On-Premise Single Sign-On, the user friendly way to stay secure finally works on Android Enterprise

adrien-VD9Hsvg3DVQ-unsplash

Seamless Single Sign-On (SSO) authentication for mobile devices is now required more than ever. As security threats are on the rise and employees rely on their phones, especially for business related activities, so there is an increased need for a centralized login system.

What is Single Sign-On and how does it work?

Entering credentials manually is frustrating and very time-consuming. But it’s even more error prone on a mobile device. Being able to respond to work-related requests in time benefits employers and employees alike. Especially when your staff is working remotely. Here is where Single Sign-On (SSO) comes in.

SSO provides your users with convenient access to authorized resources without compromising on security. With SSO the user only authenticates once through their device – this is enough to identify the user and grant access for all applications in the company.

Kerberos, the standard of SSO

The Kerberos-authentication technology is the standard to provide Single Sign-On in the enterprise context. It is used within internal environments and has a proven track record. Some of you might wonder how Kerberos exactly works.

Basically, Kerberos comes down to this: It is a protocol for authentication, that uses tickets. It will avoid storing the passwords locally or sending them over the internet – instead it uses a trusted 3rd-party server, the so called KDC. Further it is built on symmetric-key cryptography that makes it extremely secure.

You have a ticket—your proof of identity encrypted with a secret key for the particular service requested—on your local machine; so long as it’s valid, you can access the requested service that is within a Kerberos realm. Rather than re-entering your user/password credentials, your ticket (cached on your system) is used to authenticate allowing for Single Sign-On.

What about Mobile?

Single Sign-On has always been a challenge on mobile phones – especially on Android devices. While companies got the advantage of the Kerberos SSO on their iOS devices, Android users where left behind. To bridge that gap Device Admin and EMM Proprietary solutions were needed to enable it.

Now that companies have to switch to Android Enterprise the Android world is lacking this important feature. Because Device Admin is being deprecated and companies have to switch to Android Enterprise the Android world is lacking this important feature.

Seamless SSO for Android

Fortunately there is some neat Swiss-made and EMM agnostic compatible solution called Hypergate. The Swiss company behind it is developing mobile security applications for more than a decade and designed Hypergate like a Swiss pocket knife: Simple, effective and offers a lot of possibilities.

Hypergate allows a hassle-free authentication to services and lets users consume the services they need on the go. That saves time and keeps the great Android user-experience they’re used to.

It leverages the open Android account’s APIs and enables SPNEGO Kerberos SSO authentication while using system apps like Google Chrome to browse the intranet. It simulates a secure Smart Card logon and handles the native Kerberos protocol just like any other workstation in your network. The communication happens directly with your KDC (Domain Controller), no additional backend component needs to be installed.

Will it work in my environment?

Hypergate is a very flexible application – it’s compatible with all leading Enterprise Mobility Management solution including MobileIron, Microsoft Intune, VMware Workspace ONE, BlackBerry and furthermore. In addition it is device agnostic, allowing you to have a fully diverse BYOD fleet.

The application can be deployed to all employees via the managed google play store. Besides, Hypergate does not require any infrastructural changes at all. Allowing you to set up SSO in hours, not months.

Truly Mobile with Hypergate

A recent update of Hypergate makes Passwords Expirations, Password Changes and Password resets a pain point of the past. It was often the case that if your support team was resetting your password, you were forced to change the password on a Windows machine. Finally your employees can be truly mobile. No dependence on having to use a computer to complete their work. This helps to eliminate the cost of support time.

Get in touch with us if you want to know more about Single Sign-On and Hypergate. We are a certified partner of Hypergate and we are keen to show you what impact Hypergate can have in your work environment.

when mobile is business critical

Mobile in business, is business critical. But how to safeguard the quality of service you are offering your employees?

With this in mind, we’re more than proud to announce you the mobile monitoring service.

The first ever tool that allows you to measure the full employee mobile experience within an enterprise context. From device EMM registration, VPN, intranet web pages, native apps up to in-house apps.

We drive down the operational cost of managing a large fleet of devices by reducing the time to fix and improve overall availability.

The mobile monitoring service provides you a real time view on the performance of all business apps in one dashboard.

