For more than a decade, organizations have trusted Appian's highly-secure and scalable platform to automate and access critical business processes. Appian's new mobile client offerings extend that same secure process architecture to the mobile device, ensuring safe access and computing from any popular mobile platform.
Appian has built-in features and solutions addressing each of the major security considerations when building a secure mobile application, including:
All communication between client devices and Appian servers is transmitted over HTTPS with SSL encryption. HTTPS / SSL is the industry standard for secure web communication between devices. Encrypted SSL communication is a common industry accepted security measure to secure communication between a device and server over the public Internet.
Appian only allows trusted SSL certificates to be used when connecting to an Appian server, ensuring users cannot connect to Appian servers with untrusted certificates.
For RIM BlackBerry device users, Appian is designed to work seamlessly with BlackBerry Enterprise Server (BES) to securely manage each device and its network communication. BES is capable of adding additional Advanced Encryption Standard (AES) or Triple Data Encryption Standard (Triple DES) to network communication used by the Appian mobile application.
In addition, Appian's mobile application can be configured to work with a secure VPN connection from the mobile device. Virtual Private Networks (VPN) allow clients to establish a secure connection to systems behind the enterprise firewall. Restricting access to your Appian servers through a VPN adds guarantees that your servers will not be directly accessible from the public Internet.
Clients must first certify that each mobile platform supports their VPN software. Devices like RIM Blackberry, Apple iOS, and Google Android all support standard VPN protocols that work with most VPN connections. After a secure VPN connection is established, the Appian Mobile Client application can securely connect with the Appian Servers deployed inside your firewall.
Appian also offers secure VPN connections for Appian Cloud customers. Like an on-premise installation, the Appian Cloud servers will only be accessible from inside your enterprise firewall through use of a secure VPN connection.
[iPhone Authentication Pic]
All authentication to Appian from a mobile device is handled server-side. Appian does not perform any local authentication on mobile devices, ensuring authentication by all devices can be easily controlled by a central administrator.
Appian's authentication architecture can be easily integrated with your existing corporate LDAP or SSO authentication servers. Once integrated with your enterprise authentication servers, users may use their common network user ID and password for authentication from their mobile device to the Appian environment. Password management and account locking policies from your authentication servers will be utilized when connecting from mobile devices.
If not integrated with your enterprise authentication servers, Appian provides a PCI compliant authentication mechanism to ensure secure authentication of each mobile user. Appian can apply password complexity rules and automatic account locking after failed authentication attempts to prevent hacking attempts on user passwords.
Like all other communication, passing of authentication credentials from the mobile device to the Appian Servers is through a secure HTTPS/SSL connection and can be additionally secured using a VPN connection.
In addition to secure password authentication, Appian Mobile Apps can be configured with a separate passcode lock screen to control access to the individual mobile application. Like a passcode lock on a mobile device, the application passcode
lock restricts access to the Appian mobile application with a simple numeric key code required in addition to the secure password authentication. In some circumstances a device can become lost or stolen while an active session is in-place on the mobile device. The passcode lock is designed to provide an extra layer of security in these circumstances, requiring the user to enter a numeric key code to re-open the Appian Mobile App with the currently active session.
Appian stores the Appian server location and user ID information on each mobile device in an encrypted format. Documents downloaded to the mobile device from process events and tasks are also stored locally in an encrypted format. Process data, collaborations, tasks or other enterprise data are not stored on the mobile device and delivered on demand to the user via a secure network communication. Each screen in the Appian Mobile App is populated directly from the secure HTTPS/SSL connection with the Appian servers. This combination of storing only the minimum amount of data required for local processing, using local encryption, and secure network communication for all other data ensures enterprise data can be reliably secured on mobile devices for secure processing in the Appian BPM Suite.
Server location and user ID information that is stored on the mobile device is stored in the highest level of encryption available for each mobile platform. As encryption levels can vary between mobile devices and operating system versions, Appian employs a best practice to use the highest level encryption available on each device and system.
Appian's use of a native mobile app instead of merely a mobile-optimized web interface not only provides a superior user experience, but also offers protection against malware on mobile platforms. With the increasing adoption of mobile devices, there has been an equal increase in malicious applications being developed to steal information and infect devices. Many of these applications take advantage of common web attack techniques, such as javascript injection (XSS) or SQL injection to gain access to secured information. Malicious developers routinely concentrate on browser security holes as a primary means of attack, as this allows them to target a large number of sites rather an individual application.
As mobile browsers are less mature than desktop browsers, it is important to completely shutoff the possibility of a web attack on a mobile device. For this reason, Appian's use of a native mobile app provides an immediate security layer on your enterprise data. The Appian Mobile App performs all rendering using native controls and does not employ any browser javascript or rendering mechanisms.
In some instances, a malware application can gain root access to the mobile operating system and locally gather data from the device. Appian locally encrypts the server location and user ID to prevent malware access to connection information. Since Appian stores no data locally on the mobile device, there is no data for the malicious application to intercept.
In the event a mobile device is lost or stolen, it is a common practice to enable a remote disablement of that device to prevent theft of information or illicit access to software. Today, mobile device platforms provide varying levels of support for remote disablement that should be evaluated individually for their merits and issues.
Appian's deployment as a native mobile client application makes it easy for remote disablement features to also include removal or locking of access to the Appian Mobile App. If the device is remotely wiped of content, the original Appian Mobile App and stored connection information will also be deleted from the device.
Appian's use of server-side authentication also makes it easy for Administrators to remotely disable accounts or change passwords. Account disablement on the Appian server will prevent access by any mobile device using the same disabled login credentials, even during an active session. Password changes will equally guarantee that a lost device cannot use an existing password to access the Appian server through the mobile application.