Monday Aug 31, 2015

New Features : Oracle Mobile Security Suite Integration in Oracle MAF 2.1.3

Originally posted by Kundan Vyas-Oracle


MAF 2.1.3 provides a tighter integration with Oracle Mobile Security Suite (OMSS) integration offers capabilities like, Android Containerization, Data Leak Protection, Data Encryption, Application Tunneling, Container Authentication and Single Sign-On. Features like Containerization, Data Leak Protection and Data Encryption are already supported on iOS from previous MAF releases.

New Features

1. Support for Android Containerization

Mobile app containerization allows customers to add a standardized security layer to native mobile apps. 

The containerization process is simple, and developers do not need to change a line of code. MAF developers just need to deploy the application to OMSS, in JDeveloper or Eclipse. During the deployment, the app is first compiled and an unsigned version of the app is generated that is intended to be signed with an enterprise distribution certificate for distribution within the company. After deployment, a wrapped APK file is generated which is signed with the signing certificates which are configured in the MAF JDeveloper / Eclipse Preferences, in the Android platform section.

Enable OMSS deployment in JDeveloper 

Enable OMSS deployment in Eclipse 

2. Data Leak Protection on Android

Once a MAF app is containerized with OMSS, IT administrators can apply various data leak protection policies and restrict how and if users can share data within the app

  • Email allowed can restrict the ability to send email from an app.

  • Instant Message allowed can restrict the ability to send Instant Message from an app.

  • Video chat allowed restricts the ability to share information via services such as FaceTime.

  • Social Share allowed restricts the ability to share information via services such as Facebook or Twitter.

  • Print allowed restricts the ability of the user to print.

  • Restrict file sharing restricts the ability of the user to share files outside the secure enterprise workspace.

  • Restrict copy/paste allows copy/paste inside the secure container, containerized apps or between containerized apps, but not to apps outside the secure enterprise workspace.

  • Redirects to container allowed prevents any app outside the Mobile Security Container workspace from redirecting a URL into the container.

  • Save to media gallery allowed prevents images, videos and audio files from being saved to media gallery and photo stores.

  • Save to local contacts allowed prevents contacts inside secure enterprise workspace apps from being saved down to native device contacts app.

  • Redirects from container allowed prevents any vApp from the Mobile Security Container workspace or containerized app from redirecting a URL outside the Mobile Security Container workspace or containerized app.

3. Data Encryption on Android

OMSS Containerization provides the ability to encrypt the data stored offline within MAF android applications. Starting with 2.1.3 this functionality is available for MAF applications as well. Encrypted data storage includes application data, including files, databases, application cache, and user preferences. Developers can use MAF encryption with OMSS containerization without having to worry about double encryption. Within a containerized application, MAF frameworks delegates encryption to the container this ensures that there are no code changes needed based on whether an app is Containerized or not. 

4. Application Tunneling

MAF 2.1.3 release provides support for application tunneling through Oracle Mobile Security Suite on both Android & iOS. Application tunneling provides a secure way to access the corporate resources behind the firewall, within a mobile client, without the need of device level VPN. Tunneling functionality allows administrators to intercept, and manage, all the requests coming from a specific MAF application. Administrators can configure the requests coming from a specific URL to go through a proxy on MSAS server. They can also either completely block the requests, or redirect the requests directly to the internet.You can find more details on how to configure application tunneling in the Web Settings section of Administrative Console Guide for Oracle Mobile Security Suite.

5. Container Authentication & Single Sign-On

When Web SSO authentication type is used in MAF apps with Oracle Access Manager and Oracle WebGate used in the back-end for authentication, the end user is not challenged for credentials in the application after Container authentication. The user identity from the Container is propagated to the App and the back-end services. SSO across multiple apps in the Container is also supported, i.e. user can login once to the Container and access all the apps in the Container with out additional authentication challenges. 


Here is a quick demo which shows all three features (Android Containerization, Data Leak Protection, and File Encryption) 

Monday Aug 03, 2015

Oracle Integrates Mobile Security into Identity and Access Management Platform

Crossposting from Greg Jensen's original post here

Oracle released a Press Release announcing the availability of Identity Management 11gR2 PS3 (Patchset 3). This update to the IDM 11gR2 solution brings forth some groundbreaking new capabilities for our customers to enable organizations to realize success in the areas of new digital business and unifying identities across applications. This greatly simplifies the on-boarding of new users, applications and services such as mobile and cloud.  

