Webinars & Whitepapers

Device Security Whitepapers

Certificate Enrollment for Mocana Atlas Extended Enterprise Engine
The Mocana Atlas Extended Enterprise Engine makes certificate distribution transparent and seamless by introducing the concept of a one-time enrollment for each app federation.

Mobile Application Security for the New Extended Enterprise
"Extended Enterprise" is an emerging term used to describe the greater community of third parties that enable an organization to fulfill a particular service or to produce a particular product. "Supply chain" or "Value chain" are proximate terms, but the new "Extended Enterprise" attempts to encompass more—really, the entire set of stakeholders in a company's success, including consumers and enterprise customers. Whatever the term, it recognizes that enterprises have customers, suppliers and vendors with IT systems and devices of their own, and that today the success of the enterprise is crucially tied to its ability to engage as closely as possible with the IT systems of those external stakeholders. The catch is, of course, is that those third-party stakeholders IT assets are not under the control of our "extended enterprise". Truly, more and more, these IT assets are not even under the control of the third parties that our "extended enterprise" interacts with.

451 Research: Mocana brings mobile app protection to iOS
In October 2011, Mocana launched Mobile App Protection (MAP) for Android. MAP provides four types of management policies that can be baked, by IT, into the binary file of any mobile application. With the launch of MAP 2.0, Mocana is adding support for iOS devices, bringing all the app-level controls used on Android to Apple iPhones and iPads.

Mobile App Protection Whitepaper 
Mocana's Mobile App Protection (MAP) is a security solution that automatically wraps fine-grained security and usage policies around individual mobile apps. MAP allows the enterprise to add multiple layers of protection to any app that needs more security.

App-Level VPN Whitepaper 
Secure communication is achieved through the creation of an App-Level VPN. MAP's App-Level VPNdiffers from traditional mobile VPNs that are complex to configure, not fully interoperable with VPN servers, and limited to one connection per device. Rather, App-Level VPN establishes a connection on a per-app basis and has no per-device limits.

Device Confidence Index - January 2012 
Composite Device Confidence Index Jumps to 113.2 in January 2012: After a Gadget-Filled Christmas, Americans' Faith in Devices Deepens… Except When it Comes to Their Secrets

Device Confidence Index - November 2011 
Device Confidence Index Rises 2.7 Points in Q3 2011: Despite significant increase in concern about hackers and viruses – overall confidence in devices is up quarter-over-quarter.

Summer 2011 Device Security Report 
In our Summer 2011 survey, we focused exclusively on the engineers that design and build the billions of connected devices that surround us. We wanted to understand the attitudes and opinions of the technical architects of the emerging "Internet of Things." While there is certainly a lot of sturm und drang in the technology press about the urgency of the mobile and device security problem, how do the folks that actually build these devices feel? Are they worried? More importantly, have security problems in these devices been whitewashed, or even covered up, by manufacturers?

Spring 2011 Device Security Report 
In this new survey, respondents showed increased awareness of connected smart devices and the rapidly growing risks associated with them. Almost half the companies surveyed say they aren't prepared to handle those risks. But organizations are going "full steam ahead" with device rollouts, anyway – which may dramatically increase the business, financial and liability impacts of future device security breaches.

Summer 2010 Device Integrity Report 
PCs are no longer the dominant form of computing. By far, most "computers," and most nodes on the Internet are now non-PC smart devices—an "Internet of Things." In the next few years, as this trend accelerates and everyday gadgets and machines of every imaginable type connect, security threats to individuals and society at large are likely to grow substantially. But how real is this threat to those actually creating the device ecosystem? And to what extent are these organizations actually preparing for it?

Spring 2010 Device Integrity Report 
The data is in: PCs aren't the dominant form of computing anymore. They're not even in the majority on the internet. Most computeres, and most nodes on the interent are now non-PC devices - an "internet of Things." In the next few years, as this trend accelerates and everyday household appliances and machines of every imaginable type pile onto the Web, security threats will grow substantially, and experts we talke to from many different segments of the economy say the situation will get worse before it gets better.

