Windows Phone 8 Security Overview

Size: px
Start display at page:

Download "Windows Phone 8 Security Overview"

Transcription

1 Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations. It discusses and contains information about Windows Phone 8 security. October 2012

2

3 Legal Disclaimer 2012 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. Published: October 2012

4 Table of Contents WINDOWS PHONE SECURITY GOALS SYSTEM INTEGRITY APP PLATFORM SECURITY DATA PROTECTION SECURED ACCESS CONCLUSION RESOURCES

5 Windows Phone security goals Distributed computer networks and increasing numbers of smartphones help organizations be productive and competitive, but these technologies also require increased security vigilance. The pervasive threat of malicious software, or malware, and the need to prevent data leaks are two of the reasons why a thoughtful, comprehensive security design is essential. Organizations require smartphones that protect data when it is stored and when it is communicated, not only because their business partners and customers expect it but also because of the need to comply with the increasing number of laws and regulations that require security, privacy, and confidentiality. Windows Phone 8 uses a defense-in-depth approach that addresses security requirements in numerous ways. 1 System integrity Secure boot and code signing help assure platform integrity of Windows Phone 8. These features help to protect the Windows Phone 8 boot process and operating system from malware attacks, especially rootkits, by allowing only validated software components to execute. These features help deliver a secured platform for application developers and corporate customers alike, and help assure consumers that the information they care about is safe. Secure boot Secure boot is a technology that validates firmware images on Windows Phone devices before they are allowed to load the operating system. Secure boot builds on a chain of trust that extends to the hardware/firmware. All boot components have digital signatures that are cryptographically validated from the pre-uefi (Unified Extensible Firmware Interface) boot loaders to the UEFI environment. Secure boot helps to ensure that only authorized code can execute to initialize the device and load the Windows Phone operating system. Windows Phone architecture uses a System-on-a-Chip (SoC) design provided by SoC vendors. The pre-uefi boot loaders and the UEFI environment are provided by the SoC vendor and device manufacturers. The UEFI environment implements the UEFI secure boot standard described in section 27 of the UEFI specification

6 (http://www.uefi.org/specs/). This standard describes a process by which all UEFI drivers and applications are validated against keys provisioned into a UEFI runtime variable before they are executed. The UEFI and Windows (http://msdn.microsoft.com/enus/windows/hardware/gg aspx) document on MSDN describes the advantages of using UEFI and how UEFI is supported by desktop versions of the Windows operating system. Although the document focuses on UEFI and Windows, most of the information in the document also applies to Windows Phone. 2 Extended secure boot Microsoft provides the Windows Phone boot manager in the UEFI environment. After the pre-uefi and UEFI components complete their boot processes, the boot manager takes over to complete the boot process so the user can start using the smartphone. All code in the Windows Phone operating system is signed by Microsoft, including OEM drivers and applications. Also, applications that are added after manufacturing or installed from the Windows Phone Store or a private enterprise store must be properly signed to execute. Secure boot and code signing are the primary ways that Windows Phone 8 helps to protect the integrity of the operating system, but they are not the only security controls built into the phone to help prevent malware from taking over. App platform security Viruses and other forms of malware on some smartphone platforms are a growing concern for IT professionals today, in addition to concerns about information disclosure and compliance. These concerns are amplified by the increasing number of smartphones that are used to connect to corporate networks. Microsoft takes a multi-pronged approach to help protect Windows Phone 8 devices against malware. One aspect of this approach is the secure boot process described in the previous section that helps to prevent rootkit installation. Chambers and capabilities The Windows Phone security model utilizes a chamber concept, which is based on the principle of least privilege and uses isolation to achieve it; each chamber

7 provides a security boundary and, through configuration, an isolation boundary within which a process can run. Each chamber is defined and implemented using a policy system. The security policy of a specific chamber defines what operating system capabilities the processes in that chamber can use. A capability is a resource for which user privacy, security, cost, or business concerns exist with regard to Windows Phone use. Examples of capabilities include geographical location information, camera, microphone, networking, and sensors. 3 Every app on Windows Phone (including both Microsoft apps and non-microsoft apps) runs in its own isolated chamber that is defined by the declared capabilities that the app needs to function. A basic set of permissions is granted to all app chambers by default, including access to isolated storage. However, the set of permissions for a chamber can be expanded by using capabilities that are granted during app installation. App permissions cannot be elevated at run time. The chamber concept is advantageous for the following reasons: Attack surface reduction. Each app receives capabilities needed to perform all its use cases, but no more. User consent and control. Each app discloses its capabilities to the user on the app details page in the Windows Phone Store, and it provides an explicit prompt upon app installation for those capabilities that have legal requirements for explicit disclosure and specific consent collection, such as geographic location. Isolation. No communication channels exist between apps on the phone other than through the cloud. Apps are isolated from each other and cannot access memory used or data stored by other applications, including the keyboard cache. The browser Windows Phone 8 includes Internet Explorer 10 for Windows Phone. Because viruses can be downloaded by merely visiting infected websites, Microsoft took the approach of making the browsing experience safer. Internet Explorer helps to protect the user because it runs in an isolated chamber and prevents web apps from accessing other app resources. In addition, Internet Explorer does not support a plug-in model, so malicious plug-ins cannot be installed. Finally, the SmartScreen technology that was available in previous versions of Internet Explorer is now also available in Internet Explorer for Windows Phone. This technology warns users of websites that are known to be malicious.

