Securing Mobile App few clicks away – Mocana Trial
I heard about Mocana when SAP partnered with them few months back. And I got a real time mobile app wrapping demo at SAP Teched. The simplicity of the solution in securing enterprise mobile app made me think about it again.So I wrote to Mocana for a free trial, but the reply was disappointing,
“ Unfortunately, we are currently not providing MAP Free 100 Program outside of North America” Ahh..
And the good news is that SAP is providing the Mocana trial, lets see how it works.
Mocana Solution simplifies wide-scale deployments by securing apps automatically, it mitigates the complexities of mobile management, while freeing developers from lengthy and expensive security coding. Setting AppPassword, Invalid Login Handling, End user License agreement, Location based control, Encrypted app data storage are major features that we can implement in a mobile app without writing single line of code. Upload, Apply and Download are the steps to do it.
Upload APK File
After Logging into the trial account upload the APK file of the application developed by the mobile app developers.
Apply the Policies
Select the drop down to apply the Passphrase, Invalid Login Handling and End user agreement policies and click on Apply Policy button. The policies will be applied in few seconds and the APK file will be downloadable.
Download the APK
Click on the download button to download the APK file that has the policies with it. Once APK file is downloaded install it in an Android device and run it, to see how the policies are applied and how the app was secured in few clicks. The app take us through auto generated security screens like user agreement screen and app password screen. In the demo I am testing the app data wipe out feature of the product.
Value
- The Passphrase and Invalid Login Handling – It exists in SAP Mobile Platform, it is called DataVault (the developers has to write few lines of code to make it work).
- Encrypted Data at Rest – Apps developed using SMP has encrypted data, Afaria can provide complete device data encryption too.
- End User Agreement – I don’t think this as a big feature since bringing a user agreement screen is not a big deal for mobile app developers.
- Email Enforcement – Afaria provides more options in Email configurations and security.
- Other features like Geo Fencing, Location Masking, Smart Firewall, App Expiration Date Settings, Copy Paste Protection and Jailbreak/Rooting Detection makes a difference. Existing SMP and Afaria customers have to think before going with Mocana, how worth it will be to the enterprise and what more it can give that is not provided by SMP and Afaria (even MAM is different from MDM). From a implementation stand point Mocana is very simple and straight forward with no hurdles.
You can try the solution here, SAP Mobile Secure – Protection for Devices, Apps, and Content
Midhun VP
@midhunvptwit
Hi, Midhun.
Thank you for the article. It was really usefull.
Is it possible to protect any free apps or only enterprise apps ?
Best regards, Mike.
You can use any apps. Mocana is not bothered about what is the uploaded app to apply the policies. Why can't you give a try, it hardly takes 30 mins.
- Midhun VP
Oh, i'm just want to try this service. I've logged already, but haven't become activate letter yet. Than you for explanation.
Regards, Mike.
Midhun - great article and thanks for testing Mobile App Protection by Mocana.
Milja
Hi Mithun,
Thanks for sharing information about SAP for Mobile. I am still getting cross training in my organization related to SUP and this blog is very useful to go through in future.
Good Work!
Regards,
Hari Suseelan
Seems to take more than 30 minutes - trial won't let me in with my gmail.com or my sap.com address ("personal or unacceptable email address"???).
On my _real_ personal address I got the activation mail, but when I get to login it says ""Failed to determine an active instance for customer."
It works if you are registering with your company email address.
It doesn't. Read my post again.
Frank, I tried it again. I am able to register successfully and got another trial with a different account and different domain.
Hi Mithun,
I also tested out the cloud mobile secure offerings from SAP.
The Mocana app protection makes the life of a developer easier and keeps you focused on application and not security. Great blog!
That is a dangerous perspective.
Mocana will take care of _some_ critical issues in Mobile, but hardly all of them. If you do not design & test ❗ for security it will come back to bite you.
Not saying that a "project" should not take care about securing their mobile apps. I have been part of 40 + SAP enterprise mobile projects in the last two years. Point is that an application developer is not always the person best fit for that. So if his ipa or apk file can be passcode encrypted, protected from jailbreak/rooting and set up with automatic VPN... that is a big help.
It absolutely is.
I'm just trying to make sure the message is not being diluted into "this is the magic bullet, no need to do security during development".
Buffer over/underflow, input validation, privilege escalation, authorization and password management are as important as ever (to name a few).
If you do an enterprise project, even if it runs on a small screen, you want a security expert in your team.
Agree. Security is a vital part of mobile projects (You are exposing your business critical data to public networks)
SAP is now delivering a collection of cloud products that gives new possibilities (on top of zone protection etc. ) such as Mocana, Afaria, SMP Cloud (with the VPN cloud connector) .
My fear is that security concerns will stop SAP customers from mobilizing their workforce, which is a shame in 2014 where they should stay IT relevant to their employees.
In that context the new offerings are a great help if not a silver bullet 🙂
And I totally agree that the security experts should be the ones that considers the various options.
Thanks for your comments Njal. I liked the simplicity of the solution. Even though I am expecting more features to the product to make it more worthy since some of the features can be use only by customers who really has that scenario, like geo fencing, Location masking EULA etc.
- Midhun VP
Another great article Midhun VP 🙂 & really helpful.
This is a good offering from SAP now & i guess it would be interesting to see any product integration with Afaria with unified console for both the products.
Also, offerings such as cloud versions of Mocana MAP along with Afaria will be a good insight to customers.
Shrikant N.
Thanks Midhun for the great article..really helpful 😉 ..!!