June 5, 2017
AppBus Secure Platform
AppBus enables users to securely access internal enterprise resources using unsecured devices on the following operating systems:
The following archetypes are supported natively by AppBus:
- Intranet Pages and Applications
- Microsoft Exchange-based E-mail, Calendar, Contacts
- Local and Remote Document Access
- Existing Windows Applications
- NativeiOS and Android Components
- Secure RSS Aggregator
Encrypts All Data In-Motion and At-Rest
AppBus secures all aspects of data handling while the data is in-motion and at-rest. Access to AppBus is controlled by existing enterprise authentication and authorization systems. Multi-factor and step-up authentication are also supported. Geo-fencing technology enables fine-grained access control.
Data in-motion is protected by creating an encrypted communication channel between AppBus and internal infrastructure. The channel is encrypted by client and server-side certificates. Certificate pinning technology is employed to prevent MIM attacks.
At-rest, AppBus encrypts all enterprise data in a private secure storage. Highest-grade AES 256 bit encryption is utilized to ensure security. Unencrypted information is never stored on the user’s device. Control is available to remotely wipe all AppBus data in the case of a lost or stolen device. Optionally, data at-rest can be made available off-line. This functionality is governed by policy and can be managed remotely.
AppBus offers variable levels of data protection. The highest level of security is achieved by leveraging the streaming application viewer. In this mode, no enterprise information ever leaves the data center.
AppBus eXperience Platform Components
AppBus Container: Secure, native containers designed to run on iOS, Mac OS X, Windows, Android
- Support for all application archetypes
- Secure data at-rest and in-motion, including step-up, multi-factor authentication
- Off-line capability
- Mobile Application Management (MAM) functionality
AppBus DCP (Distributed Control Plane): connects edge devices, enterprise systems and workflows
- Improves usability by sharing data/Context across systems and applications
- Non-invasive application and system integration requires no code changes
- Automates single-sign-on functionality across systems
AppBus Insight: Rich user action metrics and logs across all users and devices
AppBus Manager: Management and configuration portal with a security policy engine and user activity alerting
AppBus Integrator: Allows for wrapping legacy applications with a modern REST API
AppBus Secure Storage consists of:
- Encrypted File Storage
- Encrypted Database
Secure Storage Encryption
Is based on SQL Cypher and is created upon user login. Encryption is done using AES-256 CBC using a derived 256-bit key based on user id and password, combined with 128 bit random salt, derived with 10,000 (configurable) PBKDF-2 iterations of SHA512 HMAC.
- All native and web applications store respective data only within secure storage
- Browser cache is stored in the encrypted file storage
- All downloaded attachments and files are stored in the Encrypted File Storage
The AppBus eXperience Platform leverages Secure HTTPS tunnel between mobile device and the enterprise infrastructure for all data exchange. The secure tunnel leverages enterprise authentication and entitlement systems to establish communication channel. Client side certificate and Server side certificate pinning eliminate the risk of traffic interception and MIM attacks. All secure and unsecure requests from web-based and native applications running inside AppBus eXperience Platform are intercepted and routed through the secure HTTPS tunnel. A cryptographic authentication token (OAuth2) is attached to every request to validate request authenticity.
Enterprise rules and restrictions are enforced when accessing internal and external resources. AppBus eXperience Platform provides additional level of control through the use of resource whitelists. Application and data channel idle timeouts ensure that unattended session will be automatically terminated.