CREDANT Mobile Guardian - Enterprise Edition

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CREDANT Mobile Guardian - Enterprise Edition"

Transcription

1 CREDANT Mobile Guardian - Enterprise Edition September 2007 CREDANT Technologies Security Solutions White Paper CREDANT Technologies Dallas Parkway, Suite 1420 Addison, Texas

2 Table of Contents THE MOBILE DATA SECURITY CHALLENGE...3 CREDANT MOBILE GUARDIAN ARCHITECTURE: INTEGRATED SOLUTION FOR EASY DEPLOYMENT...3 CREDANT Mobile Guardian Enterprise Server... 5 CREDANT Mobile Guardian Policy Proxy...5 CREDANT Mobile Guardian Local Gatekeeper... 6 CREDANT Mobile Guardian Shield... 7 CMG Shield for Notebooks, Tablet PCs or Desktops, and External Media...8 CMG Shield for PDAs, Smartphones and External Media...8 Optional Over-The-Air (OTA) Sync Control for PDAs, Smart Phones Negligible Network Impact of CMG Installation CMG FUNCTIONALITY...10 ENTERPRISE LDAP DIRECTORY INTEGRATION...10 ENTERPRISE DATABASE INTEGRATION...11 BROWSER-BASED CENTRALIZED ADMINISTRATION...11 Separation of Administrative Duties Audit Logs and Reporting Mobile Device Inventory Management SECURITY POLICY DISTRIBUTION...15 Over-The-Air Policy Updates for Pocket PC, Smartphone User Authentication Multi-Factor Authentication Support Self-Service PIN/Password Reset and Remote Device Recovery POLICY-BASED INTELLIGENT ENCRYPTION...19 Five Layers of Defense Windows Desktops, Notebooks and Tablet PCs FIPS Validation ENCRYPTED DATA RECOVERY...21 Automatic Key Escrow for Immediate Recovery USER AUTHORIZATION AND CONTROL FOR PDAS AND SMARTPHONES...22 User Status and Device Access Controls...22 User and Device Mutual Authentication On-Device Application Controls Communication Port Controls Always On, Instant Access Bluetooth Proximity Access CISCO NAC SUPPORT FOR WINDOWS-BASED DEVICES...23 ADDITIONAL USABILITY FEATURES OF CREDANT MOBILE GUARDIAN, EDITION 5.3 *...24 CREDANT MOBILE GUARDIAN SOFTWARE UPDATES...25 SUMMARY...26 CONTACT US

3 THE MOBILE DATA SECURITY CHALLENGE In an enterprise-wide mobile computing environment, the use of disparate mobile devices cell phones, personal digital assistants (PDAs), notebook computers, tablet PCs, smart phones (converged PDA/cell phone devices) and various types of removable media make it extremely difficult to control user behavior. You can no longer be sure who has access to your data or where it resides. Most enterprises find it impossible to even know how many devices are used by their employees; let alone what data resides on those devices. Employees often purchase their own device and synchronize and other corporate data to their computers at work and at home, placing sensitive data outside the reach of IT and security. Furthermore, driven by productivity and enhanced customer relationship benefits, the use of diverse types of mobile devices will continue to grow rapidly, making it increasingly more difficult for organizations to detect, protect, manage and support them. The large and growing memory capacity of mobile devices combined with the plummeting price of memory cards make it more likely that users will store even more critical information on their devices or on their device s removable media making it imperative that this information be encrypted for privacy. Gartner 1 predicted that by year-end 2007, 80 percent of Fortune 1000 enterprises will encrypt most critical "data at rest," including data at rest (stored) in mobile devices. Information previously secured within the physical confines of corporate networks is now unsecured, untethered, and mobile. CREDANT Mobile Guardian (CMG) Enterprise Edition helps organizations regain control of their sensitive data, regardless of where it resides. This mobile data security solution provides centrally managed, policy based security for a broad range of mobile devices. The CMG solution was developed using industry standards to provide the security, flexibility, compatibility and scalability needed to meet a wide variety of mobile enterprise data security requirements. CREDANT Mobile Guardian is the only enterprise scale security solution to protect all mobile data with enforced security that follows the data across all endpoints. CREDANT MOBILE GUARDIAN ARCHITECTURE: INTEGRATED SOLUTION FOR EASY DEPLOYMENT The CREDANT Mobile Guardian (CMG) Enterprise Edition integrated components interoperate seamlessly, allowing for easy deployment (Figure 1). Through a single management interface, administrators can control and secure a broad range of mobile device platforms external media; Microsoft Windows-based desktop, tablet and notebook PCs; Windows Mobile devices; Palm-, RIM-, and Symbian-based smart phones and PDAs and any sensitive data that resides on them. 1 Gartner, Recommendations for Infrastructure Protection, 2006, G , Ray Wagner, Peter Firstbrook, Neil MacDonald, Vic Wheatman, John Girard, Avivah Litan, Rich Mogull, Amrit T. Williams, Lawrence Orans, John Pescatore, Mark Nicollett, Jay Heiser, Paul Proctor, Greg Young, p.5, February 10,

4 Figure 1. CREDANT Mobile Guardian Architecture CMG Enterprise Server integrates with enterprise directories to provide a central, web-based interface for security policy definition and management, real-time mobile device inventory, and continuous reporting of mobile device security status for policy compliance. CMG Policy Proxy resides on corporate network or DMZ to provide secure distribution of policies and policy updates from the CMG Enterprise Server to the CMG Shield. It also collects device inventory and reports it back to the CMG server for auditing and reporting. CMG Shield resides on mobile devices and external media to enforce mobile security policies even if the device is disconnected from the network. It enforces strong authentication, Policy-based Intelligent Encryption, and device and end-user controls. CMG Local Gatekeeper resides on desktops and notebooks to automatically detect, protect and control mobile devices that synchronize locally to the PC. It provides secure, distributed communications between CMG Shield and CMG Enterprise Server for transparent delivery and management of policy and software updates. (Optional) CMG Over-the-Air (OTA) Sync Control enhances Microsoft Exchange ActiveSync to enforce Shielding before allowing handhelds to synchronize , contacts and other corporate data wirelessly with Exchange. CMG Enterprise Edition is configurable to address a wide range of mobile data security needs, and its flexible deployment options fit unique enterprise environments without disrupting networks or detracting from the user experience. 4

5 CREDANT MOBILE GUARDIAN ENTERPRISE SERVER The CREDANT Mobile Guardian Enterprise Server is a modularized, web-based application that provides a variety of benefits including: A single, secure administration interface to manage security across disparate mobile devices Default security policies that can be easily adjusted to align mobile data security to the type of user, device and location. Automated and transparent archiving of encryption keys to enable Day Zero data recovery Read-only integration with enterprise LDAP directories to enable global, group, or individual user level security policies Inventory management and reporting Self-service and administrator assisted device recovery in case of authentication failure Enterprise database integration for a scalable and reliable solution Flexibility for Different Enterprise Environments CREDANT Technologies believes that security solutions should be flexible enough to fit a variety of enterprise environments, thus minimizing the impact on IT and end users. Through the CMG interface, security administrators can monitor the real time state of mobile device discovery and policy compliance. Default global policies, based on security best practices, help enterprises begin securing their mobile data quickly. A common policy editor across all mobile devices significantly reduces the learning curve to ensure lower implementation costs. Five Administrator roles provide separation of administrative duties, further protecting the enterprise with a solution that s flexible enough to fit existing IT and security procedures. Mobile device inventory management, policy management, auditing, and reporting are all supported through an ODBC compliant database to help manage regulatory compliance. The CMG Enterprise Server consists of multiple components that can be installed on a single server or distributed across multiple servers, depending on the size of your environment and your deployment needs: Enterprise Server, Web Interface, Device Server, Directory Connector, Gatekeeper Connector, Wireless Deployment Server and the optional Over-the-Air Sync Control. These components should be installed in a physically secured environment, behind a firewall within the corporate network. The CMG server must have network connectivity to the LDAP directory server, database, the CMG Policy Proxy and Local Gatekeepers, and any PCs with CMG Shield for Windows installed; however, continuous network connectivity is only required with the database. The CMG Enterprise Server components can reside on one or more dedicated servers running: Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2003 Server SP1 or SP2 (including R2) CREDANT MOBILE GUARDIAN POLICY PROXY CREDANT Mobile Guardian s Policy Proxy is a software agent that resides on systems in the corporate network or DMZ to provide a variety of benefits including: Automatic, secure distribution of mobile users security policies Trusted, scalable, reliable paths for communication between CMG components Enables Web based installation and activation of the CMG Shield Grouping options for scalability and redundancy Communicates device status and inventory to the CMG Server 5

