Aurena Native Security Considerations¶
IFS Aurena Native Apps works by connecting device specific applications through to the customer’s IFS Cloud system and communicate with IFS Cloud using oData through Aurena OData Provider. Aurena Native Sync Server prepares the data that is synchronized to the device. Both Aurena oData Provider and Aurena Native Sync Service communicates with Aurena Native Notification, which handles the push communication to the device and Aurena Native Executor, which handles the Aurena Native offline transactions.
Business logic that is specific to the Aurena Native Apps runs as a projection in IFS Cloud.
Securing the device¶
IFS Aurena Native Apps are most often single-user apps that rely on device security to protect data. Once a device has been unlocked users can view and act on information in the IFS Aurena Native Apps. There are exceptions to this rule; multi-user apps and apps that handle sensitive data. For these apps a password must be entered every time the app is started, but once the app is up and running it can still be accessed by anyone if the device is left unprotected.
IFS recommend that our customers adhere to best practice routines for protecting their devices. This includes but is not limited to the precautions listed below:
- The level of protection required depends on the sensitivity of the data in the particular IFS Aurena Native Apps installed on the device, but a minimum protection level would include a lock screen with pass code, pattern, finger print or equivalent lock method.
- Running any app on a rooted/jailbroken device is strongly discouraged for security reasons.
- For stronger device protection IFS recommend the use of MDM (Mobile Device Management) software.
IFS Aurena Native Apps are distributed through the standard channels for the different platforms; Apple App Store, Google Play and Windows Store.
IFS Aurena Native Apps use the same authentication mechanism as other IFS Cloud clients such as IFS Aurena. If IFS Cloud has been configured to use an external Open ID Connect Provider then that is what IFS Aurena Native Apps will use. For example if the system has been configured to use Azure AD then that is what IFS Aurena Native Apps will use. If multi factor authentication is required for Aurena Native Apps then IFS Cloud have to be configured to use an external Open ID Connect Provider which supports multi factor authentication.
It is important to note that IFS Aurena Native Apps always uses the DEFAULT application type when authenticating the Aurena Native Apps users. Please refer here for more information on Application Types
Protection of information in the IFS Cloud database rests on the same principles as if the IFS Aurena Native Apps were not there. This implies that what end users can do from IFS Aurena they can also do from an IFS Aurena Native App, if enabled for the system, and what they cannot do from IFS Aurena they cannot do from an IFS Aurena Native App even if the app is enabled for the system.
For IFS Aurena Native App dealing with sensitive data it is possible to make use of additional, app specific grants allowing customers to restrict usage of the IFS Aurena Native App to selected personnel. This is in addition to the regular privileges required to access the functionality through IFS Aurena.