Controlling access to enterprise resources by network-connected devices is critical to ensure that only authenticated and authorized users and devices gain access to sensitive information or services. To date, this has typically been accomplished by utilizing network firewalls, reverse proxy servers with authentication, and encrypted VPN tunnels. Today, however, enterprise resources are being moved out of enterprise managed data centers and into the “Cloud.”
The inventors have explored various ways of protecting enterprise-managed data centers at a device level. These solutions have addressed challenges related to, for example, the fact that cloud-based data services often do not provide the necessary features to allow enterprises to control access to the service at a device level, but rather permit access, without restriction as to any device, with proper user level access controls.
Controlling access to and distribution of enterprise resources, such as documents, databases, and executable applications, in a networked environment is critical to ensure that only authorized users and network-connected devices may gain access to sensitive information. Depending on the sensitivity of a given resource, an array of authorization rules may be necessary to ensure that the resource is adequately protected. Some resources may only require ensuring that the proper user is requesting the resource. Other resources may require compliance with more stringent authorization rules, such as determining whether an appropriate transport protocol is used (i.e., http and/or https) by the requesting device, determining whether access to the resource is permitted for a specified duration or at a given time, determining whether the resource is accessed from a secured device, etc.
However, in many such systems, it is necessary for the managing system to have significant control over the managed device in order to implement the desired protocols. This may present its own challenges in situations where, for example, all device users are not willing to surrender the necessary level of device control, and/or where enterprise managers may desire to allow users of non-managed devices certain limited access to resources on the managed network, such as data, etc. Accordingly, the inventors have proposed the following systems and methods to provide, at least in some aspects, methods of enforcing protocols on devices that are not otherwise under management of a Mobile Device Management (MDM) service.