KidoZen’s Mobile-First Middleware Beefs Up Security for Mobile App Access Control, Identity and Privacy
Enterprise mobile middleware firm KidoZen is taking a two-fisted approach to deliver strong and secure access control and privacy for mobile apps – all the way to the data level. IDN speaks with KidoZen CEO Jesus Rodriguez about the company’s latest identity upgrades as well as partnerships with top identity providers.
by Vance McCarthy
"Organizations doing mobile need to protect data assets, but to do this it requires a new contextual approach to securing the data."
Enterprise mobile middleware firm KidoZen is taking a two-fisted approach to deliver secure access control and privacy for mobile apps – all the way to the data level.
KidoZen is beefing up mobile identity management and security within its platform, as well as deepening partnerships with top identity providers, including Microsoft ADFS (Active Directory Federation Services), Okta, OneLogin and Ping Identity, among others.
“Organizations doing mobile need to protect data assets, but to do this it requires a new contextual approach to securing the data,” said KidoZen CEO Jesus Rodriguez. “Traditional security architectures don’t look at protecting the data being used by the mobile apps themselves.”
KidoZen’s “mobile-first middleware” brings into one unified platform many of the components mobile architects and devs are finding increasingly valuable, including MBaaS (mobile backend as a service), APIs, data management, analytics and security. More than simply stitching these components together, KidoZen built what Rodriguez called “a mobile-first middleware platform” tuned to meet the needs of a next-gen mobile DevOps, with features to help devs and IT operations get secure mobile apps up and running faster.
“We heard from companies that MBaaS was not simple enough to solve the problem of securely accessing data for mobile apps. One of our big differentiators is we combine integration, MBaaS with security and identity,” Rodriguez told IDN. In this latest update, KidoZen is enhancing its support for security and identity to help more easily and reliable secure mobile deployments and deliver confidentiality and integrity with new support features for authorization, privacy and access control at the data level, he said.
In specific, KidoZen’s latest mobile identity management and security suite includes the following capabilities:
- Allows mobile applications to leverage enterprise-ready identity protocols such as SAML 2, OAuth, WS-Federation, WS-Trust and JWT that simplify the authentication capabilities for mobile apps. KidoZen leverages these protocols to integrate with an organization’s on-premises or cloud-based identity provider and exposes simple authentication methods to be used within the mobile app.
- Supports single sign-on for enterprise mobile apps by establishing a trust relationship with identity providers involved in the single sign-on process, thus, allowing a mobile application to access data from two different enterprise systems.
- Enables authentication and federation capabilities of mobile applications with enterprise identity providers. The KidoZen identity federation platform delivers default integration with established identity federation providers such as Microsoft Active Directory, Google ID, Windows Live Connect, CA Site Minder as well as Microsoft ADFS, Okta, OneLogin, and Ping Identity.
Integrating with top identity provides was especially important, Rodriguez said. “KidoZen’s next-generation mobile identity management and security suite helps organizations extend their existing investments in identity management technologies to the mobile world,” he added.
Under the covers, essentially KidoZen is providing “a new identity federation gateway, optimized for mobility, which is complementary to the APIs we already provide,” Rodriguez said. “This approach provides reliable authentication, so you can leverage your existing [identity] provider for mobile apps and data.”
Moreover, KidoZen’s broad integration with industry leading identity providers simplifies the complexity of mobile security/identity tasks and helps enterprises leverage their existing investments. In essence, KidoZen provides an intermediate “policy engine” that evaluates authorization rules against many of the key components that drive the end-to-end operation of mobility. Among the top ones are:
- Applications – to manage the roles at the mobile application object level that can or cannot access the application. Access control is checked against the individual user’s unique identity
- APIs – to configure authorization rules that prevent specific users from accessing KidoZen APIs such as storage, logging, as well as access to connections with enterprise backend systems
- Data sources – to secure access to configured data sources using KidoZen’s mobile data virtualization and mobile data management
MBaaS++ - A Look Inside KidoZen’s ‘Mobile-First Middleware’ Platform
These latest identity/security features build on KidoZen’s core “mobile-first middleware” platform that was founded on the principal that mobile apps require an updated approach to middleware because enterprise service buses and SOA can’t meet the end-to-end needs of a mobile app. Rodriguez explained the genesis of KidoZen by pointing out some shortcomings to how today’s middleware technologies treat mobile.