6 The CMG Policy Proxy distributes policy updates to Windows notebooks, desktops, and handheld devices that do not synchronize to a PC. The Policy Proxy helps organizations manage security policies for Windows, Pocket PC, Smartphone, BlackBerry, and Symbian devices. Deploying Policy Proxies in groups allows devices to get policy from any Policy Proxy in the group for reliable policy updates even in case of network outages or hardware failure. The CMG Policy Proxy also collects device inventory and reports this back to the CMG Enterprise Server for auditing and reporting. The CMG Policy Proxy software runs on: Microsoft Windows 2000 Professional SP4 Microsoft Windows XP Professional SP1 or SP2 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2003 Server SP1 or SP2 (including R2) CREDANT MOBILE GUARDIAN LOCAL GATEKEEPER CREDANT Mobile Guardian Local Gatekeeper is a software agent that resides on desktops and notebook computers to provide a variety of benefits including: Automatic discovery and reporting of handheld mobile devices Enforcement of supported and unsupported mobile device lists Policy based installation of the CMG Shield software on diverse mobile devices Automatic, secure distribution of handheld mobile users security policies and encryption keys Control over which PCs a mobile device can synchronize to Trusted, scalable, reliable paths for communication between CMG components The Local Gatekeeper is the key to gaining control of your mobile device population and reducing the leakage of sensitive corporate data without your knowledge. The Local Gatekeeper can automatically detect synchronization software and identify the type of PDA or Smartphone being used. When deployed in report only mode, it can silently gather extensive mobile device inventory information without the end user s knowledge. Once collected, this inventory is passed to the CMG Enterprise Server for auditing and reporting. The Local Gatekeeper eliminates the need for IT to manually provision mobile devices by automating the distribution of CMG Shield and a mobile user's security policies and encryption keys. The Local Gatekeeper also enforces mutual authentication between the mobile device and the companion PC, reducing the risk of unauthorized access to business information. This mutual authentication can ensure that the mobile device only synchronizes to protected, corporate systems a critical feature for organizations trying to keep their sensitive data on devices they can secure and control. The Local Gatekeeper works with a variety of 3 rd party synchronization applications, including Sony Ericsson PC Suite, Palm HotSync, Microsoft ActiveSync, and other compatible products. The Local Gatekeeper installation can be automated via scripts, batch files or industry standard software distribution tools such as SMS and Tivoli. It runs on any desktop, notebook or tablet PC running: Microsoft Windows 2000 SP4 Microsoft Windows XP Professional SP1 or SP2 Microsoft Windows XP Tablet PC Edition SP2 6

7 The CMG Local Gatekeeper can be configured to operate in one of three modes to accommodate security, phased deployment, internal billing, or chargeback requirements for PDAs and smart phones. Report Only mode The CMG Local Gatekeeper does not prevent a user from synchronizing, but reports the presence of synchronization software on the companion PC, the synchronization software version, and the models and the operating systems of all devices that synchronize with the companion PC. In this mode the user is completely unaware of any action by CMG, while organizations gather the information they need to understand how many devices are carrying their sensitive corporate data outside the organization. Report and Disable mode The CMG Local Gatekeeper blocks the use of synchronization software on the companion PC and does not allow any device to synchronize. This mode also reports information detailed in the Report Only mode when a user attempts to synchronize. Auto Install mode - CMG Local Gatekeeper automatically prompts the user to Shield any unsecured mobile device that attempts to synchronize with the companion PC. If the user refuses, the device is not allowed to sync to that PC. If the user accepts, the Gatekeeper installs the CMG Shield software on the device and allows the user to synchronize. After the initial installation of CMG Shield, all subsequent policy updates are automatically pushed to the device by CMG Local Gatekeeper. The Auto Install mode also reports information detailed in the Report Only mode each time a user synchronizes a device to the PC. The CMG Local Gatekeeper can also be configured to communicate with the CMG Shield, with the exception of BlackBerry devices that are managed by the CMG Policy Proxy, in either a one-to-many or many-to-many arrangement. The one-to-many configuration ensures that each occurrence of CMG Local Gatekeeper can only communicate with specific occurrences of CMG Shield. This supports situations where a single mobile user with one or more mobile devices can synchronize with only one specific CMG enabled companion PC. The many-to-many configuration ensures that any occurrence of CMG Shield can communicate with any occurrence of CMG Local Gatekeeper as defined by the administrator. This configuration supports implementations such as distribution facilities and hospitals where multiple mobile users need to synchronize with multiple, geographically dispersed workstations. CREDANT MOBILE GUARDIAN SHIELD CREDANT Mobile Guardian Shield is the on-device component that enforces security policies whether a mobile device is connected to the network or not, to protect the device and its external media, even if they are lost or stolen. The Shield supports a variety of platforms and helps organizations extend their trusted environment to ensure protection of sensitive mobile data. CMG Shield is tightly integrated with the mobile device operating system to provide consistently enforced access control, encryption and authorization. CMG Shields communicate with CMG Enterprise Server via either CMG Local Gatekeeper or CMG Policy Proxy, depending on how CMG Shield is configured during installation. For organizations that support a combination of over-the-air and local PC synchronization, CMG Local Gatekeepers and the CMG Policy Proxy can be combined to enable simple CMG Shield deployment and policy updates for both types of synchronization. 7

8 CMG Shield for Notebooks, Tablet PCs or Desktops, and External Media CREDANT Mobile Guardian Shield for Windows-based devices provides a variety of benefits including: Policy-based Intelligent Encryption protects critical data anywhere on the disk or on removable media to help your organization ensure compliance with government legislation On-device mobile security policy enforcement (works in both connected or disconnected mode) Integration with Cisco NAC protects against enterprise threats on two different fronts: the mobile platform and the network. GINA replacement option that can be enabled or disabled for superior flexibility, interoperability with the Windows login, and transparency for the user FIPS validated encryption algorithms Restrict the use of external storage devices or allow an authenticated user to securely place files onto the external device for storage or transfer of the data Automatically and transparently encrypt any data as it is written to external media; allow the user to transfer encrypted external media data to a computer not protected by CMG, and still be able to securely read and write encrypted data to the external media Flexible and secure recovery of encrypted data Self service PIN/password reset to reduce the helpdesk burden Seamless, standards-based integration with multi-factor authentication technologies like RSA, biometrics, and smartcards Administrator assisted recovery to restore access to the device in case of forgotten authentication credentials, even when disconnected from the corporate network Automatic fail-safe actions if the device is lost or stolen CMG Shield has been tested with a wide range of notebooks and tablets from many manufacturers, including HP, Dell, IBM, Toshiba and others. CMG Shield for Windows is compatible with systems running: Microsoft Windows 2000 SP4 Microsoft Windows XP Professional SP1 or SP2 Microsoft Windows XP Tablet PC Edition SP2 CMG Shield for PDAs, Smartphones and External Media CREDANT Mobile Guardian Shield for PDAs and Smartphones, and their external media, provides a variety of benefits including: Policy-based Intelligent Encryption protects critical data anywhere on the disk or on removable media to help your organization ensure compliance with government legislation On-device mobile security policy enforcement (works in both connected or disconnected mode) Enforced mandatory access control, including support for biometric two-factor authentication 8

