Enterprise security

From Resco's Wiki
Revision as of 08:49, 22 January 2020 by Jzambor (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Security Guide

As important as it is to get the data about your customers, is to keep them secure once you have them. Especially on a mobile device. With Resco Enterprise Security pack, you don’t need to worry anymore. Now you are able to apply enterprise security measures and restrictions, set rules and user rights, select which data can be downloaded to the application, or even wipe-out the data from the application. You can do it all remotely, fortified with push technology. It does not matter anymore what mobile platform your employees use, you can take control of all your mobile device’s security rules through one simple mobile device management (MDM) console.

Mobile Device Management tools

Wikipedia logo
Wikipedia has an article on the same subject:
Index
You can index all your mobile devices in one structured list. This feature will give you a quick access to all the necessary information about all the mobile devices used to access CRM data in your company.
Groups
Divide the mobile devices into groups and apply different security rules. You can create unlimited number of groups and assign them various security policies. The group can consist of many devices or contain just a single device. It is up to you and your needs.
Model, OS and ID.
View details about a mobile device like the model, running OS, and device ID.
App version and user.
Woodford allows you to also see the currently installed version of the Mobile CRM app and user of the mobile device. This is helpful to keep your staff updated. You can just view which version of the app is your mobile user currently using and force the update.
Synchronization log.
See when your employees lastly synchronized the app. Keep track of the synchronizations and if it is necessary, force the synchronization remotely.

Push actions

Lock 
If a device is stolen or there are concerns about the security of offline data, the administrator is able to lock the application remotely on a single device, or a whole group of devices, in just one click and block the user from opening the application.
Wipe out 
In the worst-case scenario you can completely wipe out the data from the application. All is done remotely just by one click and regardless the synchronization. This means that you delete the data remotely from the mobile device and nobody will be longer available to see them.
Force full sync 
By just one click, you can force the application to perform a full synchronization of the data during the next synchronization of the app.

Device Control.png

Mobile Application Management tools

Create security policies
Session Timeout 
By enabling this option, you set the rule that the application locks automatically after X minutes of inactivity. After the lock, login is required to resume work with the application. Assuming that the device is lost, with this feature enabled there is very little possibility left for the unauthorized person to access the data using the mobile application.
AppLock 
In a case of need you can remotely locks the application. The user will not be able to work with the application until the access is enabled again by the admin.
AppWipe
Wipe out the data from the application remotely.
Check security policy on login 
If there is a policy set for the user or for the group of users, the application will verify it directly before the login. This makes sure the security policies apply on every launch of the application.
Force server connection 
The mobile device must connect to the server every (x) hours otherwise the login is refused. This way you can force the mobile users to use application and synchronize offline date on regular basis.
Force wipe 
If the app does not connect to the server in (x) hours, all the local data will be wiped out. You can set the interval you consider most fitting to your data security policy. This means that even if the device is left somewhere unattended, the unauthorized user will not be able to access the data after a configured period because it will be already gone. Simple, smart & safe.
Business hours 
You can allow users to access the application only within the configured business hours. For example, if you set the working hours to be 10am-5pm the user will not be able to work with the application at any other time, prior or after these hours. You can set this rule for one user or for a group of users, and you can do it all remotely, even without notifying the users.
Password validation 
Locks the app or wipes out the data after a number of incorrect password entry attempts. This is a great feature to prevent dictionary based or brute force attacks. If somebody will try to login to your mobile CRM application and you have this option enabled, they will lock the application directly after the configured number of incorrect logins.

All the enterprise security features can be combined to create an ideal security policy to keep your data safe from misuse.

Remote Application Management tools

To simplify the initial user access to the Resco app, use push applications via Remote Device Management. Follow the below mentioned parameters in your MDM to have control over your enterprise mobility.

Note This is the Apple-defined protocol, therefore, it applies only to iOS users for all MDM providers. Since iOS version 9.3, the mobile application supports MDM key-value pair provisioning on iOS devices.

You are able to specify the following parameters in your MDM:

UserMode (0:Standard, 1:External, 2: Anonymous, 3:CurrentWinUser, 4: OAuth2)
OrganizationUrl
UserName
Password
Domain
HomeRealm
ADFSUsername
SavePassword (true/false)
ExchangeUrl
ExchangeEmail
ExchangeUserName
ExchangePassword
SharePointServerType (0: SameAsCrm, 1: AD, 2: Online, 3: ADFS)
SharePointUserName
SharePointPassword

Once the above configuration is specified, the application skips the initial tutorial and shows the synchronization window (with the above values pre-filled) on the first run.