Securing Salesforce Mobile SDK Apps with Good Dynamics
1. Securing Salesforce Mobile SDK Apps
with Good Dynamics
Dimitri Volkmann, Good Technology, VP Product Strategy
@dimiexter
2. Safe harbor
Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties
materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results
expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be
deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other
financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any
statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new
functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our
operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of
intellectual property and other litigation, risks associated with possible mergers and acquisitions, the immature market in which we
operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new
releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization
and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of
salesforce.com, inc. is included in our annual report on Form 10-Q for the most recent fiscal quarter ended July 31, 2012. This
documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of
our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently
available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based
upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-
looking statements.
5. Protecting Enterprise Data: Security and Compliance
Encryption
Compliance & Policies
BYO and App Store
DLP (Data Loss Prevention)
1
1 2
2 3
3
Receive via Open and edit in Store unencrypted
native email 3rd party editor locally or cloud
@
6. Solutions to protect data
Mobile
Web Device Containers
Virtual Desktop Management
(MDM)
Control Control
No
the the
Data!
Device App/Data
7. Pros & Cons
Mobile
Web Device
Containers
Virtual Desktop Management
(MDM)
+ No data + Leverage existing + Leaves Device
+ Leverage existing practices intact for BYO
infrastructure + Separate clearly
Personal/Enterprise
- Limited access to - Limited by Device + Not Device
Device resources OS, inconsistent dependent
- Constrains User - Constrains BYO use
Experience case - Requires new
- No offline scenario approach
8. Good Technology Product Portfolio
BYOD Security Productivity Collaboration Management Innovation
Business
Process Good Mobile
Manager
Collaboration Centralized
& Productivity Good For Enterprise Management
3rd Party Apps Enterprise Apps
Applications Collaboration
Foundational
Development
Platform Set Policies
Secure,
Trusted Mobile Secure AppKinetics Certified NOC Secure Scalability
Provision Devices
Infrastructure Container Security Transport
Mutiplatform
Support Distribute Apps
9. The Good Container Approach
• Encryption (AES 256)
• Secure back-end connectivity
• Container level Policies & Compliance
Restrict ‘open with’,
cut/copy/paste, and iCloud sync
Application level password
Remote wipe of the container
Detect jail-broken/rooted device
• Additional Application Services
• Push, Inter-container interop, Collaboration
10. A Container, not A Silo
Basic Good Dynamics
Containers AppKinetics TM
Non secure,
OS-based,
Data flow or
Exchange
Secure
Good Docs
Mobile Messaging
11. Good Dynamics Components
Client Libraries
SDK and APIs
Security and Application Services
Good Control
Management: Policies, Compliance,
Users access to Apps
Good Infrastructure
Servers and NOC for Security
and Management Services
12. Mobile Application Development with
Good Dynamics
Benefits
No coding encryption
Compliance and Policies handled by and secure back-end
the framework access
Value added services
Secure Storage fasten development
Secure Enterprise back-end access App level
management, BYO
Interoperability between containers, friendly
client side single sign on Eco-system of ISVs
and SIs
Services
15. Mobile App Development for Salesforce
Native Hybrid Web
Good Technology Solutions
Good Dynamics GFE Secure
Good Dynamics
Platform & Browser
Platform & SDK
PhoneGap plug-in container
17. Sample #2: Enforce Custom Policies
Native (iOS) Hybrid
Retrieve the policies (defined by admin in the GC)
GDiOS* library = [GDiOS sharedInstance]; GDApplication.getApplicationConfig
NSDictionary *policy = [library getApplicationPolicy]; (success, fail);
if ([[policy valueForKey:@"copyPasteOn"] …
isEqualToString:@"false"]) {…}; var config = JSON.parse(result);
if(config[“copyPasteOn”] === “false”) {…}
Policy enforcement to be implemented by the developer
18. Developers: Next Steps
Web Apps – now with GFE Secure Browser
Native Apps – now with GD
Hybrid Apps – PhoneGap plug-in – in Good Roadmap
Good Dynamics Network
https://begood.good.com/community/gdn-welcome!input.jspa
Notas do Editor
Audience Poll: How many of you have an active BYOD program ? How may are planning one within 12 months ? How many do not explicitly have one ? How many of you have deployed mobile Apps ? 1- 5 ? 5 – 10 ? more than 10 ? Do not know what end-users are doing ?
Audience poll: How many of you have deployed Web (in browser Apps) ? Remote desktop ? MDM ? Containers ?
[BUILD SLIDE] The good product portfolio provides a complete mobility solution. First, we support the most popular mobile devices on the market today. [CLICK] We provide a trusted mobile infrastructure, including a secure container, AppKinetics, military grade security, our trusted NOC, secure transport, and high scalability. [CLICK] We provide a foundational development platform, Good Dynamics, which provides you a way to secure and manage your mobile applications. [CLICK] We provide collaboration applications through Good for Enterprise, and business process and productivity apps through our ISVs and enterprise developers. [CLICK] And finally, we offer Good Mobile Manager, the toolset necessary to complete your enterprise mobility management solution.
[BUILD SLIDE] So when we look at how Good Dynamics works with an enterprise/isv application, there’s really several major components: [CLICK] The Good Security and Management Infrastructure that provide the hooks for client libraries to leverage the power of Good Dynamics. [ CLICK] The Good Dynamics Client Libraries & APIs – resources and APIs that enterprise developers/ISVs can integrate into their application code. That’s really important to note. I mentioned on a previous slide the issue that a development manager has to face – hiring that killer coder who doesn’t know anything about security…well, now he can hire the killer coder, as security is handled by Good Dynamics! [CLICK] There’s the actual mobile application – untouched except for the set of APIs we just talked about. [CLICK] All of this is managed through Good Control - a c entralized web-based management GUI for IT Administrator to administer policies & manage users’ access to applications. This console is really the key to the power of Good Dynamics – a single point of administration of ALL Good Dynamics-enabled applications Let’s take a slightly deeper look at how this ties together…