9 Restrict the use of external storage devices or allow an authenticated user to securely place files onto the external device for storage or transfer of the data Automatically and transparently encrypt any data as it is written to external media; allow the user to transfer encrypted external media data to a computer not protected by CMG, and still be able to securely read and write encrypted data to the external media. FIPS validated encryption algorithms for Palm, PPC and Smartphone Self service PIN/password reset to reduce the helpdesk burden Administrator assisted recovery to restore access in case of forgotten authentication credentials, even when disconnected Automatic fail-safe actions if the device is lost or stolen Automatic, transparent mutual authentication between the mobile device and the companion PC to control leakage of your data from your corporate network Device application remains always on and user remains always authenticated if a trusted Bluetooth device (Headset, GPS unit, even the car itself) within range. Policy options to restrict application access and use (allows for white list and black list control) Centrally managed control of infrared port, Bluetooth, camera and microphone function and network connectivity Allows organizations to take full advantage of Microsoft Security Features Pack (MSFP) and Exchange ActiveSync for Windows Mobile 5 devices CMG Shield for PDAs, Smartphones and External Media offers a variety of options to secure access to these mobile devices, including PIN, Password, and Question/Answer authentication. Administrators can set policy around how many attempts users are allowed before they fail over from one authentication method to the next. Flexible policies offer a balance between security and user comfort via a variety of options that enforce length and type of characters required in the credentials as well as control over history and aging of credentials. The self service PIN/Password/Question and Answer reset lets you define multiple types of authentication so users can reset their own forgotten authentication credentials without having to call the helpdesk. If the user fails all authentication options, they can call the helpdesk for secure, remote recovery. Fail safe actions like incremental cool down, deletion of encrypted data or hard reset can be set in case all four authentication options are failed. A wide range of synchronization mechanisms are supported, including USB, serial, infrared (IR) and network, as well as 3 rd party network-based synchronization and management solutions. CMG Shield has been tested with a wide range of mobile devices from many manufacturers. CMG Shield for PDAs, Pocket PCs and Smartphones is compatible with: Palm OS 5.x Windows Mobile 2003 Pocket PC and Smartphone Windows Mobile 5.0 Pocket PC and Smartphone Windows Mobile 6.0 Pocket PC and Smartphone RIM Java OS 4.0 BlackBerry devices Symbian OS 7.x devices (Nokia Series 80) CMG External Media Shield (USB sticks, ipods/mp3 players, memory cards, compact flash drives) is compatible with portable storage devices accessing data from: Microsoft Windows 2000 Professional Microsoft Windows XP (32-bit) Professional, Home, Media Center and Tablet PC 9

10 OPTIONAL OVER-THE-AIR (OTA) SYNC CONTROL FOR PDAS, SMART PHONES CREDANT Mobile Guardian s Over-The-Air (OTA) Sync Control feature for Microsoft Exchange Server enables organizations to detect any Windows Mobile, Palm and Symbian device that attempts connection via Exchange Active Sync (EAS) and blocks the connection if the device does not have CMG Shield installed. Once CMG detects the installed Shield on the device, the device is allowed to synchronize e- mail, contacts, etc. Synchronization can also be restricted by user or device type. This optional addition to the CMG standard architecture also integrates with the Microsoft Security Feature Pack (MSFP) so that organizations can take full advantage of push to all Windows Mobile 5 devices protected by MSFP. NEGLIGIBLE NETWORK IMPACT OF CMG INSTALLATION Communication between the CMG system components has negligible impact on network traffic and bandwidth. For example, each policy package communication from the CMG Enterprise Server to the CMG Local Gatekeeper and Policy Proxy is typically less than 10KB in size much less than opening an average browser page on the Internet. From an initial installation perspective, the CMG Local Gatekeeper install and the CMG Shield for Windows install are each approximately 7MB, so impact is minimal, even if installed via logon scripts over the network. The CMG Shield for PDAs and Smartphones is generally downloaded and deployed locally by the companion PC s CMG Local Gatekeeper so there is virtually no impact to the network when it is installed. CMG FUNCTIONALITY CREDANT Mobile Guardian Enterprise Edition was designed as a standards based management system with an integrated web interface to ensure portability and reliability. The CMG Enterprise Server s core functions are security policy management, key management, inventory management, access control management, directory management, audit and reporting. These functions are implemented with industry standards including XML, SOAP, SSL, LDAP, JDBC, SQL and Java. All CMG Enterprise Server components can reside on a single dedicated hardware server, though most production deployments require a minimum of two servers. As organizations grow, the core functions can be distributed across multiple hardware servers, resulting in a highly scalable, flexible and well balanced solution that addresses a wide range of configuration requirements and preferences. ENTERPRISE DIRECTORY INTEGRATION CREDANT Mobile Guardian integrates quickly and easily with enterprise LDAP v3 compliant directories. A variety of directories are supported, including Microsoft Active Directory, Sun ONE Directory Server, and Novell edirectory. The CMG Enterprise Server can use LDAP or LDAPS v3 to communicate with the directory via a read only user account. Users, groups and the relationships between them are imported and stored in the enterprise database so security policies can be applied at the global, group, or individual user level (Figure 2). LDAP username and password information is used by CMG for administrator authentication, first time mobile user authentication and device activation, but CMG never stores the user s authentication credentials. 10

11 Figure 2. CREDANT Directory Browser (Group View) The CMG Enterprise Server requires read only access to the directory so there s no risk to your directory schema. Directory synchronization can be scheduled and automated, thus ensuring that security policies are built on the most current organizational structure without any manual action by the CMG administrator. When companies make changes to their directory structure or personnel, CMG automatically captures the modifications and makes the appropriate changes to ensure that security policies are always consistent with user and group roles. The CMG Server leverages LDAP integration to allow organizations to use already established organizational structures to manage mobile data security policies to speed mobile data security implementation and reduce ongoing maintenance. ENTERPRISE DATABASE INTEGRATION CMG uses an ODBC compliant relational database management system as its repository for mobile security infrastructure and attribute information. The database can be backed up and queried using industry standard tools and techniques for reliability and recoverability. The CMG database can reside in an existing database or database instance, or customers can choose a CMG installation package that includes Microsoft SQL Server 2005 Express Edition. Supported databases include: Microsoft SQL Server 2000 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition BROWSER-BASED CENTRALIZED ADMINISTRATION Using Internet Explorer 6.0 and above, CMG s browser based administrator interface lets administrators securely manage their mobile data security from any system with a web browser and network access to the CMG Enterprise Server. Administrators log in to the SSL secured CMG Enterprise Server Web UI with their standard LDAP directory username and password. In a Windows networking environment, this is the Windows domain login. 11