Some of the new aspects of the PS3 update include a new "Business Friendly" user interface which provides a single console view of your provisioning, approval workflows, entitlement management, and more.

The update also introduces new capabilities around mobile security with the expansion of Oracle's Mobile Security offering to include Enterprise Mobility Management. This is achieved through the inclusion of Mobile Device Management capabilities as well as a consolidated policy management framework for simplified provisioning of devices, applications and access.

New materials that have been created to help you evaluate this new update include:

Stay tuned to the Oracle Identity Management product page for the latest information on how Oracle is able to solve today's business challenges, and stay on top of the latest information with Oracle's Twitter and Facebook pages.

Follow @OracleMobile 

Thursday Apr 30, 2015

PaaS Use Cases: Cloud Documents Sharing and Collaboration

In my post yesterday, I had announced the availability of the April Edition of Oracle Fusion Middleware Newsletter. The newsletter was all about how PaaS services are enabling a digital transformation in the workplace. Enterprises are now not just about their employees but the all encompassing ecosystem of employees, partners, suppliers and even customers. Geography and time zones no longer define the workplace. The workforce needs anytime, anywhere access to work content, available off any device. The same content needs to be shared and collaborated on by people both within the organization and outside. In this world, cloud content sharing and collaboration is not a nice to have but a must have. Oracle Documents Cloud Service (DOCS) is an enterprise-grade cloud content sharing and collaboration solution that allows you to store, share and access content from anywhere off Web, desktop and mobile devices securely and with access trails. But more than that,  Oracle DOCS ties the content available to you to context - to the enterprise content, business processes and applications that you rely on to get your work done.

To offer a 360-degree perspective on why Oracle is investing its R&D efforts in cloud sharing and collaboration, be sure to tune into our live executive webcast on Wednesday, May 13 at 10 am PT/1 pm ET where we would have not only our senior Product Management executives but also Oracle CIO, Mark Sunday, VP of Content and Digital Media Technologies at IDC, Melissa Webster, EVP of TekStream Solutions, our customer as well as Oracle VP of Marketing Cloud, Alex Hooshmand discussing the role of enterprise cloud content sharing and collaboration. Save the date and register today for this webcast.

In the meantime, take a look at some of the common use cases we find where enterprise-grade Documents Cloud Service adds value to Lines of Businesses and IT. Here is the feature from our recent April edition of the newsletter featuring our upcoming webcast's host, Scott Howley, Vice President, Product Management at Oracle.

Cloud Computing Use Cases: Oracle Documents Cloud Service

Cloud computing—software as a service, platform as a service, and infrastructure as a service—is an undisputed game-changer in the corporate world. But with so many different cloud options, it can be complicated to align them with possible real-life scenarios. Here’s where use cases come in handy. In this series of articles, the Oracle Fusion Middleware Newsletter will illustrate how various aspects of cloud computing work within a business setting. For this issue, we’re looking at Oracle Documents Cloud Service.

“One of the reasons that cloud-based file-sharing services are so popular is that they address a universal challenge. Every employee, regardless of their role, needs a secure way to share files for work collaboration,” says Oracle Vice President of Oracle Fusion Middleware Product Management Scott Howley. “In addition, today’s digital workplace requires a 24/7 access to work content from anywhere on any device.”

Use Case 1: Coordinating with Business Partners
Today, internal business functions work with a variety of outside partners—think, for example, of a project in which marketing collaborates with an outside agency on deliverables. “You need to be able to collaborate and share files in real time, but without jeopardizing confidential information such as a press release that could impact stock prices,” says Howley. With Oracle Documents Cloud Service, you have the convenience of collaborative access without the risk associated with consumer products. Enterprise encryption, auditing, tracking, permission controls, and automatic backups keep your information safe.

Use Case 2: Fostering Sales Collaboration
Sales teams often work under deadline, such as when creating a detailed customer request for proposal, a process that involves quickly changing versions that must be instantly shared with both internal and external parties. Additionally, the final output likely needs to be tied back to an opportunity ID in the organization’s CRM system. With Oracle Documents Cloud Service, automatic versioning and syncing ensures version integrity, and its ability to integrate with other Oracle Cloud services such as Oracle Sales Cloud means CRM opportunities won’t get lost.

