Secure Mobile Applications. A Technical White Paper
|
|
- Hilary Anthony
- 8 years ago
- Views:
Transcription
1 Secure Mobile Applications A Technical White Paper
2 Contents Abstract 3 Reality of the Wireless Enterprise 3 Changing the Mobile Landscape 4 Good Architecture Overview 4 Good Security Model 5 Secure User Provisioning 7 Good Assurance 9 Appendix A 10 Good Technology BE-GOOD Secure Mobile Applications 2
3 Abstract This white paper provides a detailed description of Good Technology s Security and Architecture. It provides an overview of the changing landscape of mobile technologies within the enterprise and enumerates the key mobile device challenges faced by enterprise and government organizations. It describes how Good s solution helps administrators manage and control their mobile deployments while maintaining a high level of security that encapsulates enterprise data. Reality of the Wireless Enterprise Only your combined Information Technology (IT), Human Resource (HR), Finance, and Legal functions working closely with your executive team and business unit managers can determine the exact corporate liable and/or individual liable policy that best fits your company, meets its financial goals and objectives, and takes into account security, legal, regulatory, tax, or other requirements and considerations that may uniquely apply to your Company and its operations. Accordingly, the objective of this white paper is not to define an actual individual liable user policy. The questions and policy considerations outlined herein are just that, and must not be construed either individually or collectively as: (i) an actual or complete policy; (ii) either necessary or sufficient to meet the fiduciary, legal, regulatory, or other requirements that may apply to a particular company or policy; or (iii) legal or finance advice. Good Technology disclaims any and all liability for the use of this document and/or the considerations outlined herein, either in whole or in part, in the definition and/or application of specific policies by any company. Browser Access Secure Enterprise Collaboration Anytime, Anywhere Contacts Calendar Enterprise Telephony Audio/Video Conference Voice Mail IM & SN Firewall Document Sharing Good Technology BE-GOOD Secure Mobile Applications 3
4 Changing the Mobile Landscape There are three broad categories that capture the changing landscape in enterprise mobility: 1. Consumerization of IT Infrastructure Smartphones have replaced feature phones as the must-have gadgets among consumers, and increasingly these devices are finding their way into the enterprise. Employees are willing to bear the cost of these mobile devices and associated data plans, which creates an opportunity to eliminate millions of dollars from enterprise IT budgets and make room for mobilizing more applications beyond to increase employee productivity. 2. Device Diversity Rich capabilities including entertainment functions, personalization functions, and applications for increased productivity are driving the adoption of a wide variety of devices. This is leading organizations to move away from supporting a standardized set of devices from one device maker to satisfy employee needs, while protecting sensitive data. 3. Rapid Application Deployment The computing and networking capabilities of smartphones today and the speed with which they are adopted by end users requires new applications that leverage these devices capabilities. IT organizations are looking to rapidly prototype and deploy such applications to reap benefits of mobility while maintaining appropriate security and access control. The Security Challenge For all the promise of these new technologies, security remains the Achilles heel of mobility deployments. Organizations must address security issues to recap the benefits of mobilizing the enterprise. CIOs consistently rank security as one of their top IT priorities and the unique nature of mobility outside the walls of the enterprise adds heightened awareness of the threat. Security breaches put companies valuable assets and information at risk. You cannot compromise intellectual property, proprietary business processes, business intelligence, and customer data in order to mobilize. As a result, CIOs and CSOs demand stringent security standards to ensure that mobile users are allowed access to key enterprise data only as authorized; that such data is safeguarded both during transmission to and while resident on handheld devices; and that the core IT infrastructure is not jeopardized. Good Architecture Overview Good for Enterprise is a comprehensive platform providing end-to-end, wireless, real-time collaboration and enterprise application access supported by comprehensive device management and security. Good for Enterprise provides mobile professionals with up-to-date information when and where they need it and gives IT the means to secure and manage a diverse fleet of smartphones. The data path through the Good system is encrypted end-to-end, from behind-the-firewall enterprise servers all the way to wireless handhelds. The Good platform is built on industry standards to provide organizations with maximum flexibility when mobilizing their enterprise and selecting handhelds. With Good, companies can avoid getting locked into a proprietary wireless system. Good s enterprise mobility platform supports the hottest current ios, Android, and Windows Phone devices. Good for Enterprise is a complete enterprise mobility solution. Users can easily access, in real-time, their , contacts, calendar, and enterprise Web-enabled applications such as Intranets, executive dashboards, wikis, IT monitoring portals and more. Users can view and send rich attachments, including graphics, Word, and Excel files. Using the File Repository, the user can save attachments securely within the Good for Enterprise application and send them via newly composed as attachments. Policy settings allow this feature to be enabled/disabled. Good Technology BE-GOOD Secure Mobile Applications 4