12 SEPARATION OF ADMINISTRATIVE DUTIES CREDANT understands that organizations have different requirements for differing administrative duties. To support these varied needs, CMG provides five flexible administrator roles that can be assigned in any combination to any valid user. Users assigned one or more administrative roles, or types, log in to the CMG web interface with their standard LDAP credentials so they don t have to remember another username and password or create and maintain a separate set of CMG-specific usernames and passwords. The CMG server authenticates administrators against the organizations existing LDAP server or domain controller when they access the management interface to ensure secure access at all times, even when the user is outside the corporate network. CREDANT suggests having only one overseeing administrator, which is a user who has been assigned all five administrative roles (Figure 3). Multiple CMG administrators can be logged in concurrently with the exception of an overseeing administrator, of which only one can be logged in at a time. CMG Administrator roles and responsibilities are as follows: Security Administrators can search for and view users and groups and change and publish mobile data security policies. Users assigned this role can also access the remote device recovery system to help shielded users regain access to their mobile devices in case they fail their PIN, password, and Question/Answer authentication. System Administrators can search for and view users, groups, Gatekeepers and mobile devices. Users assigned this role can also synchronize the CMG Enterprise Server with the LDAP directory, work with Server tools, approve Gatekeeper messages, and view device support status. Help Desk Administrators can search for and view users, groups, Gatekeepers and mobile devices. Users assigned this role can also access the remote device recovery system to help shielded users regain access to their mobile devices in case they fail their PIN, password, and Question/Answer authentication. Account Administrators can view and search for users and groups and manage CMG administrator roles. Log Administrators can only work with CMG audit logs. 12

13 Figure 3. CREDANT Mobile Guardian Administrative Roles AUDIT LOGS AND REPORTING CMG s powerful security assessment tool allows properly authorized administrators to search logs based on a variety of criteria, including priority, date, time, user ID and machine name. Administrators access the CMG Enterprise Server via a web browser to see their LDAP and mobile security infrastructures combined into a single view. In addition, they can view information and create reports on mobile device inventory and CMG policies and infrastructure. This enterprise-wide view of mobile device security helps simplify device security management and compliance. CMG provides robust audit logs that track administrator activity and system events. CMG audit logs are stored in the CMG Enterprise Server database so administrators can view the information from the CMG interface or create custom reports using a variety of reporting tools already in use by the organization. To ensure traceability and accountability, the time, date and user responsible for the following actions are available in the Administrative Actions logs (Figure 4): Logging in to and logging out of the CMG interface Adding, changing, or deleting administrators Retrieving system logs Directory synchronization activity Changing and publishing mobile data security policies System logs include: All calls to run a service, such as contact with a Gatekeeper Inventory updates Database synchronization. 13

14 Figure 4. Administrator Action Logs MOBILE DEVICE INVENTORY MANAGEMENT The CMG Enterprise Server, the CMG Policy Proxy and CMG Local Gatekeepers work together to track and maintain mobile device inventories so that organizations can see how many and what types of devices are connecting to their networks. Installed on a PC, the CMG Local Gatekeeper is aware of synchronization software and CMG Shield installations. It gathers a wide range of information about the Shielded Windows PCs, and the Shielded PDAs and smart phones associated with each PC. Inventory is updated every time the PDA or smart phone synchronizes with the companion PC or when a user logs into a Windows account protected by CMG Shield for Windows. CMG Local Gatekeeper then securely sends the inventory information to the CMG Enterprise Server for further reporting. Inventory information from any CMG protected Blackberry, Pocket PC, smart phone, and Windows Notebooks, Tablets, or Desktops that use the CMG Policy Proxy for policy updates is also securely sent to the CMG Enterprise Server. Device inventory includes detail about installed CMG components as well as device hardware, firmware, software, and protected users. As shown in Figure 5, inventory detail provides a wide range of useful information on your mobile device population like the host name, IP address, last poll time, mobile user ID, device type, Operating System (OS), and OS version. Specific device inventory information including available memory, total memory, and battery life (if applicable) is also collected. 14

15 Figure 5. Mobile Device Inventory Details (Windows System) SECURITY POLICY DISTRIBUTION CMG supports many types of security policies to protect your mobile data, including CMG Local Gatekeeper monitoring and installation that help you gain control over your mobile device environment. CMG s mobile security policies define the on-device access control, encryption and authorization rules as well as the CMG Local Gatekeeper monitoring policies. CMG administrators specify the security policies via the administrative interface of the CMG Enterprise Server. Structural changes or security policy updates can easily be made by simply having an authorized security administrator select the group, role or individual from the CMG Enterprise Server console, change the policies and publish them. No special user or administrative activity is required to ensure that policy updates are enforced on devices protected by the CMG Shield. The policies are then encrypted and stored, awaiting the next polling request. Upon the next polling interval, the encrypted policy updates are retrieved by the CMG Local Gatekeeper or CMG Policy Proxy, where they are stored in encrypted bundle until the next mobile device synchronization request. The next time the user authenticates and synchronizes the mobile device, the CMG Shield checks the Gatekeeper or Policy Proxy for policy updates. If updates exist, the CMG Shield retrieves, decrypts, verifies data integrity and applies the new policies to the mobile device. CMG uses SSL (HTTPS) to secure communications between the CMG Enterprise Server and the CMG Local Gatekeeper and Policy Proxy. The CMG Enterprise Server and these two components work together to automatically and securely deliver encryption keys and mobile security policies to the CMG Shield running on the mobile device. The encryption keys and mobile security policies are always encrypted by the CMG Enterprise Server for a specific CMG Shield and are transmitted in an encrypted format. The CMG Local Gatekeeper and CMG Policy Proxy never have access to the encryption keys and so are unable to decrypt the security policy files. Only a properly authenticated CMG Shield has access to this information. 15

16 OVER-THE-AIR POLICY UPDATES FOR POCKET PC, SMARTPHONE CREDANT s over the air (OTA) option allows organizations to protect their mobile devices even if they never or rarely cradle sync to a PC. Once the CMG Shield is installed on a device, policy updates can be sent OTA, a process that begins just as it does for passing policies via cradle sync, with the CMG administrator modifying mobile device security policy and publishing those changes on the CMG Server. Figure 6 shows a typical OTA configuration, although there are other configuration options available to ensure a solution that fits virtually any enterprise environment. During regularly scheduled polling intervals the CMG Policy Proxy checks for policy updates that apply to devices it manages and pulls them down, as encrypted bundles, from the CMG Server. The CMG Shield automatically polls CMG Policy Proxy for policy updates at configurable intervals. If policy updates are available, the CMG Shield automatically retrieves policy updates and applies them to the device to ensure that security policy is always up to date and properly enforced. Policy Updates CredActivate Communications External Firewall Internet DMZ Intranet CredActivate Client Mobile Mobile Device Device Remote Gatekeeper Windows or or Server Server XServer Internal Firewall Active Active Directory Server Server Server Communications CMG CMG Enterprise Server Server Figure 6. Typical CMG Enterprise Edition OTA Configuration USER AUTHENTICATION The CREDANT Mobile Guardian Shield for Windows supports the native Microsoft GINA and also provides an optional GINA replacement. In either scenario the CREDANT Mobile Guardian Shield integrates with the existing Windows login mechanism. It allows the user to have a single password for logging into Windows and for unlocking access to encrypted information protected by CMG Shield. Challenge/response parameters are established to reduce user logins and provide administrator assisted device recovery, even when the PC is disconnected from the network, ensuring that traveling employees can always gain access to their PC. For more details on the CMG Shield Access Control Policies for Windows devices, including the CMG GINA replacement option, refer to the CMG Enterprise Edition for Windows Devices whitepaper. When installed across disparate mobile devices, such as PDAs and smart phones, CREDANT Mobile Guardian enables organizations to enforce multiple levels of mandatory access control including PIN, password, and question/answer authentication. Rules governing the number of minutes a device can be idle before automatic lock down and challenge/response parameters are also established to reduce user 16