Use Case 3: Support for Mobile Field Workers
Companies must ensure that mobile or field-site workers can easily and safely access documents—even those with sensitive company information—via a wide variety of devices, from smart phones to tablets and laptops. Oracle Documents Cloud Service provides that flexibility with native support for iPhones, iPads, and Android mobile devices, along with desktop sync for both Mac and Windows computers. Moreover, the ability to embed a user interface in applications, portals, or sites ensures that content can have limitless expressions as work dictates.

“As these use cases show, smart organizations want more than just a standalone file sync and share solution,” says Howley. “They want enterprise-grade security, control, and integration for cloud content sharing.”

To learn more about Oracle Documents Cloud Service, register today for the Oracle Documents Cloud Service executive webcast featuring Oracle CIO Mark Sunday and visit for more information.

Wednesday Apr 29, 2015

On PaaS, Mobile Security, Cloud Content Sharing: April Newsletter is Out

The April edition of the Fusion Middleware newsletter is now out. This edition is all about Digital Transformation. Find out how Platform as a Service (PaaS) is driving the digital revolution and get access to the latest IDC report on the PaaS market, business drivers, benefits and more. As personal and work boundaries blur in the digital age, organizations are getting increasingly concerned about security. The challenges is more acute with trends like Bring Your Own Devices (BYOD)and even Bring Your Own Applications (BYOA). How do you open your company without incurring the security risks? Find out how Mobile Security can help protect your IP, your brand reputation while still enabling a digital trend. And, we continue our ongoing series of Cloud Computing use cases. In this edition, we take a closer look at cloud content sharing and collaboration. Oracle Documents Cloud Service (OracleDOCS)  is an enterprise grade solution that not only offers the intuitive features of cloud file sync and share but to support the various use cases drives a PaaS for SaaS solution allowing you to unlock your company potential. be sure to give it a read to understand how enterprises today are leveraging OracleDOCS.

The newsletter comes complete with news, recent press announcements, information about upcoming events both regional and online, latest market and product materials, and more so don't miss it. And we recommend you subscribe to the newsletter today.

Sunday Mar 01, 2015

New! Establishing a Mobile Security Architecture

Excerpts from a recent publishing.

Beyond Brute Force: 3 User-Friendly Strategies for BYOD Security*

In 1825 a painter named Samuel Morse was visiting New York City to fulfill a portrait commission and received word that his wife—at home in Washington, D.C.—had fallen gravely ill. The following day, another messenger brought heartbreaking news: Morse’s wife had died from her illness. Morse rushed home as fast as nineteenth-century transit could carry him but arrived to find his wife already in her grave. This devastating series of events led Morse to dedicate the remainder of his life to finding a means of rapid communication over long distances—eventually leading to the creation of the single-line telegraph and Morse code.

In 2014 Morse’s tragic episode underscores some of the forces mobile workers are still facing today. We are working longer hours than previous generations, many of us at greater distances from those we love. Our smartphones bring us closer (expanding Morse’s vision) with the people we care about, being no more than a voice call, e-mail, text message, or Facebook wall post away. As a result, personal and work communications are intersecting, with 89 percent of employees today using personal mobile devices at work or using their work devices for personal applications.

The phenomenon of Bring Your Own Device (BYOD) to work gives employees a kind of comfort Morse never knew, but it makes CIOs and CSOs uneasy, sparking concerns about protecting corporate data and preventing unauthorized access to internal systems. These fears are not unfounded: recent statistics show that cell phone theft has created a $US30 billion black-market economy. In San Francisco alone, 50 percent of all robberies are cell phone thefts. It is not a matter of if but when a personal device with your corporate data will fall into the wrong hands.

Download and read the rest here.

Monday Feb 23, 2015

Enabling Mobile Application Management with Secure Enterprise Single Sign On


Oracle Mobile Security Suite (OMSS) addresses BYOD challenges by isolating corporate from personal data on consumers’ personal mobile devices without needing to lockdown the entire device. Using a technique called containerization; the Oracle Mobile Security Suite creates a Secure Workspace (SWS) in which corporate applications,email and data are stored. Only authenticated users can access the secure workspace to run applications and access data and only applications provisioned or approved by corporate IT can be installed and executed from within this secure workspace. If the device is lost or stolen, corporate IT can remotely wipe the secure workspace without affecting any personal data.