8 Windows Phone Store Microsoft uses a carefully architected Store submission and approval process to prevent malware from reaching the Store. All Windows Phone apps submitted to the Store are certified before they are made available to users for downloading and installation. The developer is validated and the certification process checks Windows Phone apps for inappropriate content, Store policies, and security issues. This process plays an important role in protecting Windows Phones against malware. In addition, Microsoft scans all apps for viruses before publication. Although most malware exists on the Internet, apps that are developed in unmanaged environments with minimal security precautions could be unwitting transmitters of malware. Apps are also signed during the certification process, which is required for apps to be installed and run on Windows Phones. 4 Enterprise line-of-business (LOB) apps Although users obtain apps from the Windows Phone Store, organizations want the ability to distribute custom LOB apps that have been developed for their employees. With Windows Phone 8, Microsoft delivers this capability. Organizations can register with Microsoft to obtain the tools to privately sign and distribute apps, and they are no longer required to submit business apps to the Windows Phone Store before deploying them. With registration comes the ability to privately develop, package, sign, and distribute apps to employees using a validated process. Windows Phone updates The Windows Phone update service is the only source of updates for the Windows Phone operating system. Microsoft manages and distributes feature updates and bug fixes that originate from hardware manufacturers and the Windows Phone engineering team. In addition, the Windows Phone team has developed security review processes with the Microsoft Security Response Center to deliver critical security updates to all Windows Phones globally if high-impact vulnerabilities are discovered. Also, Windows Phone was designed using the Microsoft Security Development Lifecycle (SDL). SDL is a software development security assurance process used by all Microsoft engineering teams that includes extensive threat modeling, penetration

9 testing, and security development practices, all of which help prevent unauthorized access to phone resources. Data protection Microsoft understands that organizations of all sizes need to protect the confidentiality and integrity of their data. Users who store personal information or conduct transactions using their smartphones have the same need. The Windows Phone security design addresses the need for data protection by mitigating the risk of unauthorized data access or unintended information disclosure. 5 In addition, every Windows Phone includes by design the same set of management and security controls, regardless of hardware manufacturer, which enables organizations to manage all Windows Phones in a consistent, predictable way to mitigate risk. Device access and security policies As a first line of defense, access to a Windows Phone can be controlled through a PIN or password. A user can set a PIN or password via the settings panel to lock their phone. In addition, IT departments can use Exchange ActiveSync policies to require users to set PINs or passwords, and also to configure additional password policies to manage password length, complexity, and other parameters. Exchange ActiveSync policies can also be used to configure additional security functionality. Many organizations worldwide currently use Exchange Server, so Microsoft chose to focus on Exchange infrastructure to achieve the broadest possible reach. Exchange ActiveSync is communications protocol that provides Windows Phone users with mailbox synchronization functionality. Windows Phone 8 is compatible with version 14.1 of the Exchange ActiveSync protocol and supports synchronizing , calendar, task, and contact information with Exchange Server 2003 SP2 and subsequent releases or with Microsoft Office 365. In addition, Windows Phone 8 has a built-in device management client that can be used by a mobile device management system to set policy on the phone. More details will be available at a later date. If a Windows Phone is lost or stolen, IT professionals can initiate a remote wipe of the device by using the Exchange Server Management Console, and users can initiate a remote wipe of the device by using Outlook Web App. In addition, users

10 can locate a lost phone, map its location, make it ring, and wipe its data if they register the phone with windowsphone.com. Device encryption To help keep everything from documents to passwords safe, Windows Phone 8 encrypts the internal storage of the device, including the operating system and data partitions. Device encryption is enabled by EAS or device management policy. 6 Device encryption in Windows Phone 8 uses BitLocker technology to encrypt all internal data storage on the phone. Once enabled, BitLocker conversion automatically starts encrypting the internal storage. With both PIN-lock and BitLocker enabled, the combination of data encryption and device lock would make it extremely difficult for an attacker to recover sensitive information from a device. Removable storage Windows Phone 8 supports removable storage using micro SD cards, so users can easily extend the memory of their phones to store pictures, movies, or music when needed. However, the Windows Phone operating system prevents users from storing anything but media files on SD cards. Although the Windows Phone 8 operating system and user data partitions are encrypted, files on SD cards that are inserted in the phone are not encrypted. IT professionals can prevent the use of external storage cards on Windows Phones by configuring a policy setting. Data leak prevention IT professionals wanting to prevent leaks of intellectual property should consider using Information Rights Management (IRM), which allows content creators to assign rights to documents that they send to others. The data in rights-protected documents is encrypted so that it can be viewed only by authorized users. In addition, a rights-protected document stores an issuance license that specifies the rights that users have to the content. For example, authors can specify that the document is read-only, that text in the document cannot be copied, or that the document cannot be printed. IRM relies on Windows Rights Management Services (RMS), a Windows Serverbased technology that IT pros can configure to create the issuance license and