5 When enabled, the user can preview, delete, and open documents in third-party applications. File-handling policies allow administrators to control which file types can be saved, which applications are permitted to save the files, and which applications can be exported to, either inclusively (whitelist) or exclusively (blacklist). The Good Mobile Messaging server routes messages to the enterprise application servers, including Exchange and Domino servers. The Good Mobile Control server allows IT administrators to provision mobile devices that will be connecting to the enterprise via the Good Mobile client. The Good Network Operations Center (NOC) is the core of the Good architecture. Good servers register and authenticate with the NOC using industry standard security procedures. When the mobile device is activated, it authenticates to the NOC. The NOC manages the routing of the device data to the appropriate Good servers, and ensures that only authorized devices are allowed to connect to the enterprise servers. Once authenticated, the mobile device and the servers establish an end to end secure communications channel. The NOC does not have access to the security keys for this communications channel, so unencrypted data is never exposed in the NOC. Those keys are kept by the mobile device and the Good servers located behind the enterprise firewall. Good Security Model Good recognizes that managing enterprise security is a complex undertaking and requires a comprehensive approach especially when it requires providing mobile workers with anytime, anywhere access to the information they need. Good has satisfied the needs of some of the most demanding customers in government, defense and intelligence agencies; in regulated industries such as financial services, healthcare, legal, and defense contractors; and in large enterprises in high tech, retail, manufacturing, and other sectors. We understand that security in such deployments is vital to continuing business operations and growth. The move toward wireless data access extends the corporate network beyond the physical boundaries of the enterprise and frequently places the end point of the network outside the firewall while utilizing public networks to transmit data, raising a multitude of security issues. In such an environment, protecting enterprise IT requires a thorough understanding of the risks associated with mobilizing applications onto handheld devices over wireless networks. Good has developed a security model that addresses the security of every part of the infrastructure. This model has five key elements: 1. Authentication Good provides the administration tools to define strong authentication policies that are enforced consistently across all device platforms. Additionally, you can define policies to wipe the Good application and all its data (or optionally wipe the entire device) for failure to provide the correct password after a set number of attempts. Strong authentication policies can include disabling sequential numbers in passwords, requiring use of special characters, etc. You can also enable a policy that disables the Good application or wipes its data in the event that the device is off-line for a set period of time. This helps prevent an attacker from turning off the device radio in order to block the command from the server to wipe the device. 2. Securing the Platform Good provides strong protection on the platform, with policy controls that include strong encryption of data (over the air and at rest), full device or Good application data wipe, application white-listing/black-listing, detecting jailbroken iphone or rooted Android devices, and preventing certain applications from being installed. Encryption keys are stored securely on the device, and key strengths are designed to provide optimal balance between protection and performance. Good Technology BE-GOOD Secure Mobile Applications 5
6 3. Enforcing Access Controls IT managers can distribute management tasks across a hierarchy of administrators by using role-based administration that offers a set of roles, with varying permissions, for administering the Good server and users. By assigning appropriate roles to administrators, IT can better manage assets and increase security. Routine tasks, such as loading software, can be delegated to a wider group of administrators across multiple locations. More restricted tasks, such as setting global policies or remotely erasing a handheld when lost or stolen, can be limited to a smaller group. Administrators can create groups to organize and manage Good users. All policies and software distribution can be managed at the global, group, or individual user level. This provides IT with more granular control and reduces the time it takes to manage users, especially in larger deployments. IT administrators can also enable the self-service option, allowing users to manage a few policies on their own handheld devices. 