Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Mocana Extends Mobile Application Security to iOS with MAP 2.0

Mocana MAP 2.0 Helps Secure Apps Running on iOS Devices

Smart device security firm Mocana, today introduced the latest version of its solution designed to help organizations add fine-grained security and usage policies around individual mobile apps with ease.

Mocana MAP 2.0 Helps Secure Apps Running on iOS Devices

Smart device security firm Mocana, today introduced the latest version of its solution designed to help organizations add fine-grained security and usage policies around individual mobile apps with ease.

The San Francisco-based company today introduced version 2.0 of Mobile App Protection (MAP), which adds support for Apple iOS apps to existing support for apps running the Android platform.

In addition to supporting the two largest mobile platforms, MAP 2.0 now provides mobile app management for enterprise IT and end users. The company introduced the first-generation of MAP back in October 2011.

Mobile App ProtectionMocana says that MAP 2.0 uses unique, patent-pending technology that enables enterprise IT to “wrap” new layers of security into Android or iPhone apps, without requiring app source code access, without the need to write any code, and without negatively impacting performance, battery life or app usability.

The company notes that enterprise IT administrators can add new security features to apps with little or no security built in by design.

“Our device experience has taught us that if you start from the assumption that the phone or tablet is not secure, then you make different design decisions for application-level security,” said Adrian Turner, CEO at Mocana. “Rather than focusing on the device, we believe enterprises care most about securing and having fine-grain control over their applications and the information that runs across these devices. In many cases in the mobile enterprise, the devices aren’t even under full management by the enterprise. Mocana MAP is a truly innovative software manifestation of everything we have learned in the past nine years about securing mission-critical connected systems across every smart device sector of the economy.”

Mocana is clear that its solutions are much different than Mobile Device Management (MDM) solutions being adopted by enterprises to manage mobile devices. While most MDM solutions focus on whitelisting, blacklisting or determining what users should have access to certain apps, Mocana’s MAP 2.0 is focused on securing the app itself and the data it works with. MAP does work with existing mobile management solutions to extend their reach and make them more effective.

Mocana MAP goes beyond sandboxing, SDKs, containers and hypervisor technologies to make mobile apps, what the company describes as “truly self-defending”, with fine-grained security policies for each enterprise app and their users – post development, and even with third-party apps.

In addition to adding support for iOS, Mocana MAP 2.0 now includes features to help prevent loss of sensitive data by controlling who can access enterprise apps and when they can be used, including:

• For any enterprise mobile app – iOS or Android – data-at-rest automatically can be encrypted with FIPS 140-2 level 1 security, even if the app did not originally have any security built into it.

• Enterprise IT can put any app behind its own passphrase authentication prompt, allowing access only to authorized users.

• Secure cut, copy and paste help ensure that sensitive data can be shared only within the secured app itself, and not to unsecure portions of the device.

• Individual apps can create separate app-level VPN tunnels back to their enterprise gateways, with custom levels of security for each app, providing superior and more flexible security than that provided by whole-device VPNs. MAP 2.0’s IPSec-based VPN client enables apps to connect securely to almost any VPN server on the market.

• The Mocana MAP architecture allows for the rapid addition of new policies, like those based on location and motion of the mobile device, as well as date or time of day. Thus, enterprises can enable apps only during business hours, or shut them down whenever a device is in motion or outside a specific geographical area, such as the corporate campus.

“When enterprises want to go beyond delivering simple email services to smartphones, they quickly realize that more than a mobile device security management strategy is required,” said Eric Ahlm, research director at Gartner. “Savvy organizations are realizing that securing the app and information — rather than the device — allows for deployment of more apps to more devices, especially to those devices your organization doesn’t own.”

Mocana Mobile App Protection 2.0 is generally available now. Licensing is based on a subscription or perpetual model, with the option of a per-device or per-app basis.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.