17 logins and provide secure, remote administrator-assisted device recovery. CMG also enforces a range of automated, fail-safe actions to protect PDA data, regardless of whether the device is connected to or disconnected from the corporate network. For phone enabled devices, CMG Shield allows users to make and receive phone calls without having to authenticate beforehand. PIN and Password - CMG supports flexible PIN and password security parameters that address factors like whether these credentials are required, when they are required and the number of authentication attempts allowed. CMG s policies also include settings that control the number of characters required, case sensitivity, and mixed character usage (alpha, numeric, and special) and use of sequential numbers. In addition, CMG lets administrators control timing and history rules such as the amount of time a pin/password is valid, the number of previous values the user will not be allowed to reuse, and the number of days that a user is not allowed to reuse a previous value. Questions and Answer Authentication - End users who are new to security may frequently forget PINs and passwords, resulting in large numbers of unproductive credential reset calls to help desk. CMG s self service reset policies allow an authenticated mobile user to reset their own PIN or password based on a question they are automatically prompted to answer if they enter their PIN and password incorrectly. The questions can be created by an administrator as part of the policy settings or by the mobile user. The questions and answers are then encrypted and stored locally on the mobile device. CMG administrators can control policy settings such as the number of characters required in the answer, the number of allowed question/answer attempts, and whether to force a mandatory question/answer reset upon the next login. Auto-lock Timers - CMG s auto-lock timer policies determine the number of minutes a device can be idle or powered off before CMG Shield automatically locks down the device. In order for the mobile user to begin work without re-authenticating, the user must deactivate and re-activate the device using the power button within a specified time period. CMG can also be configured to re-authenticate after every power off. These policies allow an organization to balance security with ease of use by not forcing a user to re-authenticate every time they use the device. Secure, Remote Access Recovery - CMG s secure remote access recovery policy allows authorized CMG administrators manually authenticate and restore access to a device that has been locked because the user failed the PIN, password, and Question/Answer authentication options. This also allows recovery of encrypted data in the event an employee leaves the company or is unsuccessful in gaining access. CMG s access policies provide a challenge and response mechanism to recover access to mobile devices. Fail-Safe Actions - CMG also enforces a range of automated, fail-safe actions to protect PDA and external media data, regardless of whether the device is connected to or disconnected from the corporate network. CMG s access recovery policies define the number of unsuccessful access attempts allowed before it automatically invokes fail-safe actions. Fail-safe actions can include locking out the user for a specified cool down period, deleting encrypted data from the device or performing a hard reset to remove all data and applications. MULTI-FACTOR AUTHENTICATION SUPPORT Unlike competitive host encryption products that force pre-boot authentication and require special integration with an SDK to support multi-factor authentication, CREDANT Mobile Guardian works within the authentication framework provided by Microsoft Windows and the PKCS #11 Cryptographic Token Interface Standard. CREDANT Mobile Guardian uses a patent-pending authentication method to integrate with the strong authentication mechanisms supported by these standards. This approach provides immediate interoperability with any strong authentication system that works within the Microsoft Windows or PKCS #11 standards (Biometric, Smartcard, RSA, or whatever else is invented) and requires 17

18 the end user to sign in only once. After the user successfully authenticates using the strong authentication mechanism of choice, they have immediate access to all encrypted data on the disk. There is no requirement to sign-in again to the CMG Shield. Because the CMG Shield works with Windows, customers and 3 rd parties do not have to develop new versions of their products with special SDKs (like other host encryption products). Integration with the CMG Shield is immediate. CREDANT customers have leveraged this technology to provide out-of-the-box integration with RSA SecurID for Windows, IBM Biometric authentication, and Axalto smartcards. In all cases, the customer is able to utilize their existing authentication framework and simply add the CMG Shield into the mix to provide total data protection through encryption. The end user will not notice any changes in the authentication process. SELF-SERVICE PIN/PASSWORD RESET AND REMOTE DEVICE RECOVERY CREDANT customers have reported significant savings in time and money thanks to the self-service PIN/Password reset and remote administrator assisted recovery options. A tedious process that negatively impacts productivity, resetting of devices in-house can now be accomplished by the end-user in seconds with CMG s self-service PIN/Password reset a set of pre-established, security questions and answers no call to the help desk required (Figure 7). If authentication is successful, the user is asked to reset the PIN and/or password without requiring Help Desk involvement. Figure 7. Self-Service PIN/Password Recovery for Smart Phone If the end user fails CMG s Question and Answer authentication (Figure 8), a simple phone call to the help desk and quick validation by the administrator, and the user receive a new access code to unlock the device. Once the device is unlocked, the user is prompted to reset their password/pin via questions and answers so they can continue to access their device securely. This remote, administrator assisted challenge and recovery mechanism is much easier and more cost-effective than requiring the device to be manually unlocked, reset and redeployed at the office. Remote helpdesk recovery is also available for removable media. 18

19 Figure 8. Remote Helpdesk Device Recovery POLICY-BASED INTELLIGENT ENCRYPTION Unlike older encryption point products, CREDANT s patent-pending Policy-based Intelligent Encryption, with a multi-layered defense approach, provides critical business controls that ensure data is always within compliance. Data files are encrypted and decrypted transparently so there s no change in how users work. CREDANT s on-the-fly process decrypts files as they are accessed so data always remains encrypted on the drive and is only decrypted in memory, when in use. FOUR LAYERS OF DEFENSE CREDANT s defense-in-depth, or four layers of defense, Intelligent Encryption strategy extends compliance controls to mobile endpoints by ensuring that data-at-rest is protected at all times. CREDANT s unique layered approach not only provides a comprehensive data protection solution, but it also fits nicely into a phased security implementation. This can be especially helpful for enterprises that prefer to roll out security slowly or for those who have different security policy requirements by user role or department. 1. The first layer of defense applies to the volume level, enabling organizations to set policies that force the encryption of any data generated by the end user and written to any volume on the drive while eliminating the need to encrypt the operating system. Sensitive data is encrypted no matter where it resides on the local hard drive. 2. The second layer of defense, File type encryption (Common & User level), automatically encrypts previously created and new files of a specified type (or multiple types) regardless of where they are stored on the hard drive. This layer is primarily configured to ensure that all application independent files such as.ini,.temp,.txt,.html, etc. are encrypted. When implemented via Common encryption policies, any authorized user can access these files once they are logged into the system. When implemented via User encryption policies, only the data owner can access these files. 19