The OMSS Secure Workspace (SWS) leverages OAM infrastructure for secure authentication (or even strong authentication/risk based access in the upcoming PS3 release) and seamless single sign on to corporate resources for all containerized apps. In this blog post I'll describe how the OAM Mobile & Social (M&S) OAuth Service allows OAM to provide secure authentication and enterprise single sign on to Oracle's Mobile Secure Workspace (SWS) .

How it Works

In order for the Mobile Security Access Server (MSAS) to authenticate users against Oracle Access Manager and retrieve Oracle Access Manager and OAuth tokens for integrated single sign on, the Mobile Security Access Server (MSAS) is registered as an OAuth Client with the M&S OAuth Service. In the current PS2 release we support the Confidential Client OAuth flow only; however in the upcoming PS3 release we will support Dynamic Client Registration as well.

Confidential Client Flow - In this flow MSAS is the OAuth 2.0 Confidential Client and M&S is the OAuth Server as well as the Resource Server. MSAS uses the clientid and secret entered in the container as confidential credentials for this flow. The confidential client first obtains an JWT User Token (referred to as User Identity Assertion) using this clientid, secret and the userid and password entered by the user in the secure workspace. The confidential client then obtains an OAuth2.0 Access Token using a standard OAuth 2.0 JWT user assertion flow on behalf of the resource owner. The OAM Tokens to access 11g or 10g protected resources are then obtained using the extension OAM Credential grant type using this JWT User Token. MSAS stores the encrypted JWT UT and the OAM MT (corresponds to an OAM_ID cookie for OAM protected web resources) in an STOKEN which is returned to the secure workspace app. This allows an authenticated secure workspace app user to single sign on to OAM protected resources with the OAM MT in the STOKEN and to any OAM OAuth REST interface using the JWT UT in the STOKEN.

Dynamic Client Registration - In this authentication model, a workspace is dynamically registered with M&S through MSAS and the workspace itself obtains the JWT Client Token after successful workspace registration. Compare this to the Confidential Client Flow flow above where the workspace app uses the client credential of MSAS. The registration of the workspace basically involves app and device profile attributes to be automatically sent to the M&S OAuth Server which creates a JWT Client token based on the unique "fingerprint" specific to the app and the device of the workspace app. The rest of the flow is similar where the workspace app itself is the OAuth Client (mobile OAuth client) and M&S is the OAuth Server as well as the Resource Server. In this flow we support step up authentication (using KBA or OTP) and device context based fine grained authorization during both user authentication to the workspace app and subsequent single sign on to corporate resources from any of the containerized apps. This is now possible because M&S uses its built-in integration with OAAM (using the Security Handler Plugin) to perform risk analysis based on the device and app context now available in this authentication.

Monday Nov 17, 2014

Mobile Security - A Fine Balance Between Usability & Security

Mobile is a new channel that any IT team needs to consider carefully.  Enterprise IT teams are familiar with securing access from the Web browser from desktops and laptops within the firewall, and remotely via VPN.  But access from mobile devices is relatively new. Especially when its from mobile apps, not just a web browser. An app that in theory is a trusted app. And the smartphones are no longer an IT provisioned mobile device (e.g. the standard Blackberry).  Like it or not, it's a bring your own device (BYOD) world.

You could try to install something that locks down the entire device. And if the device is ever lost or stolen, remotely wipe the device and everything in it. A bit heavy handed perhaps? I for one, have a ton of family pictures and personal information stored on my BYOD smartphone, and I suspect you do too. It makes me a bit uneasy to know that if I misplace my phone, all that information would be lost! (Guilty: I don't backup as often as I should)

So there's the rub, right? If you come down with a heavy handed approach to security, end users may look for ways to work around it, or not use it at all. Somewhat self defeating.  What if instead, security was provided at a more granular level? Separating personal v. work apps so that only work apps are controlled and secured? Lost phone?  Wipe the specific secured apps. Later find phone under the cushions of your couch? Ok, at least those pictures of Jr. are still there. :)

Sound too good to be true? Not so. Check out this recent blog post Oracle Mobile Security Suite in action on the exact scenario I just described.  

Want to see how Oracle's customers are going mobile? Don't miss the Northumbrian webcast this week on Nov 18th!

Monday Oct 20, 2014

Lost and Stolen Mobile Devices?

Lost and Stolen Mobile Devices - A Disaster Waiting to Happen?