4. Securing Network Access The Good server establishes an outbound connection through the enterprise firewall, which means there is no need to open inbound ports and expose the enterprise networks to a variety of potential attacks. Additionally, all network traffic between the device and the server is always protected using AES encryption. And since the NOC does not have access to the encryption keys that encrypt network traffic, the NOC only services encrypted packets and does not see un-encrypted data. The NOC provides the additional functionality of authenticating devices to the network, granting access only to devices that have been provisioned to access their respective services thus preventing rogue devices from getting onto the corporate network. The Good platform allows administrators to control the types of devices that connect to the network, based on the device operating systems that are allowed to install and run Good mobile clients. For management simplicity or security reasons, IT managers may want to standardize on handhelds running a certain operating system and prohibit all other handhelds. When this is the case, IT managers can prohibit use of Good on devices with a particular operating system or a specific version of an OS. This enables the IT administrator to ensure that devices are running with software that includes specific security features that are deemed required for the enterprise. Additionally, Good provides the optional capability to control access to various networks from the device, including Bluetooth and WiFi access. On some devices, Good can offer granular Bluetooth profile management, disabling file transfers and LAN access through the Bluetooth network from taking place, while allowing devices such as head-sets to pair with the device. 5. Data Protection Authentication All data at rest on the device is secured using AES encryption when the Good application is not in use. This assures the confidentiality of data at all times. On some devices, Good also provides the ability to encrypt folders and SD cards. AES encryption keys are derived using the industry standard PBKDF2 protocol and are generated from the passwords provided by the user. If a user s handheld is lost or stolen, the IT administrator can use Good Mobile Control to remotely disable the handheld and remove all Good application data. If a handheld device is recovered, the Good client applications can be restored over-the-air (OTA). IT managers can also initiate a surgical remote wipe of the Good data stored on the handheld if it is lost or stolen. The remote-wipe policy can be enforced on the device, on the SD card as well, and on some device platforms. In the event that the lost or stolen device is out of contact with the Good server for a predetermined period of time, the Good application can either be disabled or the data wiped. Access Control Network Access Platform Data Protection Good Technology BE-GOOD Secure Mobile Applications 6
7 Secure User Provisioning This section describes the security elements that take place transparently from the time a user is enabled to use a handheld in the enterprise network to the time it is provisioned to exchange secure data between the handheld and the Good servers behind the firewall. Connections from the Good servers to the Good NOC utilize Hypertext Transport Protocol (HTTP) and are protected by the Secure Sockets Layer (SSL). Since the connection is established in an outbound direction, there is no need to create an inbound opening in the corporate firewall. Most corporate security policies allow this type of traffic through port 443 without reconfiguring the firewall. However, IT managers may use port 3101 or port 4663 instead. Connections to the Good NOC are used only for sending data to and receiving data from the NOC. Since all handheld traffic is managed through the NOC: 1. No rogue devices can connect directly to the corporate network and all devices connect only through the NOC, providing another layer of security. 2. All applications from the handheld leverage a single connection rather than multiple connections coming into the corporate network from a single handheld. The Good servers authenticate themselves to the NOC by using the host-id and the unique server serial number and license information provided by Good. Provisioning a User for Handheld Use After Good servers are installed, connected, and authenticated to the NOC, the IT administrator can start enabling users by adding handhelds from within GMC. When an IT administrator adds a user to GMC, it generates a 15-digit alpha-numeric PIN associated with the user s address and sends a normal to the user s desktop. The user can access this OTA PIN over their normal desktop . If necessary, messages with the OTA PIN can be suppressed and you can adopt other more secure policies to communicate the OTA PIN to the user. At the same time, GMC creates a 128-bit hash of this 15-digit OTA PIN using industry standard PBKDF2 (Password- Based Key Derivation Function) and then encodes the 128-bit hash in Base64. The server then sends the Base64- encoded hash of the OTA PIN to the NOC. The NOC stores the Base64-encoded hash to help it authenticate devices that seek to connect to the NOC. Authenticating a Devcie to the NOC The user downloads the client (either from Good s webstore, iphone App Store, or Android Market) and launches it. The user is prompted for an address and a 15-digit OTA PIN. The user enters their address and the 15-digit OTA PIN described in the preceding section. The Good client on the device creates a 128-bit hash of this 15-digit OTA PIN using the PBKDF2 and then encodes the 128-bit hash in Base64. The client then authenticates itself to the NOC by sending this Base64-encoded hash to the NOC. The NOC compares the Base64-encoded hash it received from the client to the one it has received from the server. If it finds a successful match, it creates a unique identifier for the device and a mapping to the appropriate server for the device. The NOC then generates three symmetric keys called the GDPKeys and sends these to the device. These keys are used to encrypt the channel that is established for communication between the device and the NOC. The device stores the three symmetric keys securely in the client database. These shared keys are used going forward to authenticate the device to the NOC and encrypt the communication channel to relay payload to and from the server. At the end of this stage the server is able to communicate to the NOC and the device is able to communicate with the NOC, however, no device-to-server communication has been established. Good Technology BE-GOOD Secure Mobile Applications 7
