MobileIron and Dropbox Enable Secure Document Collaboration

MobileIron Access addresses the entire cloud service lifecycle:

• Easy on-boarding
• Single sign-on (SSO) authentication
• Policy enforcement
• Conditional access
• Data-in-motion and data-at-rest security
• Audit and compliance reporting

SSO increases productivity
The integration with MobileIron Access builds on Dropbox’s enterprise mobility management (EMM) security controls by delivering SSO capabilities. The siloed sandbox architecture of mobile apps prevents traditional SSO techniques from working effectively so employees using a variety of cloud services like Concur, Office 365, Salesforce, or Tableau need to provide their credentials every time they log into an app.

MobileIron Access ensures that the mobile endpoint is registered with MobileIron, that the Dropbox Business app is managed, and then uses MobileIron Tunnel, a per-app VPN solution, for authentication. MobileIron Tunnel employs a user certificate to generate the single sign-on (SAML) token in order to provide seamless single sign-on to Dropbox and other enterprise-managed cloud services such as Concur, Office 365, Salesforce, and Tableau. This integrated experience provides employees with a simple user experience, and ensures enterprise data is protected.

The mobile app-to-cloud security problem
With mobile and cloud technologies, user ID and password do not provide enough security because they cannot prevent the following scenarios:

• Jailbroken phone: An employee uses the Office 365 mobile app to access business data on a jailbroken smartphone. Business data is now on a hacked device.
• Unmanaged device: A salesperson downloads the Salesforce1 app to their spouse’s iPad. Business data is now on an unsecured device.
• Unmanaged app: A salesperson downloads one of the dozens of apps that use APIs to connect to the salesforce.com cloud service. Business data is now in an unauthorised mobile app.

MobileIron Access can permit or block cloud access based on user identity, application, IP address, device posture, or other criteria, and it provides an unprecedented layer of security and control for enterprise data moving between apps and clouds.