The 'Oracle Mobile. Simply Connected.' global study found that people aged between 16 and 24 are more likely to find a way to access work data and applications on their mobile device–with or without their employers’ consent. Yet they are also the most likely to lose their mobile devices, or worse, have them stolen. To learn more, click here

Get real time information on Oracle Mobile by following us on Twitter @OracleMobile or subscribing to the Oracle Mobile blog

Monday Oct 06, 2014

Mobile Highlights from OOW14

Another successful Oracle OpenWorld! We saw drones cruising over Howard St. as well as the America’s Cup trophy and championship sailboat, plus the concert Wednesday night had some great weather. We dialed in the weather. Tthere’s an app for that,  I think it’s called Oracle ExaWeather Control Center  and it's built on Oracle MAF ;-)   There were a myriad of mobile sessions and hands-on-labs as mobile at Oracle continues into into high gear.  Some highlights included:

Oracle Alta User Interface

Used by Oracle’s cloud applications, cloud services and available for customer-developed applications, new UI design principles deliver elegant user interfaces and experiences for web and mobile applications. Quote from the audience: "We were thinking of starting to rewrite our front end in AngularJS, but this new Alta skin looks awesome!”

Oracle Mobile Cloud Service (MCS)- Simplify enterprise connectivity, any app, any data, any data - secure. The demos were great and the hands on labs were packed. Mobile + Cloud = Rethink Mobile

Preview of Oracle Mobile Application Accelerator (MAX) - a cloud-based offering that brings mobile application development capabilities to professionals with no previous software development experience. With Mobile Application Accelerator, program managers, power users, and business professionals can develop mobile applications quickly and visually through their web browser.

Voila! Enhanced Oracle Mobile Application Framework + Oracle Mobile Security Suite. To simplify secure mobile application development, Oracle is deepening the integration between Oracle Mobile Application Framework and Oracle Mobile Security Suite as part of the mobile application lifecycle management process. This integrated approach makes it easier for developers to create a seamless user experience, without compromising security.

Are you developing with Eclipse?  These two were announced prior to OpenWorld, and worth repeating - a new version of Oracle Mobile Application Framework development is now available on the latest update of Oracle Enterprise Pack for Eclipse!

And as with the continued adoption and use of Oracle Mobile Application Framework throughout Oracle and its customers, there are 14 New mobile apps for Oracle E-Business Suite!

Need to go hands on with mobile?  Mobile Application Framework Challenge - The Oracle Mobile Application Challenge invites developers to demonstrate how the Oracle Mobile Application Framework can be used to create and/or extend an enterprise application through mobile technology and then deploy that application to a handheld device. 

If you weren’t able to make some of these great sessions, don’t worry.  Oracle Technology Network is sponsoring a Virtual Technology Summit covering mobile topics and more. 

Phew! More mobile? Go to and then follow us on Twitter @OracleMobile

Friday Sep 26, 2014

Thomas Kurian to Unveil The Cloud Platform for Digital Business

Author: Juliana Button, Director, Oracle Fusion Middleware

Want to know the inside scoop on Oracle’s middleware strategy? Don’t miss this great session with Thomas Kurian, Executive Vice President, Product Development, his key Product Management leads, and special guest, Steve Holland, Chief Technology and Digital Officer, 7-Eleven, as they walk you through this jam-packed session where Thomas will unveil Oracle Fusion Middleware as The Cloud Platform for Digital Business. You will hear the Oracle Fusion Middleware Strategy and see the new Middleware Cloud Services in action.

GEN8589: Oracle Fusion Middleware - The Cloud Platform for Digital Business
Monday, September 29, 1:15 p.m. -2:00 p.m.
Marriott Marquis, Salon 7/8/9

Steve Holland, Chief Technology and Digital Officer, 7-Eleven, will join Thomas on stage to discuss the “Digital Guest Experience” they have implemented on Oracle’s Platform-as-a-Service.

Come and hear about the Oracle Mobile Platform strategy and learn how Oracle Mobile Application Framework (MAF) supports rapid development across multiple devices; Mobile Security Suite provides mobile security for BYOD and COPE, shared devices, bringing together identity and access management; and Mobile Cloud Service simplifies access to enterprise mobile services in the cloud.

You will get a sneak preview of the Mobile Application Framework and Mobile Cloud Service as Suhas Uliyar, Vice President Product Management, demonstrates building a mobile demo that runs across multiple devices, and containerizes the mobile app using Mobile Security Suite.