Attacks on Mobile and Embedded Systems: Current Trends 
With millions of new electronic devices connecting to the internet every day, hackers are increasingly focused on a new type of target: mobile and embedded systems. Such systems include point-of-sale terminals, wireless routers, smart phones, networked office machines such as printers, and even our electrical grid.

Best Practices for Testing Secure Applications for Embedded Devices 
Today's complex applications connect with each other using an enormous variety of communication protocols, and require significantly more complex testing to ensure that they not only function as intended under ideal conditions, but that they also contain no vulnerabilities that attackers can exploit.

Building Firewalls for Embedded Systems 
This paper explains more about firewalls, and then provides information specific to the embedded system environment, including best practices for building embedded firewalls that are inexpensive, efficient and effective.

Designing Security for Newly Networked Devices (Harbor Research) 
Designing A Secure Future, a Harbor Research white paper, investigates some of the fundamental changes facing our society with the impending wave of device networking. This paper examines a new and unique approach to securely enabling the growing number and diversity of devices connecting to the internet.

Freescale Semiconductor Whitepaper: Understanding Cryptographic Performance 
Cryptography is the art and science of encoding and decoding (enciphering / deciphering) data so that outside parties cannot decode the data.

IEEE Whitepaper: Understanding Android Security Devices 
The next generation of open operating systems won't be on desktops or mainframes but on the small mobile devices we carry every day. The openness of these new environments will lead to new applications and markets and will enable greater integration with existing online services. However, as the importance of the data and services our cell phones support increases, so too do the opportunities for vulnerability. It's essential that this next generation of platforms provides a comprehensive and usable security infrastructure.

Implementing SSH on Embedded Devices 
NanoSSH is Mocana's super-fast, super-small SSH toolkit specifically designed to speed product development while providing best-in-class security services.

IPSO - Introduction to Security for Smart Object Networks Devices 
The proliferation of smart objects creates new opportunities for hackers to disrupt services, steal sensitive information, and commit fraud, just as they do on conventional computer networks.

Mocana vs Open Source 
When embedded systems development teams investigate which security tools to include in their devices and applications, open source libraries often seem attractive. There seems to be an open source solution for virtually any security protocol, such as OpenSSL, OpenSSH, and the various flavors of "Swan" IPsec (FreeS/WAN, Openswan, and strongSwan).

The Increasing Importance of Security for the Smart Grid 
This publication will discuss Smart Grid security, including areas of vulnerability, strategic considerations, the layered approach to security, data management and privacy concerns, and scenario planning and threat profiling.

When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC 
Most computer defenses are based on the idea that preventing the introduction of malicious code is sufficient to protect a computer. This assumption is at the core of modern "trusted computing", anti-virus software, and other defenses like Intel and AMD's "no execute" protections.



SAP Mobility Whitepapers

SAP Solution Brief: App security for enterprise safety 
Secure Enterprise Apps in Seconds Across Managed and Unmanaged Mobile Devices. Security concerns can slow the momentum toward mobile computing. Whether your enterprise is deploying third-party mobile apps or developing them internally, they must be locked down tight. That's not easy. Users bring in their own mobile devices, download their own apps, mix personal and business content, and carry confidential business data outside of corporate protection.

Securing Mobile Apps in a BYOD World 
We have recently witnessed a major disruption in corporate computing, driven by the adoption of new mobile operating systems and bring-your-own-device (BYOD) environments. As enterprise IT organizations struggle to support new mobile strategies, they must comply with government regulations and internal security policies. With over 80% of North American enterprises supporting e-mail, calendar, and contact information on mobile devices, it has become clear that the devices can boost productivity and competitive advantage.

How Mobility Is Changing the Enterprise 
Forward-thinking enterprises use mobile technology across their organizations to give employees, suppliers, and customers access to appropriate data when and where they need it.

How Mobility Is Changing the World 
Innovative mobile technologies improve lives and society in both developed and developing economies.

How Mobility Is Transforming Industries 
Utilities, health care, financial services, retailers and other leading adopters are reworking their mobile strategies to take advantage of the latest technologies.

Mobile Conquers the Enterprise 
Recent survey highlights growing interest in accessing enterprise systems via mobile devices