20 3. The third layer of defense applies to application data, enabling organizations to set policies that force the encryption of any data written by heavily-used business applications to protect against user error or malicious renaming of a file type that would leave data exposed. This patent pending technology applies to any application that handles sensitive data without requiring any modification to the application code base. Administrators simply define a list of application executables in security policy and the CMG Shield automatically monitors for any files created by these applications and saved to disk. Independent of the application, the CMG Shield automatically encrypts the data as it is written to disk. 4. The fourth layer of defense applies to the user level, enabling organizations to set policies that force the encryption of data for individual users who share a notebook computer or workstation. The administrator can also specify common encrypted locations that are accessible to all authorized users on the machine. This allows administrators to enforce the protection of shared, sensitive data and ensures that the data can be accessed by multiple authorized users on the same machine while user specific data remains protected. Local administrators never have access to encrypted data so IT can manage systems without exposing sensitive data. Because mobile device operating systems differ across varying device platforms, there are some functional differences in how CREDANT Policy-based Intelligent Encryption technology operates, as described below. Windows Desktops, Notebooks and Tablet PCs CREDANT Intelligent Encryption technology for Windows-based devices fills the security gaps left by file-folder based encryption products and avoids the management, data recovery, security and productivity issues associated with full, or hard disk encryption methods. The CMG Shield for Windows provides a single security policy that defines any/all of the five levels of encryption, both user and shared information, and allows all the data files to be encrypted automatically, wherever the data files are saved on the disk, and whatever their name. Shared data can be encrypted and shared between multiple users on a machine, or encrypted for an individual user. The CMG Shield utilizes two separate encryption keys to accomplish this flexibility: a common encryption key and user encryption key. Temporary and Windows Paging, or Swap, files are also automatically encrypted. The Windows password hash is stored securely in an encrypted location, dramatically improving the security of the Windows password mechanism and ensuring that the encrypted information stored on the PC cannot be compromised. Windows Mobile Pocket PCs These devices come with built in Calendar, Contacts, Inbox/Mail, and Tasks, also known as Personal Information Management (PIM) applications. CMG can be configured to encrypt any or all PIM databases, third party application databases, attachments, media files, and information stored in My Documents. CMG Shield for Pocket PC also allows the administrator to create a secured folder on the device or on removable media. When the mobile user turns on the device and authenticates to CMG Shield, none of the data is decrypted. When the user requests a specific database or file, the CMG Shield decrypts that information on-the-fly so information remains encrypted at all times, except when actually in use by an authorized user. 20

21 Windows Mobile Smart Phones CMG can be configured to encrypt any or all PIM databases as well as third party application databases and attachments. When the mobile user turns on the device and authenticates to CMG Shield, none of the data is decrypted. The CMG Shield decrypts that information on the fly so information remains encrypted at all times, except when actually in use by an authorized user. Palm OS Devices For Palm devices, where all files are stored in databases, CMG supports administrator definable policies that encrypt and decrypt each database independently as access is requested. The CMG administrator specifies which databases will be encrypted. When the mobile user turns on the device and authenticates to CMG Shield, none of the databases are decrypted. When the user requests a specific database (e.g. hits his Notes or Calendar icon), CMG Shield decrypts that specific database on the fly - incrementally on a record by record basis as needed so data is only decrypted while in use by an authorized user. Symbian Smartphones CMG can be configured to encrypt the calendar, contacts and tasks databases for these devices. When the mobile user turns on the device and authenticates to CMG Shield, none of the data is decrypted. When the user requests a specific database or file, the CMG Shield decrypts that information on the fly so information remains encrypted at all times, except when actually in use by an authorized user. RIM OS Devices CMG can be configured to encrypt any or all PIM databases for RIM Blackberry devices. Encryption for these databases only occurs the user fails to enter the correct authentication credentials. External Media When the administrator enables CMG External Media Shield for a user, the system places the EMS client on to every piece of removable media inserted into a CMG-protected computer or handheld device. An installer is also copied to the media, allowing the user to work with encrypted external media data from another computer not protected by CMG, and still be able to securely read and write encrypted data to the external media. FIPS VALIDATION CMG supports a variety of industry standard encryption algorithms including AES 128, AES 256, 3DES, Blowfish and Lite so organizations can balance security and performance. CREDANT has achieved FIPS Level 1 validation for the CREDANT Cryptographic Kernel (CCK). The same CCK is used across all CREDANT supported platforms by the CMG Shield. The CREDANT implementation of the AES, 3DES, SHA-1, HMAC-SHA-1, and RNG algorithms are all FIPS approved. The certificate is available online at ENCRYPTED DATA RECOVERY One of the challenges with any type of data security solution is how to recover data if the encryption keys are lost. The simple answer is that if the keys are lost, then the data is lost too. It is therefore imperative that every precaution is taken to securely archive and protect the keys. AUTOMATIC KEY ESCROW FOR IMMEDIATE RECOVERY Unlike competitive products, CREDANT s key escrow process is completely automated and transparent. All encryption keys are generated and securely archived by the CMG Enterprise Server before being passed down to the device, thereby ensuring that they can never be lost. Other solutions generate the 21

Mobile Data Security Essentials for Your Changing, Growing Workforce

Mobile Data Security Essentials for Your Changing, Growing Workforce Mobile Data Security Essentials for Your Changing, Growing Workforce White Paper February 2007 CREDANT Technologies Security Solutions White Paper YOUR DYNAMIC MOBILE ENVIRONMENT As the number and diversity

More information

For Managing Central Deployment, Policy Management, Hot Revocation, Audit Facilities, and Safe Central Recovery.

For Managing Central Deployment, Policy Management, Hot Revocation, Audit Facilities, and Safe Central Recovery. Investment and Governance Division 614.995.9928 tel Ted Strickland, Governor 30 East Broad Street, 39 th Floor 614.644.9152 fax R. Steve Edmonson, Director / State Chief Information Officer Columbus, Ohio

More information

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise

More information

CREDANT Encryption Solutions Overview

CREDANT Encryption Solutions Overview CREDANT Encryption Solutions Overview WWW.CREDANT.COM Introduction.......................................................... 4 CREDANT Solutions Overview.................................. 5 Architecture.....................................................

More information

Centralized Self-service Password Reset: From the Web and Windows Desktop

Centralized Self-service Password Reset: From the Web and Windows Desktop Centralized Self-service Password Reset: From the Web and Windows Desktop Self-service Password Reset Layer v.3.2-007 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200

More information

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

The Encryption Anywhere Data Protection Platform

The Encryption Anywhere Data Protection Platform The Encryption Anywhere Data Protection Platform A Technical White Paper 5 December 2005 475 Brannan Street, Suite 400, San Francisco CA 94107-5421 800-440-0419 415-683-2200 Fax 415-683-2349 For more information,

More information

etoken TMS (Token Management System) Frequently Asked Questions

etoken TMS (Token Management System) Frequently Asked Questions etoken TMS (Token Management System) Frequently Asked Questions Make your strong authentication solution a reality with etoken TMS (Token Management System). etoken TMS provides you with full solution

More information

Feature and Technical

Feature and Technical BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Feature and Technical Overview Published: 2013-11-07 SWD-20131107160132924 Contents 1 Document revision history...6 2 What's

More information

Kaseya IT Automation Framework

Kaseya IT Automation Framework Kaseya Kaseya IT Automation Framework An Integrated solution designed for reducing complexity while increasing productivity for IT Professionals and Managed Service Providers. The powerful, web-based automation

More information

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions Password Management Buyer s Guide FastPass Password Manager V 3.3 Enterprise & Service Provider Editions FastPassCorp 2010 FPC0 FastPassCorp 2010. Page 1 Requirements for Password Management including

More information

ipad in Business Security

ipad in Business Security ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security

More information

Management of Hardware Passwords in Think PCs.

Management of Hardware Passwords in Think PCs. Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Mobile Admin Security

Mobile Admin Security Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing

More information

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0. Administration Guide

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0. Administration Guide BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Administration Guide SWDT487521-635336-0528040852-001 Contents 1 Overview: BlackBerry Enterprise Server... 21 Getting started in your BlackBerry

More information

GoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved.

GoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved. GoldKey Software User s Manual Revision 7.12 WideBand Corporation www.goldkey.com 1 Table of Contents GoldKey Installation and Quick Start... 5 Initial Personalization... 5 Creating a Primary Secure Drive...