Oracle’s Identity and Access Management Strategy provides a unified solution for managing, authenticating, and auditing user access across enterprise, cloud, and mobile applications; Encrypts mobile application data and protects mobile APIs for apps running on both personal and corporate-owned devices. 

Thomas will explain how you can simplify integration of on-premise systems with bespoke and packaged cloud applications through the new Integration Cloud Service (iPaaS) and support multi-channel delivery of applications and services across Mobile, Web, B2B, and Cloud through new API Management functionality, and REST, JSON and SaaS Adapters.

Vikas Anand, Senior Director, Product Management will show you how easy it is to connect E-Business Suite to Oracle Service Cloud using the new Integration Cloud Service.

Oracle’s comprehensive BPM Platform delivers business driven process design, mobile applications, and advanced analytics. The new Process Cloud Service supports process innovation and optimization through process monitoring and analytics, process automation capabilities including workflow, events and rules and mobile forms and workspace.

Oracle delivers a unified Data Integration platform across all enterprise systems to provide high-speed data movement across relational databases, operational systems, warehouses, and Hadoop clusters. You can integrate Data Quality with business applications to ensure clean data in operational systems and provide data governance and comprehensive metadata management for trusted business data. Oracle announces Oracle Enterprise Metadata Management that covers the full breadth of metadata management and data governance needs in an organization - data lifecycle management, harvest and integrate 3rd party metadata, data governance, stewardship and standardization.

Oracle’s Content and Collaboration strategy enables collaboration in the context of business applications and integrates content management, collaboration, and process management into an agility platform for departments. The Documents Cloud Service (available under Controlled Availability) provides document sharing securely across devices and with others using secure workspaces. Oracle Social Network provides an enterprise social platform to facilitate collaboration within and across organizations.

You can check out Oracle Social Network and the new Documents Cloud Service in the demonstration by Gangadhar Konduri, Vice President Product Management. You will also see how easy it is to go online and buy a subscription to Documents Cloud Service.

Thomas will highlight Oracle’s highly differentiated public and private cloud IaaS and PaaS - a complete, integrated, best-in-class and standards-based platform-as-a-service to lower integration costs, provide self-service capabilities to drive productivity and uniquely deliver seamless workload portability between on-premise and cloud using standard DevOps and management tools.

Mike Lehmann, Vice President, Product Management, will show us how easy it is to deploy a standard Java application to the Java Cloud Service from JDeveloper and then discuss how easy it is to move this application from the Oracle Public Cloud into an on-premise private cloud.

If you want the lowdown on Oracle’s Middleware Strategy, this is one session not to be missed!

Friday Jun 20, 2014

Oracle AppAdvantage: A Tale Of Mobile Phones and Toothbrushes

The word “Digital” is all the rage. But like most things in the world, the term means different things to different people. To customer facing enterprises, it means enabling customer interactions across multiple channels – online, mobile, social, et al. To others, it may mean leveraging technology to bring efficiency into a workplace – leveraging cloud, introducing BYOD for employees, building self-service portal, among other examples. Fore a few among us it means a painful reality that the world is changing and we must too!

To me, “Digital” means “Evolution”. I think it means having a modern, time-relevant perspective to meeting customers’ needs and solving business challenges. In my view, “Digital” is a call to action to leverage the latest technology or a combination of it to improving your bottom line – reducing time and cost overheads while building (and exploiting) new opportunities. Technology is no longer about automating IT tasks and processes, it is about delivering tangible value to the business ecosystem – its customers, partners, vendors and suppliers, and employees.

A small business can, for example, leverage social media marketing to do some effective but low-or even no-cost marketing. A manufacturing company can integrate their knowledge base with front end applications to enable self-support and troubleshooting, or perhaps build a collaboration forum for support solutions by peer customers. A high tech company can eliminate IT overhead by moving to cloud and perhaps use information security technology to secure end to end access. A credit card company can enable intuitive self service portal to enable customers and offer mobile alerts. “Digital” means taking advantage of the opportunity afforded by available technology.

And that’s what Oracle AppAdvantage is all about: leverage your existing investments in your business applications while allowing you to extend your capabilities, adopt new technology trends and enhance the value you provide to your ecosystem in a pace layered architecture.

