Need to expose a sensitive internal web resource to mobile clients using iOS or Android devices? In this blog, I will outline how Blue Cedar Enforce can enable seamless and secure access, using our Compass browser with our Secure Microtunnel, Browser Configuration, and App Customization policies.
Internal Web Apps in Organizations
In today’s BYOD environment, employees are increasingly expecting to be able to access internal web apps from their own personal iOS or Android devices, which are generally not under enterprise management. Many organizations expose these internal web apps only through on premises WiFi or over VPN via managed devices.
As mobile web use increasingly eclipses desktop web access, organizations have added mobile support for internal intranet web apps, but face the challenge of exposing these intranet web apps over the internet. One option is to build separate mobile apps to access the same internal resources, an expensive option to develop each web app for each mobile platform. However, using a customized secure browser app allows you to provide the same web app capabilities to the mobile end users, with the requisite levels of security & end user experience.
For example, let’s consider a Paid Time Off web app, that employees can use to request PTO. The first step is to use Blue Cedar’s Secure Microtunnel policy so that Blue Cedar’s Compass browser app has network access to the enterprise. Next, we’ll use the Blue Cedar Browser Configuration policy to lock down the app so that it launches directly to the PTO tool’s address and cannot be used for generic browsing. Finally, we’ll use the App Customization policy to customize the look and feel of the app, to make it reflect the organization’s branding guidelines.
Secure Microtunnel Connectivity
Any app integrated with the Secure Microtunnel policy connects to the Blue Cedar appliance, deployed at the enterprise edge. After a one-time enrollment, connecting apps are issued a unique certificate that is used to authenticate to the appliance. The app is assigned an IP address from the enterprise network through the integration of a TCP/IP stack and secure IKE/IPSEC connectivity directly into the application. Blue Cedar Enforce intercepts network traffic at both the HTTP and TCP/UDP layer and redirects it through our own secure networking stack. This means that internal web app backends do not need to be exposed at the corporate edge.
Browser Configuration Policy
While the Blue Cedar Secure Microtunnel policy can be applied to any app integrated with Blue Cedar security, the Browser Configuration policy is specific to our Compass browser app, which is included free, as part of every Blue Cedar subscription. Browser Configuration lets an administrator change the icon and name of the Compass browser, and configure a kiosk style experience, where the browser launches to a specific site and prohibits the user from navigating to other URLs. For our PTO app, we’ll change the name of the app, change the icon, and set it up to point to the URL of our internal web app:
App Customization can be layered on top of other Blue Cedar policies to rebrand the end-user experience. By default, the screens injected into the app will look something like this:
Cloud Based Policy Console
Using the cloud-based policy console, any screens shown by Blue Cedar’s injected code can be customized to remove Blue Cedar branding and replace it with your own enterprise branding. An administrator can configure colors, fonts, background images, and enterprise logos, with a live web-based preview of what the screens will look like on a mobile device. App Customization can be applied to apps other than Compass, allowing a consistent user experience and strong enterprise branding across apps, even if they are supplied by different vendors. For our PTO app, the end result looks something like this:
That is all there is to it. With the click of a button, we can now integrate these changes into the Compass app. The process of integration modifies the original IPA or APK files, rewrites the bootstrapping portion of the code to initialize Blue Cedar tech, and injects any additional assets such as the customization logo above. From our example earlier, we can now distribute our new PTO access app to iOS and Android users across the organization – all without writing a single line of code.
You can learn more about the power of the Blue Cedar solution by signing up for a personalized demo. Don't wait, sign up today.