Secure Enterprise Mobility – with Ca Siteminder and Sap Mobile Platform 2

The team would like to thank all the colleagues from CA and SAP who helped with this project, including David Cruickshank, Roger Guedes, Heather Li, and Irakli Natsvlishvili for operational and infrastructure support at SAP Co- Innovation Lab.

SECURE ENTERPRISE MOBILITY – WITH CA SITEMINDER AND SAP MOBILE PLATFORM 3

Content

1 At a Glance ...... 4 2 Business Challenge ...... 4 3 Solution Overview ...... 5 4 Critical Differentiators ...... 6 5 Related Products/Solutions ...... 6 6 Reference ...... 7

SECURE ENTERPRISE MOBILITY – WITH CA SITEMINDER AND SAP MOBILE PLATFORM 4

1 At a Glance The widespread adoption of mobile devices poses significant challenges for organizations to ensure that their security policies are being implemented effectively and consistently across all access channels. This is because core security functions (such as user authentication and authorization) are essential to protect critical applications and data from misuse by the growing number of mobile users. Validated at SAP® Co-Innovation Lab, the integration of CA SiteMinder® with SAP Mobile Platform provides a common, centralized solution to manage and enforce security policies across both laptops and mobile devices from either inside or outside the network. This integrated solution helps reduce risk, improve efficiencies due to reduced security administration costs, and maintain a convenient user experience.

Key Benefits and Results Simplifies security management and reduces costs: Enable a consistent security solution across all access channels and platforms.

Enables business growth: Quickly and securely deploy revenue-enhancing mobile apps.

Improves user experience: Reduce logins and personalize the mobile user experience.

Mitigates risk: Identify mobile users, control their access, and audit what they have done.

Key Features Mobile single sign-on (SSO): Reduces the challenge of multiple logins for mobile users to provide seamless access across diverse applications.

Flexible authentication: Enables mobile apps to be protected by authentication methods that are appropriate in strength to the app’s sensitivity; helps reduce risk of improper access by mobile users.

Policy-based authorization: Allows or denies access to mobile apps based on variables including user attributes, roles, groups, dynamic groups, location, time, or data sensitivity.

Scalability, reliability, availability: Helps meet the most demanding enterprise requirements through dynamic load balancing and caching to support the needs of complex IT environments with large numbers of mobile users.

2 Business Challenge Organizations are expanding their businesses and meeting the needs of their employees by moving towards widespread adoption of mobile access to corporate applications via mobile apps. But in doing so, they are faced with the prospect of implementing multiple security silos, each one of which might enforce basic security functions for a different access channel (laptops, smartphones, tablets and other mobile devices, and so on). This lack of consistent security mechanisms leads to high admin costs and the potential for incorrect channel-specific security enforcement.

Both consumers and employees need secure access to their applications through their mobile devices. For example, strong user authentication is critically important for devices that are consumer- or employee-owned and, due to their

SECURE ENTERPRISE MOBILITY – WITH CA SITEMINDER AND SAP MOBILE PLATFORM 5

small size, easily lost. But the IT organization must also provide a convenient user experience to help increase customer loyalty and simplify access to data, even while improving security for mobile users.

The silo approach to management of security is simply ineffective: it increases security admin costs, and can lead to security risks through inconsistent access privileges. What is needed is a common, consistent way to validate user identities and control access to applications across all access channels.

3 Solution Overview The integration of CA SiteMinder with SAP Mobile Platform extends strong and effective security to users of SAP mobile apps. SAP Mobile Platform is an on-premise or cloud-based mobile platform that accelerates the development and delivery of secure, highly scalable business-to-employee and business-to-consumer mobile apps on any device. SAP Mobile Platform is the only mobile app development platform with prepackaged apps available from SAP and over 100 development partners.

CA SiteMinder provides the enterprise-class security management needed to authenticate users and control their access to SAP mobile apps and portals. It enables the secure delivery of essential information and mobile apps to your employees, partners, and customers. In addition, it enables you to offer your customers a convenient user experience that is critical to helping you increase customer loyalty.

Most important, it enables you to have a common security mechanism to enforce policy across all access channels for all Web access applications, and helps eliminate the risks inherent in separate security mechanisms for mobile users. The integration of these proven solutions enables you to effectively and quickly provide secure access to your critical SAP mobile apps.

3.1 How CA SiteMinder works in an SAP Mobile Platform environment • The CA SiteMinder Web Agent is installed on standard Web reverse proxy. • The user is prompted for authentication credentials. • The user is authenticated (or not) by the CA SiteMinder Policy Server, based on the security needs of each application. • The user is authorized for access to this application, based on the user’s attributes (role, contextual factors, and so on). • Mobile app access to the SAP back-end server is granted.

SECURE ENTERPRISE MOBILITY – WITH CA SITEMINDER AND SAP MOBILE PLATFORM 6

4 Critical Differentiators CA SiteMinder delivers unparalleled reliability, availability, scalability, and manageability. For over a decade, CA SiteMinder has been a strong leader in enterprise-class Web access management and single sign-on. It is successfully deployed in some of the largest and most complex IT environments in the world.

The integration of CA SiteMinder with SAP Mobile Platform provides improved security for users of SAP mobile apps. The centralized authentication and authorization capabilities that CA SiteMinder provides in these environments not only improve overall security, but help reduce security admin costs and provide a convenient experience for your mobile users.

5 Related Products/Solutions CA Technologies (NASDAQ: CA) provides IT management and security solutions that help customers manage and secure complex IT environments to support agile business services. Organizations leverage CA Technologies software and SaaS solutions to accelerate innovation, transform infrastructure, and secure data and identities, from the data center to the cloud.

 CA SiteMinder® Federation enables federated cross-domain single sign-on or credential sharing; it is also available via the cloud with CA CloudMinder™ Single Sign-On.  CA AuthMinder™ enables deployment of a wide range of strong authentication methods.  CA RiskMinder™ provides real-time protection via risk-based, adaptive authentication.

SECURE ENTERPRISE MOBILITY – WITH CA SITEMINDER AND SAP MOBILE PLATFORM 7

6 Reference For more information about CA SiteMinder, please visit www.ca.com/iam. For more information about SAP Mobile Platform, please visit www54.sap.com/solutions/tech/mobile.html. For more information about SAP Co-Innovation Lab, please visit coil.sap.com.