And do you know why that matters in today’s world? Because we are living in a world where more people own a mobile phone than a toothbrush. (Source: Mobile Marketing of Asia and corroborated since)

Wednesday Jun 18, 2014

Standards Corner: IETF Revisits HTTP/1.1

HTTP has been one of the most successful IETF specifications aside from the Internet itself. When it was created in 1999, the authors of HTTP had no idea how big and how widely used it would be.  For many years the focus was on the evolving world-wide-web and HTML. The web itself went through many transformations with the introduction of Ajax and then HTML5 by the W3C.  Meanwhile, non-browser use of HTTP has been steadily growing especially with the exploding popularity of smart devices, the Internet of Things, and in particular RESTful APIs.

Last week, the IETF officially did away with RFC2616, the main specification document that defined HTTP/1.1. RFC2616 has been broken up into 6 specifications, RFC7230 through 7235.

[Read More]

Friday May 30, 2014

Standards Corner: Preventing Pervasive Monitoring

On Wednesday night, I watched NBC’s interview of Edward Snowden. The past year has been tumultuous one in the IT security industry. There has been some amazing revelations about the activities of governments around the world; and, we have had several instances of major security bugs in key security libraries: Apple's ‘gotofail’ bug  the OpenSSL Heartbleed bug, not to mention Java’s zero day bug, and others. Snowden’s information showed the IT industry has been underestimating the need for security, and highlighted a general trend of lax use of TLS and poorly implemented security on the Internet. This did not go unnoticed in the standards community and in particular the IETF.[Read More]

Monday May 05, 2014

Identity Enabling Mobile Security

Authored by Suresh Sridharan, Business Manager, Security

Smart Connected Device Growth: The growth of smartphones and tablet devices has been phenomenal over the past 4 years. Global smartphone shipments have grown extensively from approximately 100m units in 2010 to 725m units in 2012, reaching 1b devices in January 2014. Simultaneously, tablet shipments have grown from 5m units in 2010 to approximately 125m units in 2012. Tablet numbers are likely to touch 400m units by 2017.

This explosion in the shipment of smart connected devices has also led to a significant change in users’ behavior and expectations.

In a corporate environment, the phenomenon of Bring Your Own Device (BYOD) is gaining momentum. Gartner predicts that 38% of all organizations will have an “all BYOD” policy by 2016, up from 6% today (2014). If the same device is being used for both personal and work purposes, users will expect the same experience across corporate and personal apps. Further, employees regularly use similar apps for both business and personal purposes examples include: WhatsApp, Skype and Facebook..

Mobile devices present benefits both for organizations and for individuals. Surveys show that a BYOD policy helps employee gain an extra 37 minutes of productive time every week. To increase sales productivity, some of our customers are mobile-enabling sales teams to ensure that they have access to the latest information when they meet with customers.

Security is one of the most significant mobile device challenges both for consumers and for enterprises. Although mobile-commerce is growing rapidly (to $25b in the US alone), 60% all retail transactions that get to the checkout stage are abandoned with security as one of the main causes, according to recent data.

As corporate data on the device co-mingles with user data on a personal device, it becomes challenging for enterprises to impose restrictions on the use of devices. About 40% of adults do not protect their smartphones with a passcode, with married adults that number goes up to 45%.
In order to address security challenges, IT should be able to define and enforce policies that meet security and privacy standards to protect intellectual property, other corporate assets and optionally, personal employee data.

There are three things to consider while implementing security in the new mobile age:

  1. Implement a strong identity management system that allows one to manage users and ensure that they are able to access information based on the principle of least privilege to carry out the necessary tasks.
  2. Implement an access management solution to secure data based on who is accessing it and the risk profile of that specific transaction.
  3. Implement a mobile security solution that will help secure data on the device and ensure corporate security policies are enforced on the device from which assets are being accessed.

In essence, organizations need to ensure that application data is secured based on the user accessing it and the device and location from which it is being secured. Securing the device and the user identity, in isolation, is not sufficient.

Interested in following security blog more closely, check out the Oracle Identity Management blog here

Wednesday Apr 09, 2014

Standards Corner: Basic Auth MUST Die!

Basic Authentication (part of RFC2617) was developed along with HTTP1.1 (RFC2616) when the web was relatively new. This specification envisioned that user-agents (browsers) would ask users for their user-id and password and then pass the encoded information to the web server via the HTTP Authorization header. This form of authentication is still being requested today. Why?[Read More]

Get the latest on all things Middleware. Join Oracle's Middleware Community today.

Find Us on facebook Follow us on twitter Catch Us on YouTube 


« December 2015