CA Mobile API Gateway with Samsung KNOX At a Glance
Transcription
CA Mobile API Gateway with Samsung KNOX At a Glance
DATA SHEET CA Mobile API Gateway with Samsung KNOX At a Glance Samsung KNOX is a multi-layered device, app and data security technology that provides a secure and productive workspace for mobile professionals. Key features include Secure Boot, ARM TrustZone-based Integrity Measurement Architecture, Kernel with built in Security Enhanced Android Mandatory Access Controls and the KNOX Container. Together CA Mobile API Gateway with Samsung KNOX provides mobile app single sign-on while controlling access to APIs. This delivers a convenient user experience while extending Samsung’s existing KNOX capabilities for a unique end-to-end mobile app security solution from app to API. CA Mobile API Gateway mandates device attestation and container integrity as a condition for API access by users, devices and apps. Key Benefits/Results • Security Beyond KNOX. Additional security delivered outside of the device controlling access to APIs • Easy and secure app development. Mobile SDK provides a secure app framework that accelerates development within Samsung KNOX • Security that’s convenient. Enables SSO through the CA standards-based approach with SAML 2.0, OAuth 2.0, and OpenID Connect Key Features • KNOX Attestation for APIs Enables CA Mobile API Gateway customers to create policy assertions requiring device integrity and app containerization checks as a condition to accessing APIs • KNOX Single Sign-On for APIs. Single-click access across apps while controlling access to enterprise APIs • KNOX Container for APIs. Create or destroy secure space for apps while denying app calls to APIs • Secure Token and Key Storage. Protects encryption keys and client certs in TrustZone • \App Status and Logging. Track app, devices and containers connected and managed by CA Mobile API Gateway • Identity Standards. OpenID Connect, OAuth 2.0, SAML and PKI identify and authenticate users, apps and devices Business Challenges As the app economy shifts into next gear and the enterprise opens its borders to enable a more productive and satisfied mobile workforce, IT must approach security differently. The mobile channel, while a significant point of engagement, cannot be viewed in a silo. The API has enabled the enterprise to open up its data, externalizing value through multiple channels, of which mobile is one. Security must now be applied broadly. While some organizations have pursued the route of enabling per-app VPNs to secure the mobile channel, this approach is not only onerous on the user, but it doesn’t protect the entire channel. Mobile device vendors such as Samsung have built an enterprise mobile security platform that protects the mobile device, apps and data. While important, this is only one side of the equation. In order to protect the mobile channel end-to-end while centralizing security across all channels of engagement, applying security at the API layer provides the enterprise with additional security and administrative benefits. In the case of Samsung KNOX there needs to be a way to bridge on-device security capabilities with API security on the back end. Only then can IT be assured that the new open enterprise has a sound operational environment for enterprise access. Solution Overview Together, Samsung and CA provide a unique end-to-end mobile security solution for enterprise apps extending KNOX security to APIs. The solution can provide organizations with the ability to deliver users convenient access across multiple apps with single one-click access while controlling access to APIs based on the security state of the user, device and app. KNOX includes a SSO framework for mobile apps that offers a pathway to identity and SSO providers. Through the Samsung KNOX Authenticator, organizations may choose CA as its identity and SSO provider. Once the KNOX administrator chooses CA as the identity provider and the corresponding authenticator is downloaded to the device, access is then managed from the app all the way to the API delivering a complete end-to-end security solution.. CA MOBILE API GATEWAY WITH SAMSUNG KNOX In addition, organizations can now apply context to granting API access. KNOX administrators can create API policies that require device or app container integrity verification prior to granting app access to APIs. Similarly, the gateway offers API policy assertions that mandates device software attestation to be completed before API access grant. Combined, CA and Samsung deliver a convenient end-to-end mobile security solution that applies fine-grained context to improve security from the app to the backend API. For more information, please visit ca.com/api CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. CS###_#####