8 Securing End-to-End Communications The following steps take place in sequence after successful device-to-server communication takes place: 1. After receiving the three keys, the client initiates a communication to the server by sending the NOC a 20-byte random number along with a client nonce. 2. The NOC relays this to the server. The server receives this 20-byte random number and the client nonce and responds with a 40-byte random number and a server nonce. 3. The client takes its original 20-byte random number, the server s 40-byte random number, and the original OTA PIN and creates an AES key. 4. The device uses AES encryption to securely send the device serial number, model number, MSIDN and/or other device-specific characteristics to the Good server. 5. The Good server uses its own 40-byte random number, combines it with the 20 byte random number from the client, and generates an AES key. The server uses this key to decrypt the information it just received from the NOC. At the end of this step, the device has authenticated to the Good server. 6. The server generates two session keys. It is seeded using a secure mechanism provided by the underlying operating system (Windows, CryptoAPI). The Session Key (Read) is automatically rotated every 30 days (a server-side setting that can be changed). This is the key that encrypts the payload data when it is in transit between server and client. The Session Key (Master) is not changed, but used to rotate and generate the Session Key (Read). 7. The NOC relays this provisioning data packet to the device. The NOC does not get access to these Session Keys and only the device with the exact same AES key can open them. 8. The device decrypts the provisioning data packet to access the Session Keys. The device stores these Session Keys in the client database. 9. The hash, the AES keys created from random numbers, and OTA PINs are discarded. 10. At the end of this stage, OTA provisioning is complete. The client has all the keys (five keys) to authenticate to the NOC (three keys) and encrypt/decrypt payload (to the server). The NOC has three keys for each client and the server has two keys for exchanging payload information with the client. Secure Container The suite of collaboration products from Good encrypts data when it is at rest and when it is in transit on the network, thus creating a secure container that IT administration can always control. Good employs industrystandard cryptography algorithms that are FIPS certified. Secure Client Database The Good client database (DB) on the handheld is a critical part of the end-to-end security that Good offers as part of its collaboration solution. It is the repository for all of the enterprise data that resides on the client including , calendar appointments, browser history lists, attachments, and cache and IM groups. It is vital to secure this data without compromising the authenticated user s access to information. When the provisioning process is complete, the user is prompted to create a password, assuming the administrator policy requires it. Good strongly recommends that administrators enforce a strong password policy for all handhelds. The client uses the password created by the user, concatenates this with a random 64-bit salt generated using a random number function. This derives an encryption key which is essentially a hash generated using RSA s Good Technology BE-GOOD Secure Mobile Applications 8
9 Password-Based Key Derivation Function (PBKDF2). The hash and the original salt are stored in separate files and used to authenticate users whenever they attempt to use the Good client. Secure End-to-End Communications The Session Key (Read) is critical to end-to-end communications and plays a critical role in maintaining the secure container and extending and securing the end point of the enterprise network. All traffic is protected using AES encryption and the session keys are not available to the NOC, ensuring data protection while information is transported through the NOC. Good Assurance Good has deep understanding and experience with government requirements and has designed its suite of products to meet DoD Directive and Homeland Security Presidential Directive 12. While thousands of government and enterprise customers have adopted Good for their most demanding collaboration needs, several third parties have also validated Good with formal certification. Chief among them are: FIPS Certification FIPS certification is a critical security standard for many government organizations. The cryptography employed by Good has been successfully tested by NIST-approved labs in conjunction with the Cryptographic Module Verification Program (CMVP) and certified to be compliant with FIPS Level 1. FIPS certification covers the operation of Good s cryptographic module, which implements AES encryption along with other cryptographic functions. FIPS also ensures the integrity of the cryptographic module in the field. Common Criteria EAL-4+ Good has submitted its products for Common Criteria EAL-4+ certification. Common Criteria is an international standard (ISO/IEC 15408) for computer security certification. To receive Common Criteria Certification products are submitted to an independent laboratory which conducts rigorous evaluation of the specification and implementation of the security product. Defense Information Systems Agency Good has been working very closely with the Defense Information Systems Agency Field Security Office (DISA FSO) on getting various smartphone operating systems approved for use on the Global Information Grid (GIG) in the form of a Security Technical Implementation Guide (STIG) and as a result is listed as a requirement in the Windows Mobile STIG, Android STIG, and the current Interim Security Configuration Guide (iscg) for ios. US Army The US Army has done several certifications and granted Good a Certificate of Networthiness (CON) as well as an Authority to Operate (ATO), which allows Good to be deployed Army-wide. Additionally, Good is listed on the Army s Information Assurance- Approved Products List (IA-APL) for its Windows Mobile solution. Good Technology BE-GOOD Secure Mobile Applications 9