More information

Service Overview. Business Cloud Backup. Introduction

Service Overview. Business Cloud Backup. Introduction Service Overview Business Cloud Backup Techgate s Business Cloud Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house

More information

Innovative Secure Boot System (SBS) with a smartcard.

Innovative Secure Boot System (SBS) with a smartcard. Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable

More information

The Benefits of an Industry Standard Platform for Enterprise Sign-On

The Benefits of an Industry Standard Platform for Enterprise Sign-On white paper The Benefits of an Industry Standard Platform for Enterprise Sign-On The need for scalable solutions to the growing concerns about enterprise security and regulatory compliance can be addressed

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Service Overview CloudCare Online Backup

Service Overview CloudCare Online Backup Service Overview CloudCare Online Backup CloudCare s Online Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house

More information

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...

More information

Removable Media Best Practices

Removable Media Best Practices WHITE PAPER PART TWO Business-aligned Security Strategies and Advice WWW.CREDANT.COM Introduction In part one of this two-part white paper, we looked at the reasons that removable media has posed such

More information

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Table of Contents. Page 1 of 6 (Last updated 30 July 2015) Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational

More information

Citrix Password Manager 4.1

Citrix Password Manager 4.1 F E A T U R E S O V E R V I E W Password Manager 4.1 The access platform provides on-demand access to information, and Password Manager makes that information available with a single logon. Password Manager

More information

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012 SafeGuard Enterprise Web Helpdesk Product version: 6 Document date: February 2012 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Helpdesk

More information

and the software then detects and automates all password-related events for the employee, including:

and the software then detects and automates all password-related events for the employee, including: Reduce costs, simplify access and audit access to applications with single sign-on IBM Single Sign-On Highlights Reduce password-related helpdesk Facilitate compliance with pri- costs by lowering the vacy

More information

Server-based Password Synchronization: Managing Multiple Passwords

Server-based Password Synchronization: Managing Multiple Passwords Server-based Password Synchronization: Managing Multiple Passwords Self-service Password Reset Layer v.3.2-004 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax:

More information

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization Understanding Northwestern University s contract with Symantec Symantec Solutions for Cost Reduction & Optimization Chris Hagelin and Shane Scholes Symantec Account Manager and Symantec Sales Engineer

More information

Passlogix Sign-On Platform

Passlogix Sign-On Platform Passlogix Sign-On Platform The emerging ESSO standard deployed by leading enterprises Extends identity management to the application and authentication device level No modifications to existing infrastructure

More information

ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS

ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS Secure Remote Desktop & Application Access Mobile Device Management Mobile Content Management Mobile Email & PIM Secure Mobile Containerization

More information

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

SafeGuard Enterprise Web Helpdesk

SafeGuard Enterprise Web Helpdesk SafeGuard Enterprise Web Helpdesk Product version: 5.60 Document date: April 2011 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Help Desk

More information

Deploying iphone and ipad Security Overview

Deploying iphone and ipad Security Overview Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services

More information

www.rohos.com Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

www.rohos.com Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon Secure Windows and Mac login by USB key www.rohos.com Rohos Logon Key Secure two-factor

More information

McAfee Enterprise Mobility Management

McAfee Enterprise Mobility Management McAfee Enterprise Mobility Management Providing mobile application enablement and HIPAA security compliance Table of Contents HIPAA and ephi 3 Overview of 3 HIPAA Compliance for Remote Access 4 Table 1.

More information

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0 Flexible Identity Multi-Factor Authentication OTP software tokens guide version 1.0 Publication History Date Description Revision 2014.02.07 initial release 1.0 Copyright Orange Business Services 2 of

More information

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data The Challenge The Solution Today's employees demand mobile access to office information in order to maximize their productivity and they expect that enterprise collaboration and communication tools should

More information

Citrix MetaFrame Password Manager 2.5

Citrix MetaFrame Password Manager 2.5 F E A T U R E S O V E R V I E W Citrix MetaFrame Password Manager 2.5 Citrix access infrastructure provides on-demand access to information, and Citrix MetaFrame Password Manager makes that information

More information

Enterprise Solution for Remote Desktop Services... 2. System Administration... 3. Server Management... 4. Server Management (Continued)...

Enterprise Solution for Remote Desktop Services... 2. System Administration... 3. Server Management... 4. Server Management (Continued)... CONTENTS Enterprise Solution for Remote Desktop Services... 2 System Administration... 3 Server Management... 4 Server Management (Continued)... 5 Application Management... 6 Application Management (Continued)...

More information

RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

More information

Convenience and security

Convenience and security Convenience and security ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work and home environments.

More information

iphone in Business Security Overview

iphone in Business Security Overview iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods

More information

Fischer International Identity BUILT FOR BUSINESS YOURS. PRODUCT OVERVIEW Fischer Password Manager

Fischer International Identity BUILT FOR BUSINESS YOURS. PRODUCT OVERVIEW Fischer Password Manager Fischer International Identity BUILT FOR BUSINESS YOURS PRODUCT OVERVIEW Fischer Password Manager The Case for Password Management Managing passwords is a common challenge that is shared from the smallest

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry

GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry GO!Enterprise MDM Version 4.11.x GO!Enterprise MDM for BlackBerry 1 Table of Contents GO!Enterprise MDM for

More information

An Oracle White Paper Sep 2009. Buyer s Guide for Enterprise Single Sign On

An Oracle White Paper Sep 2009. Buyer s Guide for Enterprise Single Sign On An Oracle White Paper Sep 2009 Buyer s Guide for Enterprise Single Sign On Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and

More information

IBM Tivoli Access Manager for Enterprise Single Sign-On

IBM Tivoli Access Manager for Enterprise Single Sign-On Deliver seamless access to applications with an easy-to-deploy solution IBM Single Sign-On Highlights Help simplify the employee experience by eliminating the need to remember and manage user names and

More information

Best Practice Document Hints and Tips

Best Practice Document Hints and Tips Marshal Ltd. Date: 02/06/2007 Marshal EndPoint Security From Best Practice Document Hints and Tips Marshal Software Ltd CSL 005 Marshal EndPoint Security Best Practice (2) Privacy Control: None Version:

More information

TFS ApplicationControl White Paper

TFS ApplicationControl White Paper White Paper Transparent, Encrypted Access to Networked Applications TFS Technology www.tfstech.com Table of Contents Overview 3 User Friendliness Saves Time 3 Enhanced Security Saves Worry 3 Software Componenets

More information

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

DIGIPASS Authentication for Citrix Access Gateway VPN Connections DIGIPASS Authentication for Citrix Access Gateway VPN Connections With VASCO Digipass Pack for Citrix 2006 VASCO Data Security. All rights reserved. Page 1 of 31 Integration Guideline Disclaimer Disclaimer

More information

Firmware security features in HP Compaq business notebooks

Firmware security features in HP Compaq business notebooks HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

Managing BitLocker Encryption

Managing BitLocker Encryption Managing BitLocker Encryption WWW.CREDANT.COM Introduction Organizations are facing a data security crisis. Despite decades of investment in security, breaches of sensitive information continue to dominate

More information

McAfee Endpoint Encryption (SafeBoot) User Documentation

McAfee Endpoint Encryption (SafeBoot) User Documentation TABLE OF CONTENTS Press the CTRL key while clicking on topic to go straight to the topic in this document. I. Introduction... 1 II. Installation Process Overview... 1 III. Checking for a Valid Current

More information

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents

More information

Choosing an SSO Solution Ten Smart Questions

Choosing an SSO Solution Ten Smart Questions Choosing an SSO Solution Ten Smart Questions Looking for the best SSO solution? Asking these ten questions first can give your users the simple, secure access they need, save time and money, and improve

