Pages

Monday, November 12, 2012

Oracle BI Mobile Security Toolkit

The Oracle BI Mobile Security Toolkit, version 11.1.1.6.2 .1272, for Apple iPad (iOS 5 and iOS 6) is now available for download from the Oracle Technology Network here (http://www.oracle.com/technetwork/middleware/bi-enterprise-edition/downloads/bi-mobile-security-toolkit-1872818.html).

Heh? What's that?
Here's the short blog post explaining what (my personal take, with lots and lots of help from our super PMs and development team working on this, of course!).


The Oracle BI Mobile Security Toolkit "provides the ability to generate a signed version of the Oracle BI Mobile HD application. The toolkit includes the instructions and necessary content to build this application making use of Apple’s Xcode and the IOS SDKs."

What this basically means is that this allows you - the customer - to take an unsigned, unpacked version of the Oracle BI Mobile app, and combine it with the third-party mobile security vendor of your choice to create a secure, containerized version of the Oracle BI Mobile that can then be managed with the mobile device management solution that you - the customer - choose. There are some restrictions and caveats, of course, but in a nutshell that's the premise of this toolkit.

This - additional layer of security - is important because mobile devices present a new challenge in terms of security and device management. With more and more business information being delivered to mobile devices like smartphones, even more pertinent for businesses - to tablets, and more and more business information being stored on tablets, companies have a vested interest in ensuring that these tablets can be managed by their IT departments, that the data when stored on these devices can be secured, and should a device be misplaced, any business applications and data stored on those devices be wiped, remotely if needed, and deleted by IT. As the oft-repeated cliche goes, your company's business data and IP walks out the door every time your employee carries a smartphone or tablet, with your company's apps and data on them, out the door. It is in your business interests to secure and protect that data.

While mobile apps like Oracle BI Mobile have several mechanisms to provide multiple levels of security - support for SSL, Single Sign-On, VPN, fine-grained access controls, control over offline storage of data, and more - some aspects like device management are best done by device management solutions since they allow an IT department to formulate and enforce policies across the board for all apps that their employees download on to their tablets.

So what does the toolkit do? It allows third-party vendors to generate signed secure versions of the Oracle BI Mobile app.

So what are some of the capabilities that a third-party device management's software provide that may be of interest to a customer? Apart from the BI Mobile app's own security features, a third-party MDM vendor could provide such features as geo-fencing (i.e. allow the app or selected apps to be operable only within a specified geographic area, and to either warn or disable access to the app should the user venture outside the specified area), improved encryption (for instance, enforce the encryption of the Oracle BI Mobile app's offline data at all times, or specify a different encryption algorithm), local data management (set policies for ensuring that old data is deleted from the device after a certain period), data wipe (a data wipe can be initiated remotely by an IT administrator that wipes all data from a specified app, or apps, or in some cases from the entire device itself).

A key benefit - for some customers - is "containerization". Containerization basically wraps the target app, in this case, for example, the Oracle BI Mobile app, within a container, that err, contains, a proprietary set of networking APIs, so that all network traffic - mostly HTTP and HTTPS, but also other protocols, depending on the vendor - from the target app to the container's networking APIs, so that an additional layer of security and verification can be implemented. You may recall that BlackBerry messenger services have employed such an approach, with great success over many years, and indeed, theirs has been an approach that other vendors have adopted when building enterprise security solutions for mobile platforms.

The download link for the Oracle Business Intelligence Mobile Security Tool Kit is available from the Software Downloads page of the Oracle Technology Network (see screenshot below).
Software Downloads on OTN

Alternatively, you can directly click this link http://goo.gl/up4PA to go to the download page (the direct link - http://www.oracle.com/technetwork/middleware/bi-enterprise-edition/downloads/bi-mobile-security-toolkit-1872818.html - in case the URL shortening service stops working). You have to click to accept the "OTN License Agreement", and then download the 25MB toolkit.
Download Page for the Oracle BI Mobile Security Tool Kit
There is a readMe.txt in the toolkit that outlines what you need to do to create a project using the app bundled with the toolkit.

Finally, note a few additional things.
First, there are some licensing restrictions that define what you can and what you cannot do with respect to customizations.
Second, this toolkit is delivered free of charge to you as customers. That also means that all other licensing requirements of using the Oracle BI Mobile app continue to apply.
Basically, please be sure to read all relevant material as it applies to your usage of the Oracle BI Mobile app and this toolkit - in case of doubts, please contact your Oracle contact to get these clarified. And yes - this is a disclaimer - please use this post only for general information, and do not take anything written here to be official Oracle policy. In case of doubt, check with your Oracle representative.


That's all folks. Take care.
Abhinav
Nov 12, 2012
Bangalore