10 US Air Force At the US Air Force, Good is the only approved alternative to Blackberry. Good has been tested by the US Air Force Network Integration Center (AFNIC), formerly known as the Air Force Communications Agency (AFCA), and is listed on the itrm Approved Products List. Good is currently deployed at all of the major inoscs globally. Department of Homeland Security The Good product is listed on the DHS Technical Reference Model (TRM) Approved Products List as a result of multiple DHS agencies testing, certifying, and deploying Good. Appendix A Security On ios and Android Good on ios and Android platforms offers some unique security functionality that includes Compliance Management. Compliance Management on ios and Android For the ios and Android platforms, Good provides the ability to restrict access to the enterprise data or remote wipe enterprise data depending on the compliance rules enforced by IT. These rules include the ability to detect whether the device has been jailbroken or rooted, the last time the device connected to the enterprise, the OS version, device type, and the Good client version allowed to access the enterprise data. These checks are performed at provisioning time, upon application startup, and based on an IT set interval (1-24 hours). 1. Jailbreak or Rooted Detection: A jailbroken or rooted device is essentially a modification of the underlying OS to behave in a way that it was not originally designed to do. It opens up opportunities for numerous security vulnerabilities. Enterprises can further secure their infrastructure and content by preventing the Good client from running on jailbroken or rooted devices. Although jaibreaking and rooting in and of itself does not expose any data in the Good container, they do enable an environment where malware, spyware, and viruses can be installed on a device that could ultimately compromise enterprise data. Jailbreaking and root detection is not an exact science. Hackers continue to find new ways to bypass detection mechanisms. Good regularly updates our detection processes to provide optimal protection. 2. Manage Device Types: Some organizations may wish to standardize on specific device types. For example, a healthcare organization may wish to allow ipads for access to collaboration and intranet applications, but prevent iphones or ipod Touch devices from doing the same. With Good, the IT administrator can enforce a compliance rule that allows only specific device types to access enterprise data. 3. OS Version: The ios and Android operating systems continue to evolve and new generations of iphones and Android devices provide greater functionality and user experiences compared to older versions. With Good, the IT administrator can enforce a compliance rule that allows only devices with a specific OS to access enterprise data. This enforcement can also be used to ensure that OS versions that contain security vulnerability patches are being employed by users. Good Technology BE-GOOD Secure Mobile Applications 10
11 4. Client Version Number: Frequent upgrades to apps on the iphone, ipad and Android devices are a reality. These upgrades are either due to enhanced functionality or resolving problems in previous versions. IT administrators may desire that all their users use a specific version number of the Good client, either for support reasons or because a specific version offers a security feature or usability feature that they wish to manage. With Good, IT administrators can force users to upgrade to a specific version number of the Good client by setting a policy that refuses to allow older clients to connect to the Good server. 5. Connectivity Verification: The most common mechanism to prevent a remote wipe is to disable the radio and network connections on the mobile device. This will result in remote wipes issued by the IT administrator never reaching the Good client. The administrator can set a policy to wipe the enterprise data within the Good container if the client has not connected to the Good NOC for a specific time period. Additionally, there are numerous other security features implemented for the iphone, ipad and Android devices which makes it possible to make ios and Android viable mobile collaboration platforms even for environments with the most stringent security requirements. See for yourself how Good can improve mobility for your organization. Visit VISTO Corporation and Good Technology, Inc. All rights reserved. Good, Good Technology, the Good logo, Good for Enterprise, Good for Government, Good for You, Good Mobile Messaging, Good Mobile Intranet, and Powered by Good are trademarks of Good Technology, Inc. ConstantSync, Constant Synchronization, Good Mobile Client, Good Mobile Portal, Good Mobile Exchange Access, Good Mobile Platform, Good Easy Setup, Good Social Networking and Good Smarticon are either trademarks or registered trademarks of VISTO Corporation. All third-party trademarks, trade names, or service marks may be claimed as the property of their respective owners. Good and Visto technology are protected by U.S. patents and various other foreign patents. Other patents pending. WP_Security&Architecture_Mar2012_US Good Technology BE-GOOD Secure Mobile Applications 11
Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here.