“An ESB [enterprise service bus] doesn’t have a notion of an application,” Rodriguez told IDN. “It is not designed for real-time access or things like devices, carriers or networks that are unique to the mobile space. Building out mobile [middleware] from an ESB could become unmanageable very quickly. KidoZen’s mobile middleware architecture was designed from the start with concepts that map to end-to-end mobile app scenarios, including data integration, security and identity.
Rodriguez added another major distinction, in his view, between traditional middleware and mobile-first middleware.
“At the end of the day, you can be sure that one of the endpoints is always going to be mobile,” he told IDN. Knowing this, a mobile-first middleware can focus on several aspects of connectivity that traditional middleware don’t support, without a lot of custom coding, he said, including support for offline communications, heterogeneous devices, diverse networks/carriers, need for more and reliable real-time data access, and mobile-optimized data payloads, which are likely be smaller.
KidoZen’s approach to end-to-end mobile app and data security takes into account its mobile middleware platform architecture to deliver some notable benefits:
- KidoZen implements several identity management protocols that simplify the authentication and SSO for mobile apps.
- KidoZen makes it easier for developers to work on identity and security features, even if they not are familiar with the rigors of security standards, as well as thanks to KidoZen’s integration with leading identity providers.
- KidoZen can manage security for mobile apps at the object level, allowing access control to be checked against the individual user’s unique identity.
- KidoZen provides a “mobile pipeline” to simplify mobile app integration and security all the way to backend data and other services. This “pipeline” provides consistent system and data access from mobile apps, and presents views of security requirements, rules and policy constraints for each step in the mobile app’s communication from the user, to the app, to the backend resources and back again.
- Further, KidoZen lets admins configure authorization rules to prevent certain users from using APIs to access services. “So, just as one example, if any app is trying to access data outside North America, you can set a policy that says it needs to be encrypted. That policy is in KidoZen, and doesn’t have to be written for each individual app,” Rodriguez told IDN.
‘Mobile Data Virtualization’ Delivers Smart Mobile Integration
Another unique KiodoZen’s mobile middleware feature helps simplify mobile security and (data integration) is the company’s “mobile data virtualization” technology, Rodriguez told IDN. “This is a layer on top of middleware that lets you define not only data sources, but to bring together exact data that a mobile app needs,” he said.
For example, if an app needs information from Salesforce.com for a new customer form, or data from SAP to create an invoice, KidoZen’s approach to mobile data virtualization can locate and deliver that data more quickly than traditional data connector approaches, Rodriguez said. “That’s because with our mobile data virtualization, KidoZen can figure out all the data sources a mobile app will need, and we can locate and expose these using a single API,” he said. KidoZen leverages these same API principals to deliver complex mobile identity and security solutions for mobile apps, he added.
A KidoZen blog post describes the virtues of “mobile data virtualization” for security and integration to backend data this way:
Instead of directly invoking APIs, which require developers to know where data resides and the syntax of each data source, developers can now use a normalized syntax to invoke items from a common Data Catalog that IT populates with all the necessary detail about the source system. This unique approach extends mobile operation management from devices, to apps, to data. In addition to vastly simplifying data integration, KidoZen brings new levels of security, management and access control capabilities to the data source level, eliminating the security risks inherent in direct API-level access.
In fact, the KidoZen Data Catalogue is the key to making all these operations so easy for IT. Kidozen’s technical website describes the operation in more detail.
By virtualizing all the data your mobile applications use, KidoZen provides a single address from which you can browse and manage all the enterprise data sources relevant to your mobile apps. IT uses KidoZen’s Mobile Data Virtualization to compile a Data Catalog of all approved mobile app accessible data and data sources. The Data Catalog associates all the relevant data consumed by your enterprise applications and makes it available for common use via a consistent API. Changes to data source structure only require updating the catalog, not individual apps, providing a more manageable and distributed development process while simplifying client code
“End-to-end mobile app security can be complex because it should occur at many different levels,” including device, app, data, backend enterprise app, APIs and the data (resources) behind those APIs, Rodriguez said. “Our approach connects all of it.”
- Design & Testing for IoT-Enabled Smart Appliances Gets Easier with Ixia, K2 Partnership
- Harman’s Ignite Platform Helps ‘Connected Car’ Solution Providers Develop, Run, Manage In-Vehicle Apps & Analytics
- HPE Mobile Center 2.0 Drives Mobile App Success with ‘Always On’ Testing -- Combines Lab Tests, Live Monitoring, Analytics
- Alpha Software Accelerates Mobile, Web App Delivery with New ‘Coding Optional’ Features, New Offline Capabilities
- Avast's App Triage Program Provides Free Security Assessment for Mobile Apps -- Prior To Launch