This innovative service was developed in collaboration with Quamotion and the mobco engineering team. It radically changes the way we monitor and measure the mobile user experience by turning the problem upside down. In a traditional monitoring set-up you need to consolidate and interpret information coming from all components used for the delivery of the mobile experience. We consider this close to impossible and see an increasing number of employees calling the helpdesk to report infrastructure issues.

By using software robots running custom scripts, based on the customer requirements, we can measure the employee mobile experience continuously. The feedback is analysed using our smart warning system that takes into account the importance of the test and its frequency.

Continue reading here, including access to the datasheet >.

 

mobco wins Lookout award!

On the 2018 partner conference held by Lookout, mobco won the partner award for its achievements in securing mobile devices!

Lookout continues to invest in mobile intelligence to detect and counter attacks on mobile devices. This intelligence is used by mobco to further secure and protect data on mobile devices.

As stated by Mike Murray, VP at Lookout, the mobile device is ‘the’ place where malicious attacks take place these days. The device contains both all your personal and business data, logins and passwords.
“You use your mobile device for two factor authentication”, clearly an interesting target for someone who wants to break into the services or network you use!

Many, if not all, of attacks on mobile are actually user initiated, without them knowing: phishing!

This remains one of the toughest question in the industry: how can we counter this without channeling all traffic back to our traditional network? As one of mobco’s design principles is to see the mobile device always on an outside network, it’s impossible to inspect every bit that’s being consumed by the mobile device.

Lookout is working on the next level of pro-active mobile protection against phishing to solve this. A welcome addition to our portfolio and yet another service that will help us protect your data and better secure your business!

Another interesting fact: 3 awards were won by members of the Enterprise Mobility Expert Alliance!

 

Why make life hard…

The question we often hear is:”Why do these device manufacturers make life so hard to activate a new device?”

It’s true. There are too many passwords, login screens and an endles series of ‘yes’ buttons you just have to click to continue in the process. There must be something better?

And there is! With the Device Enrolment Program (DEP) we make life easy for your IT staff AND for your employee!!
Take a brand new iPhone or iPad, unopened box, give it to your employee and … wait.
Trust us, if your employee is not capable of making it work there is a hardware issue with the device.

mobco is an Authorized Apple Enterprise Reseller and we know how to make things easy, from hardware purchase at the very best commercial conditions up to the production part and end-user support.
See our movie of one of our devices enrolling in EMM.

(go full screen for best viewing experience)


No apple ID required.

No credit card required.

No personal email address.

Open the box and enjoy the magic!

Starbucks WiFi is the new corporate Network

This blogpost is written based on the feedback gathered during our Roundtable event on September 27th, based on my notes and interpretation.

Gartner states that the default management platform for employee devices, from PC to smartphone, should be an Enterprise Mobility Management platform (aka MDM). The same firm states that the driver for business transformation is the digital workplace (Digital Workplace Summit London 2017). You can find an article on the conference here.

And since the digital workplace is mobile first, reason enough for us to organize a Roundtable with customers and subject matter experts. On September 27th we welcomed Mike Murray from Lookout and Apple experts to cover 2 important questions on this ongoing business transformation: is it secure and can how can it improve the way I work?

Mike started by describing the new normal: most employees just want connectivity and do not longer want to be linked to a physical location to gain access to work resources.
Hence the title of this post and the conclusion that the traditional network perimeter is disappearing.

Traditional protection mechanisms are failing hard today, traditional SPAM filters are doing a great job in preventing people from clicking on malicious links – because they block the message – but what if that message is passed to the user via a different channel, say Facebook or Twitter ?
Cybercriminals are ready for their next big business and are massively moving towards mobile to gain access to your private data, corporate data, passwords, … Already today we find malware on 47 out of 1000 android devices and 1 out of 1000 on iOS.
Downloading from official app stores is strongly recommended, as this seems to be the number one location to get ‘infected’.
But users are sometimes not always aware they will get infected, the example Mike gave where a parent gets a text message that his daughter was in a traffic accident and “click here to find out in which hospital she is” illustrates how advanced, persistent and “low“ these criminals act.

Android is clearly the most targeted platform, partly due to the fragmentation of the platform and the inherent lower security, but also because this is the dominant platform in those regions where cyber criminals are mostly active; China and Russia.
In that respect we are lucky we can learn from what’s going on and protect ourselves.

