07-11-2012 11:08 AM
My understanding is that MS uses an encrypted wipable database downloaded to the Mobile device and Sage uses a Web service. While response may be better for Dynamics, SalesLogix will offer significantly more access that is real time (no synching). But the real issue is Security. I'm not surprised that our IT person pushing the Dynamics solution suggests that the downloaded DB is more secure but the real issue comes down to the Web Server. He claims our security folks will not allow the Web Service.
So here are my questions:
1. Can the Web service be secured for Mobile and how is that done?
2. Assuming security, how is Mobile access engaged and how long does that access last before reauthenticating?
Thanks,
Larry
P.S. As a few of the old timers may remember I mentioned our eventual migration to Dynamics, something that I have little say in but I must admit I am looking forward to it with the exception of the support channel that you have provided!
07-11-2012 02:14 PM - edited 07-11-2012 02:16 PM
You can use:
A - SSL
B - Add WIndows Auth
"... He claims our security folks will not allow the Web Service...".
Sounds like the security folks are living in the dark ages and have way too much power/say. Just about everything out there in "cloud land" uses some form of web service.
07-12-2012 04:32 AM
RJ, I got the same questions yesterday from a Bank considering mobile.... SSL has nothing to do with customer information cached\stored on a iPhone\iPad solid state drive.
What is SLX doing about encrypting data ON the device.....nothing? And I haven't heard of Windows Authentication on my iPhone....
07-12-2012 04:52 AM - edited 07-12-2012 04:55 AM
True... but remember at this point in time there is no "local database" w/the SalesLogix Mobile Web app and it only will cache/save if you allow it to do so.. and even this can be (programatically) disabled to not allow the user to save (in the app) if you want to do so... and even disable the "saving" of username/password so that every time you launch you have to authenticate.
I would hope when the Sage SalesLogix Mobile Web team does implement a local storage they do go the encrypted way.. with a method that the individual user cannot override. To do less would make it a security problem for sure and probably not meet "standards".
FYI - Massachusetts has the strongest privacy laws (at the moment) on personal data stored electronically:
http://yro.slashdot.org/story/10/04/25/1745210/mass-data-security-law-says-thou-shalt-encrypt
http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf
Plus here's another link w/a TON of regs/laws - makes your head spin!
08-07-2012 11:01 AM
re: Disabling caching of data on mobile device
As RJL mentioned - the SalesLogic Mobile client can be configured to not cache data on the local device for off-line use (a new HTML5 capability is used for caching data).
re: Active Directory Authentication
The SData portal (Restful web services portal) that the SalesLogix Mobile client uses for user authentication and all data interactions can be configured for Active Directory Authentication - on the mobile device the user supplies the "domainName/domainLogonName" pair as well as their domain password. The IIS webserver that underpins the SData webportal authenticates the user with those credentials and then passes the validated authentication credential to the SData portal - this is all accomplished using the stanard ASP.Net membership provider framework.
Note that SSL should be used to encrypt the communication channel. An exception might be if a VPN client has been installed on the Mobile device and if the SData portal is only accessible from within the internal network.