Governed routing of enterprise data in hybrid mobile applications
First Claim
1. A method of protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure, said method comprising:
- utilizing at least one processor to execute computer code that performs the steps of;
detecting the hybrid application in the mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network;
providing, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network;
identifying, at least one data flow comprising enterprise content; and
providing a policy service which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network to be carried out by the provided controls;
wherein the policy service in conjunction with the controls isolates the at least one data flow from other data flows by recognizing the data flows as a collection of stack+heap variables and isolating the variables belonging to the at least one data flow from the variables belonging to the remaining data flows; and
wherein the policy service in conjunction with the controls routes the at least one data flow to a predetermined data sink and wherein the controls identify permissions designating at least one application that has permission to access the predetermined data sink with the at least one data flow.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and arrangements for protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure. A hybrid application is recognized in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network. There are provided, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network. A policy service is provided, which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network. Other variants and embodiments are broadly contemplated herein.
19 Citations
20 Claims
-
1. A method of protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure, said method comprising:
-
utilizing at least one processor to execute computer code that performs the steps of; detecting the hybrid application in the mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network; providing, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network; identifying, at least one data flow comprising enterprise content; and providing a policy service which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network to be carried out by the provided controls; wherein the policy service in conjunction with the controls isolates the at least one data flow from other data flows by recognizing the data flows as a collection of stack+heap variables and isolating the variables belonging to the at least one data flow from the variables belonging to the remaining data flows; and wherein the policy service in conjunction with the controls routes the at least one data flow to a predetermined data sink and wherein the controls identify permissions designating at least one application that has permission to access the predetermined data sink with the at least one data flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure, said apparatus comprising:
-
at least one hardware processor; and a computer readable storage medium having computer readable program code embodied therewith, executable by the at least one hardware processor, and comprising; computer readable program code configured to detect the hybrid application in the mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network; computer readable program code configured to provide, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network; computer readable program code configured to identify, at least one data flow comprising enterprise content; and computer readable program code configured to provide a policy service which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network to be carried out by the provided controls; wherein the policy service in conjunction with the controls isolates the at least one data flow from other data flows by recognizing the data flows as a collection of stack+heap variables and isolating the variables belonging to the at least one data flow from the variables belonging to the remaining data flows;
anwherein the policy service in conjunction with the controls routes the at least one data flow to a predetermined data sink and wherein the controls identify permissions designating at least one application that has permission to access the predetermined data sink with the at least one data flow.
-
-
13. A non-transitory computer program product for protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure, said non-transitory computer program product comprising:
-
a computer readable storage medium having computer readable program code embodied therewith and comprising; computer readable program code configured to detect the hybrid application in the mobiie device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network; computer readable program code configured to provide, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network; computer readable program code configured to identify, at least one data flow comprising enterprise content; and computer readable program code configured to provide a policy service which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network to be carried out by the provided controls; wherein the policy service in conjunction with the controls isolates the at least one data flow from other data flows by recognizing the data flows as a collection of stack+heap variables and isolating the variables belonging to the at least one data flow from the variables belonging to the remaining data flows; and wherein the policy service in conjunction with the controls routes the at least one data flow to a predetermined data sink and wherein the controls identify permissions designating at least one application that has permission to access the predetermined data sink with the at least one data flow. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
detecting a hybrid application in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network; providing, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network, the controls being provided in the mobile device runtime, and being configured to selectively permit the hybrid application to write data from a data flow to one or more data sinks; implementing the controls for segregating data flows in middleware, without modification to the hybrid application; providing, in communication with the hybrid application, controls for governed routing of data flows from the enterprise network; providing controls for segregating data flows within a server-side adapter corresponding to the hybrid application; and providing a policy service which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network to be carried out by the provided controls; the policy indicating data flows from at least one enterprise domain to be segregated from non-enterprise data flows within the hybrid application from other data flows by recognizing the data flows as a collection of stack+heap variables and segregating the variables belonging to the at least one data flow from the variables belonging to the remaining data flows; and wherein the policy routes the data flows from the at least one enterprise domain to a predetermined data sink and wherein the controls identify permissions designating at least one application that has permission to access the predetermined data sink with the data flows from the at least one enterprise domain.
-
Specification