revenue stream. And of course once they are signed up then SAP is perfectly positioned to offer additional services, applications, etc.
The second announcement was a partnership with Mocana to resell the Mocana Mobile App Protection product. I must admit I had never heard of Mocana before a SAP Mentor meeting with Sanjay that was held the day before the announcement. I did a quick bit of research and was immediately taken with the concept of app-wrapping which was new to me – but pretty obvious once I grasped it. I also managed to spend a few minutes with Adrian Turner the CEO of Mocana to learn more about MAP. Adrian is also an Aussie but don’t hold that against him.
During the press conference Sanjay explained how SAP’s attention had been drawn to Mocana as a potential partner in at least some part by SAP’s own customers. Mocana has a track record securing things like data acquisition sensors, control systems, SCADA solutions, smart meters, etc. Adrian mentioned they support over 2450 combinations of operating systems and CPUs.
The Mocana Mobile App Protection (MAP) product encloses the mobile app and can therefore enforce security policies on a per app basis. It works by taking the binary executable file and wrapping the MAP component around it – similar to the way PhoneGap projects are built. During this process security policies can be set that are baked into the MAP wrapper. These policies can include per-application VPN with encryption so that the connection to the backend is locked down and secure. On-device data (data at rest) can also be encrypted, copy and paste can be disabled, etc. There are 15 different policies available now with more coming.
It seems to me to be an elegant solution to a difficult problem. Mention was made of a large bank that wanted to roll out 65 mobile applications in a single year. They only managed to get one of those apps going because they couldn’t get IT to sign-off on the others. In part this was because the developers needed to code the corporate security policies into each and every app. The Mocana story is that security policies can be handled by the MAP wrapper which allows the app developer to better meet IT requirements and therefore IT to better meet the needs of the business.
The other sweet spot for this solution has to be in the bring-your-own-device (BYOD) space. Reality is that the IT department does not own the BYOD devices and so any attempt to overtly control them will be resisted by the device owners. The Mocana MAP solution allows IT to control just the individual apps they wish to deploy.
I have no first-hand experience with Mocana products so I would appreciate any feedback anyone can provide.
For more on Afaria in the Cloud go to http://sapafaria.com/
The Mocana web site is at https://mocana.com/
A replay of the SAP Mobile Secure press conference can be found at http://www.news-sap.com/watch-live-sap-mobile-security-press-conference-with-sanjay-poonen/
Mocana looks very tempting especially for those use cases - in-app VPN and encrypted storage.
Where I keep grinding my teeth is when it's sold as "1 click security for your apps" and every developer starts thinking "cool, no need to bother about security during coding!".
There are more than enough things that you still need to address in code, such as validating input data to prevent buffer overflows and SQLi, proper authentication and many more. I'm afraid this will be a bit of a throwback in terms of making developers care about secure design....
But then I haven't seen the details, either. I'll reserve my final judgement for later.
Thank you Graham, for attending and writing this up.
At work we read Tom Raftery blog http://greenmonk.net/2013/05/21/sap-afaria-in-the-cloud-enterprise-functionality-consumer-pricing/ about Afaria in the Cloud and it sparked high interest.
The Mocana video link on this page is quite interesting https://www.mocana.com/for-enterprise/#v_content_1 .
Blocking copying data out of an app looks pretty impressive.
Adding an app passcode lock... I see the need for this, but it does not make me like it any better. There has to be another way to do this.
Im definitely interested in how they do it technically, applying the container looked very simple.
One thing that did jump out, is it only for enterprise distribution apps, i.e. not for through App Store or Google Play? If your mobile app vendor pushes the app to you through non enterprise mechanisms can you still apply the policies?
I gues for the VPN to work some kind of provisioning needs to happen; as I understand it you throw your AppStore/Play Apps into the Intranet Mocana mixer and out comes a beautifully highly secure app taylored to your company's needs.
If we could add authentication, authorization & backend connectivity to the mix we'd be on to something 😉
Thanks for the information on Mocana.
- Midhun VP
Appreciate the write up Graham, there is also a new home @ www.sapmobilesecure.com for the overall SAP Mobile Secure solution set - Afaria (MDM and MAM), Mobile Documents (MCM), Telecom Expense Management via Tangoe partnership (TEM) and App Security via Mocana Partnership (MAM).
Hi Graham - Thanks for the write up. I agree Afaria in the Cloud as a SaaS offering is a great opportunity and positive news globally. Unfortunately closer to home my understanding it that it's not yet available in Australia and New Zealand - due to data privacy regulations.
Looking at the trial list of countries and the standard list there are 46 countries in total missing from the available online trial (https://www.sapafaria.com/free_trial.php) - including UK, France, Germany and Canada (there may be other reasons).
I have not been able to determine a timeline when things might change. Any community information (from SAP) on definitive release dates (for NZ) would be appreciated.
Thanks Craig, updates coming soon. Will post here as soon as we hear and thanks for the patience.
FYI - poked Afaria guys about this today.
Thanks @Graham, still finalizing with our partners and has taken longer than expected but worth the wait and likely news soon. Feel free please to post again if too much time goes by.
Hi Adam/Graham... any update on this?
Hello Simon, yes, the new SAP Mobile Secure cloud offering will be live shortly at www.sapmobilesecure.com. New front end installed on that URL and matching back end serving up trials being finalized from our product experts.
Thanks Adam - but the big question is what countries will it be available in? 😏
Nearly everywhere ... Great progress by E&C team in making this happen.
Great news! 😀