Securing Business Mobility Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices Your Device Here. Good supports hundreds of
More informationData Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.
Data Loss Prevention Whitepaper When Mobile Device Management Isn t Enough Your Device Here. Good supports hundreds of devices. Contents Shifting Security Landscapes 3 Security Challenges to Enterprise
More informationBalancing Security and Speed: Developing Mobile Apps for Enterprise
Balancing Security and Speed: Developing Mobile Apps for Enterprise Contents Executive Summary 3 The Realities of Developing Secure Enterprise Applications 3 How Data Leaves Mobile Devices 3 Partnering
More informationBring Your Own Device. Individual Liable User Policy Considerations
Bring Your Own Device Individual Liable User Contents Introduction 3 Policy Document Objectives & Legal Disclaimer 3 Eligibility Considerations 4 Reimbursement Considerations 4 Security Considerations
More informationSecuring Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper
Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones
More informationGood for Enterprise Good Dynamics
Good for Enterprise Good Dynamics What are Good for Enterprise and Good Dynamics? 2012 Good Technology, Inc. All Rights Reserved. 2 Good is far more than just MDM Good delivers greater value and productivity
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationONE Mail Direct for Mobile Devices
ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document
More informationTechnical Whitepaper. Secure Docs
Technical Whitepaper Secure Docs Contents Introduction 3 Overview 4 Technical Details 4 Conclusion 7 Good Technology 866-7-BE-GOOD www.good.com Secure Docs Technical Whitepaper 2 Introduction As of Q1
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationipad in Business Security
ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security
More informationProtecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices
Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices It s common today for law enforcement
More informationWHITE PAPER. Good Mobile Messaging Product White Paper
WHITE PAPER Good Mobile Messaging CONTENTS 1 Introduction 3 Good Mobile Messaging and the Good System 6 Reliable Message Delivery 8 Efficient System Management 10 System Redundancy and Monitoring 13 End-to-End-Security
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationWICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise
WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents
More informationMobile First Government
Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,
More informationiphone in Business Security Overview
iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationCHOOSING AN MDM PLATFORM
CHOOSING AN MDM PLATFORM Where to Start the Conversation Whitepaper 2 Choosing an MDM Platform: Where to Start the Conversation There are dozens of MDM options on the market, each claiming to do more than
More informationHow To Secure An Rsa Authentication Agent
RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationRSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide
RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks
More informationSalesforce1 Mobile Security Guide
Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationSecuring end-user mobile devices in the enterprise
IBM Global Technology Services Thought Leadership White Paper January 2012 Securing end-user mobile devices in the enterprise Develop an enforceable mobile security policy and practices for safer corporate
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationDeploying iphone and ipad Security Overview
Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services
More informationMaaS360 Mobile Enterprise Gateway
MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2014 Fiberlink, an IBM Company. All rights reserved. Information in this document is subject to change without notice. The software described
More informationBlackBerry Device Software. Protecting BlackBerry Smartphones Against Malware. Security Note
BlackBerry Device Software Protecting BlackBerry Smartphones Against Malware Security Note Published: 2012-05-14 SWD-20120514091746191 Contents 1 Protecting smartphones from malware... 4 2 System requirements...