To start, a correct configuration of the mobile device taking advantage of all configuration settings in terms of security is mandatory. These first measures are no guarantee, but they will certainly rule out the most common issues in the public/hacking domain.

Moving to the second part of the Roundtable the discussion was more oriented towards business functionality and what new features iOS 11 brings.
But before diving into the new toolset that is made available to the entire iOS community, we need to check where we are in the ‘Mobile Journey’. Transforming a business takes time to  move from a physical location for work towards a digital workplace that responds to the A3 strategy (the project name chosen by UBS in London for Any time, Any place and Any device – their concrete objective for the digital workplace).
Most of the companies represented around the table are today only using a basic set of functionalities on the mobile device, only a limited set of more advanced apps.
It is clearly understood the employees want more, but the back-end systems are just not ready – yet.


A question we often get is how to transform a PC application to a mobile app.
In our mind we don’t think you should do that.
PC application are built in different era when software engineers were asked to put as much features as possible in one application, hence the menu, sub menu and right click options. These applications require training and are offering features of which only 20% are used.
Mobile apps are developed with the user experience in mind, require no training and are used for 100% of their features – since ideally there is only one, the app itself.


Many of the attendees are currently not investing in such applications that could redefine their business processes.
Not yet.
The mobile journey towards the digital workplace is a process that can take many years and where some parts of the business are faster than (more regulated) others. Facebook as an example: banned in the beginning and today absorbing large chunks of the consumer marketing budgets with active daily usage.
Aside the commercial interest there is also the employee who wants to use new tools and the risk of shadow IT when no adequate tooling is provided.

As a consensus we also concluded not all functions in a company require a mobile first approach ‘today’.
The form factor of their prime computing device for business is defined by their function and personality.
It is up to IT to provide the most rich menu card to these employees in terms of functionality and security.

With iOS 11 Apple is adapting the OS, the interface and apps to the business level.
The Dock is there when you need it, multiple windows are open to accommodate easy switching between apps, drag&drop allows easy content creation, … the number of new features that in some form or shape feel familiar are now available on the most powerful mobile platform.

iOS 11 in combination with the iPad Pro invites you to find new, easy, simple ways to do your job.

During the entire Roundtable we used the new Apple TV to present, wireless.
We know that’s not a new feature, but the magic can be found under the hood.
The Apple TV is automatically configured when it’s plugged in for the first time using, imagine what that means for business meeting rooms.
No IT interactions needed, from procurement to production.

Let us assist you in your mobile journey and contact us to learn more about our workshop business transformation and the digital workplace!

Take control over your mobile devices before ‘they’ do!

Mobile devices are potentially next on the hacker’s list – it’s time to act and secure the mobile devices!
Join us on June 6th to get back in control.

In too many cases IT is seen as the ‘guys who restrict everything’, and in a lot of those cases that’s true – for a reason.

If IT wants to avoid bad things from happening, such as the ones we’re experiencing with the global ransomware attack, they need to close as much doors as possible. But how many ‘doors’ are that and how can we continue to ‘work’ while all ‘doors’ are closed?

An interesting comparison everyone can make in its company is between the security rules and measures on mobile and on PC. Knowing that only a fraction of the mobile devices being used for work are actually managed in some form, the results should be staggering… Where most PC’s are managed in a company, the mobile devices are ‘less’.
At the same time we see global hacking campaigns targeting PC’s (including business PC’s) with ransomware.

The success on PC’s is due to two facts:
– it’s easy due to the architecture of the platform
– there are a lot of those around

We could say the same thing for mobile devices, but the first one is certainly NOT true.

On PC’s the restrictions imposed by IT are also experienced as very restrictive (a typical employee can not install a private application) but is not very secure. Content from ‘outside’ can still be downloaded and infect the entire system, because the platform is designed that way.

On mobile devices the restrictions imposed by IT only affect corporate apps and data, the employee is in full control over his device and can install any app he or she likes – without any impact on the security of the device or corporate information.

On June 6th we organized an event with subject matter experts to dive into security, the GDPR link with mobile, because it’s important, but also to illustrate it should not be the final goal – it’s only the beginning of a business transformation where the employee experience plays a central role.

Contact us to get the presentations and speaker notes >