Cognos Mobile security

IBM® Cognos® Mobile combines the security measures of IBM Cognos Business Intelligence with the extra measures needed for mobile devices.

The security measures offer protection against loss and theft and against unauthorized access to the wireless network. The security applies whether the device is used in connected or disconnected mode.

The Cognos Mobile solution includes the following security measures that are implemented in the IBM Cognos and device-specific environments:

Standard IBM Cognos data encryption
Standard IBM Cognos authentication, including support for custom IBM Cognos authentication providers
PKCS12 certificates
Lease key technology
Device user authentication policies
Device-based mobile encrypted database
Standard device-specific secure data transmission and encryption
Device-based password protection
Remote device wiping

Cognos Mobile supports web servers that are configured to use basic authentication, such as Microsoft Windows NTLM, Microsoft Active Directory, and some configurations of CA SiteMinder. With these types of authentication, the app can cache the user credentials if the administrator enabled this option. For all other types of authentication, such as the HTML server response page, the app displays the page allowing the user to interact with the page as intended by the authentication provider.

Cognos Mobile supports single signon security configurations. However, typically, mobile device users are not preauthenticated to the security domain in the same way that desktop users are. Therefore, mobile device users usually have to provide their single signon credentials the first time they access the Cognos BI server.

Important: The IBM Cognos Mobile iPad application also supports single signon security configurations. Users can enable single signon from their iPad Settings by turning on the Pass-through authentication setting for the IBM Cognos application. When this setting is enabled, the iPad users are prompted for signon credentials the first time they access the Cognos BI server.

Optionally, logon credentials can be cached on the mobile device so that the user must log on only once to access both the device and Cognos Mobile. Cognos Mobile offers encrypted database technology as the content store on the device. Access to local device storage is controlled by a centrally-granted lease key that must be renewed periodically. You can configure the length of the lease, so that if the device is lost or stolen, the data will be inaccessible.

You can have different levels of security, depending on the needs of your organization. In addition to storing logon credentials on the device, you can allow anonymous logon or rely on the network security features of the mobile device.

For a higher level of security, you can use Cognos security for all communication or use lease key technology to control access to data.

For information about Cognos BI security, see Security Model. For information about device security, see the documentation for that device.