More informationMobile Admin Security
Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing
More informationHow To Protect Your Mobile Devices From Security Threats
Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has
More informationWhen enterprise mobility strategies are discussed, security is usually one of the first topics
Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More informationMobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition
Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED 1 Background Traditionally, security has not been a high priority for e-learning; as such content was hosted and only accessible at the
More informationThe Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency
logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationMaaS360 Mobile Enterprise Gateway
MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2013 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice. The software
More informationChoosing an MDM Platform
Whitepaper Choosing an MDM Platform Where to Start the Conversation 2 Choosing an MDM Platform: Where to Start the Conversation There are dozens of MDM options on the market, each claiming to do more than
More informationTechnical White Paper BlackBerry Security
Technical White Paper BlackBerry Security For Microsoft Exchange Version 2.1 Research In Motion Limited 2002 Research In Motion Limited. All Rights Reserved Table of Contents 1. INTRODUCTION... 1 2. ARCHITECTURE...
More informationCortado Corporate Server
Cortado Corporate Server 100 % On Premise Installed & Run Entirely On Your Corporate Network Feature Mobile Device Device Policy Application E-mail Push Wi-Fi Configuration Push Enable secure BYOD and
More informationCopyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com
Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious
More informationMobility, Security Concerns, and Avoidance
By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to
More informationMobile Device Management Version 8. Last updated: 17-10-14
Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names
More informationSecurity Architecture Whitepaper
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
More informationMobile Device Management for CFAES
Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationProtecting Microsoft Internet Information Services Web Servers with ISA Server 2004
Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004 White Paper Published: June 2004 For the latest information, please see http://www.microsoft.com/isaserver/ Contents
More informationKaspersky Security 10 for Mobile Implementation Guide
Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful
More informationKaspersky Security for Mobile Administrator's Guide
Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that
More informationSecurity Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Security Technical Overview Published: 2014-01-17 SWD-20140117135425071 Contents 1 New in this release...10 2 Overview...
More informationThe Evolving Threat Landscape and New Best Practices for SSL
The Evolving Threat Landscape and New Best Practices for SSL sponsored by Dan Sullivan Chapter 2: Deploying SSL in the Enterprise... 16 Infrastructure in Need of SSL Protection... 16 Public Servers...
More informationMcAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync
McAfee Enterprise Mobility Management Versus Microsoft Secure, easy, and scalable mobile device management Table of Contents What Can Do? 3 The smartphone revolution is sweeping the enterprise 3 Can enterprises
More informationTroubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual
Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationSECURING TODAY S MOBILE WORKFORCE
WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table
More informationRSA SecurID Software Token 1.0 for Android Administrator s Guide
RSA SecurID Software Token 1.0 for Android Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,
More informationBlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise
More informationWhat We Do: Simplify Enterprise Mobility
What We Do: Simplify Enterprise Mobility AirWatch by VMware is the global leader in enterprise-grade mobility solutions across every device, every operating system and every mobile deployment. Our scalable
More informationPCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00
PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)
More informationHow To Secure Your Mobile Devices
SAP White Paper Enterprise Mobility Protect Your Enterprise by Securing All Entry and Exit Points How Enterprise Mobility Management Addresses Modern-Day Security Challenges Table of Contents 4 Points
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationWhite Paper. BD Assurity Linc Software Security. Overview
Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about
More informationMcAfee Enterprise Mobility Management
Technical FAQ McAfee Enterprise Mobility Management Frequently Asked Questions Device Management Q: Which devices do you currently support? A: McAfee Enterprise Mobility Management (McAfee EMM ) offers
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationLAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS
LAB FORWARD WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS Medical diagnostics are a vital part of the modern healthcare system, and instrument uptime is critical
More informationHow To Protect Your Business Information From Being Stolen From A Cell Phone Or Tablet Device
Page 2 of 14 Securing Critical Corporate Data in a Mobile World Page 3 of 14 Table of Contents 1 Mobile is the New Normal... 4 1.1 The Critical Importance of Mobile Security... 4 1.2 Mobile Security Challenges...