More information

Overview. Timeline Cloud Features and Technology

Overview. Timeline Cloud Features and Technology Overview Timeline Cloud is a backup software that creates continuous real time backups of your system and data to provide your company with a scalable, reliable and secure backup solution. Storage servers

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION Response Code: Offeror should place the appropriate letter designation in the Availability column according

More information

Bell Mobile Device Management (MDM)

Bell Mobile Device Management (MDM) Bell MDM Technical FAQs 1 Bell Mobile Device Management (MDM) Frequently Asked Questions INTRODUCTION Bell Mobile Device Management provides business customers an all in one device administration tool

More information

Advanced Configuration Steps

Advanced Configuration Steps Advanced Configuration Steps After you have downloaded a trial, you can perform the following from the Setup menu in the MaaS360 portal: Configure additional services Configure device enrollment settings

More information

Sophos Mobile Control Technical guide

Sophos Mobile Control Technical guide Sophos Mobile Control Technical guide Product version: 2 Document date: December 2011 Contents 1. About Sophos Mobile Control... 3 2. Integration... 4 3. Architecture... 6 4. Workflow... 12 5. Directory

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown GO!Enterprise MDM for Android, Version 3.x GO!Enterprise MDM for Android with TouchDown 1 Table

More information

Securing end-user mobile devices in the enterprise

Securing end-user mobile devices in the enterprise IBM Global Technology Services Thought Leadership White Paper January 2012 Securing end-user mobile devices in the enterprise Develop an enforceable mobile security policy and practices for safer corporate

More information

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

SafeGuard Enterprise Web Helpdesk. Product version: 6.1 SafeGuard Enterprise Web Helpdesk Product version: 6.1 Document date: February 2014 Contents 1 SafeGuard web-based Challenge/Response...3 2 Scope of Web Helpdesk...4 3 Installation...5 4 Allow Web Helpdesk

More information

Agency Pre Migration Tasks

Agency Pre Migration Tasks Agency Pre Migration Tasks This document is to be provided to the agency and will be reviewed during the Migration Technical Kickoff meeting between the ICS Technical Team and the agency. Network: Required

More information

redcoal EmailSMS for MS Outlook and Lotus Notes

redcoal EmailSMS for MS Outlook and Lotus Notes redcoal EmailSMS for MS Outlook and Lotus Notes Technical Support: support@redcoal.com Or visit http://www.redcoal.com/ All Documents prepared or furnished by redcoal Pty Ltd remains the property of redcoal

More information

Good for Enterprise Good Dynamics

Good for Enterprise Good Dynamics Good for Enterprise Good Dynamics What are Good for Enterprise and Good Dynamics? 2012 Good Technology, Inc. All Rights Reserved. 2 Good is far more than just MDM Good delivers greater value and productivity

More information

HP ProtectTools Security Manager - v2.0

HP ProtectTools Security Manager - v2.0 HP ProtectTools Security Manager - v2.0 Introduction...2 The security dilemma...2 HP ProtectTools Security Manager...3 Security Software Modules for HP ProtectTools...4 Embedded Security for HP ProtectTools...5

More information

Client side. DESlock + Data Encryption

Client side. DESlock + Data Encryption Data Encryption DESlock + is a simple-to-use encryption application for companies large and small. Take advantage of the optimized setup that speeds up the time to adoption for admins. The client side

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android GO!Enterprise MDM for Android, Version 3.x GO!Enterprise MDM for Android 1 Table of Contents GO!Enterprise MDM

More information

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0 Administration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2015-01-16 SWD-20150116150104141 Contents Introduction... 9 About this guide...10 What is BES12?...11 Key features of BES12...

More information

PROPALMS TSE 6.0 March 2008

PROPALMS TSE 6.0 March 2008 PROPALMS March 2008 An Analysis of and Terminal Services: Contents System Administration... 2 Server Management... 3 Application Management... 5 Security... 7 End User Experience... 8 Monitoring and Reporting...

More information

Chapter 1 Scenario 1: Acme Corporation

Chapter 1 Scenario 1: Acme Corporation Chapter 1 Scenario 1: Acme Corporation In This Chapter Description of the Customer Environment page 18 Introduction to Deploying Pointsec PC page 20 Prepare for Deployment page 21 Install Pointsec PC page

More information

Advanced Administration

Advanced Administration BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Advanced Administration Guide Published: 2014-09-10 SWD-20140909133530796 Contents 1 Introduction...11 About this guide...12 What

More information

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444 Working Together Managing and Securing Enterprise Mobility WHITE PAPER Larry Klimczyk Digital Defence P: 222.333.4444 Contents Executive Summary... 3 Introduction... 4 Security Requirements... 5 Authentication...

More information

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Administration Guide

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Administration Guide BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Administration Guide Published: 2010-06-16 SWDT487521-1041691-0616023638-001 Contents 1 Overview: BlackBerry Enterprise

More information

1 Introduction to Microsoft Enterprise Desktop Virtualization (MED-V)... 3 1.1 Terminology... 4 1.2 Key Capabilities... 4

1 Introduction to Microsoft Enterprise Desktop Virtualization (MED-V)... 3 1.1 Terminology... 4 1.2 Key Capabilities... 4 MED-V v1 Contents 1 Introduction to Microsoft Enterprise Desktop Virtualization (MED-V)... 3 1.1 Terminology... 4 1.2 Key Capabilities... 4 2 High-level Architecture... 6 2.1 System Requirements for MED-V

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information

BlackBerry Enterprise Solution v4.1 For Microsoft Exchange Life is now

BlackBerry Enterprise Solution v4.1 For Microsoft Exchange Life is now BlackBerry Enterprise Solution v4.1 For Microsoft Exchange Life is now EXTENDING EXCHANGE WITH SECURE WIRELESS SOLUTIONS BlackBerry Enterprise Server software integrates with Microsoft Exchange and your

More information

Configuration Guide. BES12 Cloud

Configuration Guide. BES12 Cloud Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need

More information

Backup and Recovery FAQs

Backup and Recovery FAQs May 2013 Page 1 This document answers frequently asked questions regarding the Emerson system Backup and Recovery application. www.deltav.com May 2013 Page 2 Table of Contents Introduction... 6 General

More information

Guidance End User Devices Security Guidance: Apple OS X 10.9

Guidance End User Devices Security Guidance: Apple OS X 10.9 GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.9 Published 23 January 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform

More information

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics

More information

ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS

ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS Secure Remote Desktop & Application Access Mobile Device Management Mobile Content Management Mobile Email & PIM Secure Mobile Containerization

More information

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution? MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,

More information

Installation and Administration Guide

Installation and Administration Guide Installation and Administration Guide BlackBerry Enterprise Transporter for BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-11-06 SWD-20141106165936643 Contents What is BES12?... 6 Key features

More information

AD Self-Service Suite for Active Directory

AD Self-Service Suite for Active Directory The Dot Net Factory AD Self-Service Suite for Active Directory Version 3.6 The Dot Net Factory, LLC. 2005-2011. All rights reserved. This guide contains proprietary information, which is protected by copyright.

More information

Administrators Help Manual

Administrators Help Manual Administrators Help Manual Lepide Active Directory Self Service Lepide Software Private Limited Page 1 Administrators Help Manual for Active Directory Self-Service Lepide Active Directory Self Service

More information

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher A Nemaris Company Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher 306 East 15 th Street Suite 1R, New York, New York 10003 Application Name Surgimap Vendor Nemaris Inc. Version

More information