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationMobile Network Access Control
Mobile Network Access Control Extending Corporate Security Policies to Mobile Devices WHITE PAPER Executive Summary Network Access Control (NAC) systems protect corporate assets from threats posed by devices
More informationAddressing NIST and DOD Requirements for Mobile Device Management
Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW
More informationAdministration Guide. Wireless software upgrades
Administration Guide Wireless software upgrades SWDT207654-207654-0727045705-001 Contents Upgrading the BlackBerry Device Software over the wireless network... 3 Wireless software upgrades... 3 Sources
More informationHIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY
DATASHEET HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY Gold level EMM for BlackBerry Regulated-level security for BlackBerry 10 devices Ultimate security. BlackBerry 10 devices managed by BES10 with
More informationHow To Manage A Mobile Device Management (Mdm) Solution
Mobile Device Management Buyers Guide IT departments should be perceived as the lubricant in the machine that powers an organization. BYOD is a great opportunity to make life easier for your users. But
More informationiphone in Business How-To Setup Guide for Users
iphone in Business How-To Setup Guide for Users iphone is ready for business. It supports Microsoft Exchange ActiveSync, as well as standards-based services, delivering email, calendars, and contacts over
More informationMotorola Good Technology Group
Motorola Good Technology Group David Howarth Strategic Technical Architect Agenda Good Mobile Messaging Product Overview Motorola Good Technology Group January 2007 Good & VZW Contract Renegotiation..
More informationThe Security Behind Sticky Password
The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and
More informationSamsung Mobile Security
Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise
More informationSuccessful Mobile Deployments Require Robust Security
By: Maribel D. Lopez FIRMS MUST BUILD SECURITY ENABLED MOBILITY Mobility is no longer considered a luxury within enterprise but a critical part of a networking strategy as 9irms look to increase productivity
More informationBlackBerry 10.3 Work and Personal Corporate
GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationCisco Mobile Collaboration Management Service
Cisco Mobile Collaboration Management Service Cisco Collaboration Services Business is increasingly taking place on both personal and company-provided smartphones and tablets. As a result, IT leaders are
More informationTrust Digital Best Practices
> ARMING IT AGAINST SMARTPHONE THREATS Trust Digital Best Practices April 2009 The information contained herein is subject to change at any time, and Trust Digital makes no warranties, either express or
More informationPCI PA - DSS. Point BKX Implementation Guide. Version 2.01. Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core
PCI PA - DSS Point BKX Implementation Guide Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core Version 2.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566
More informationVodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence
Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence White Paper Vodafone Global Enterprise 3 The Apple iphone has become a catalyst for changing the way both users
More informationFeature and Technical
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Feature and Technical Overview Published: 2013-11-07 SWD-20131107160132924 Contents 1 Document revision history...6 2 What's
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationø Mobile E-mail Solutions
ø Mobile E-mail Solutions An O2 White Paper Contents 1. Executive Summary.................................................4 2. Introduction........................................................5 3.
More informationOur Key Security Features Are:
September 2014 Version v1.8" Thank you for your interest in PasswordBox. On the following pages, you ll find a technical overview of the comprehensive security measures PasswordBox uses to protect your
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationBlackBerry Enterprise Solution
BlackBerry Enterprise Solution Security Technical Overview for BlackBerry Enterprise Server Version 4.1 Service Pack 5 and BlackBerry Device Software Version 4.5 2008 Research In Motion Limited. All rights
More informationVMware Horizon Workspace Security Features WHITE PAPER
VMware Horizon Workspace WHITE PAPER Table of Contents... Introduction.... 4 Horizon Workspace vapp Security.... 5 Virtual Machine Security Hardening.... 5 Authentication.... 6 Activation.... 6 Horizon
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationGO!Enterprise Mobile Device Management ios Release Notes
GO!Enterprise Mobile Device Management ios Release Notes GO!Enterprise MDM Version 3.9.1 GO!Enterprise MDM for ios Release Notes 1 Table of Contents GO!Enterprise MDM for ios Release Notes 4 Revision History
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationRSA Authentication Manager 7.1 Security Best Practices Guide. Version 2
RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks
More informationEnterprise Security with mobilecho
Enterprise Security with mobilecho Enterprise Security from the Ground Up When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More information