11 perform the encryption and decryption of rights-protected documents. In addition, RMS can be applied to so that messages can circulate in a protected environment but not be forwarded outside of the organization. RMS can also be applied to documents that are attached to or stored on Microsoft SharePoint servers, limiting distribution and editing capabilities and helping to prevent information from being leaked to unauthorized personnel. Windows Phone users can fully participate in IRM conversations and read IRM documents on their phones. Windows Phone is the only smartphone currently available that includes a built-in capability to handle rights-protected and documents. 7 Secured access Windows Phone is built to take full advantage of cloud-based services. At first use, the user is prompted to enter Microsoft account information to access and connect to web services that enable many of its engaging capabilities, such as access to personal , the Windows Phone Store, SkyDrive, and many more. Data synchronization between Windows Phone and most cloud services or onpremises servers uses an SSL connection. All network traffic for critical Windows Phone business apps, such as Exchange Server and SharePoint, is encrypted using 128-bit or 256-bit AES encryption. This use of encryption applies to on-premises server deployments as well as to Office 365 deployments. And most third-party or custom business apps on Windows Phone also use the SSL encryption infrastructure to protect information in transit. Conclusion Because mobile devices are used to communicate and store corporate data, personally identifiable information, and intellectual property, Microsoft has applied the strictest security standards to design and develop Windows Phone. Windows Phone 8 secure boot and code signing provide system integrity, and the chambered security model is the foundation for protecting confidential data. Building on this foundation, the combination of full-device encryption and device access policies establishes a powerful security model that can withstand many attacks. In-depth protection against mobile malware creates an environment that creates trust.

12 Resources For more information about all the aspects of using Windows Phone in your company, see, Windows Phone for Business (http://www.windowsphone.com/en- US/business/for-business). To learn more about the Security Development Lifecycle, see Additional information is available in the following articles: 8 Understanding Information Rights Management at How IRM works in Office and Exchange Server at Understanding IRM with Exchange ActiveSync at

Windows Phone 8 Security Guide

Windows Phone 8 Security Guide Windows Phone 8 Security Guide This white paper is part of a series of technical papers designed for IT professionals. This whitepaper reviews how security is implemented on Windows Phone in apps and with

More information

Windows Phone 8: The Right Choice for Business

Windows Phone 8: The Right Choice for Business Windows Phone 8: The Right Choice for Business A Reviewers Guide Published February 2013 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed

More information

Windows Phone 8 Security deep dive

Windows Phone 8 Security deep dive October 2012 Windows Phone 8 Security deep dive David Hernie Technical Evangelist Microsoft Belux Office Microsoft Corporation All large screen, dual-core, LTE and NFC Nokia Lumia 920 Nokia Lumia 820 Samsung

More information

Windows Phone 8.1 Mobile Device Management Overview

Windows Phone 8.1 Mobile Device Management Overview Windows Phone 8.1 Mobile Device Management Overview Published April 2014 Executive summary Most organizations are aware that they need to secure corporate data and minimize risks if mobile devices are

More information

Windows Phone 8 Device Management Overview

Windows Phone 8 Device Management Overview Windows Phone 8 Device Management Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their

More information

Parla, Secure Cloud Email

Parla, Secure Cloud Email Parla, Secure Cloud Email Secure Email, Instant Messaging, Calendar, Contacts, Tasks, File sharing and Notes across all devices The 1 st Secure Email and Instant Messaging from and European Security Vendor

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Overview Enterprise-Class Secure Mobile File Sharing Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud

More information

Kaspersky Security for Mobile Administrator's Guide

Kaspersky Security for Mobile Administrator's Guide Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that

More information

Support for Apple Mac and ios Devices

Support for Apple Mac and ios Devices Support for Apple Mac and ios Devices Published: July 29, 2011 For the latest information, please see Microsoft Office 365. The information contained in this document represents the current view of Microsoft

More information

anywhere, anytime expectations Bring Your Own Device goes mainstream enabling mobility critical for success changing security landscape

anywhere, anytime expectations Bring Your Own Device goes mainstream enabling mobility critical for success changing security landscape Office anywhere, anytime expectations Bring Your Own Device goes mainstream enabling mobility critical for success changing security landscape Consumers adopting mobile RISKS Users Devices Apps Data Users

More information

ONE Mail Direct for Mobile Devices

ONE Mail Direct for Mobile Devices ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document

More information

Xerox Mobile Print Cloud

Xerox Mobile Print Cloud September 2012 702P00860 Xerox Mobile Print Cloud Information Assurance Disclosure 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the United

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

WIND RIVER SECURE ANDROID CAPABILITY

WIND RIVER SECURE ANDROID CAPABILITY WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

Norton Mobile Privacy Notice

Norton Mobile Privacy Notice Effective: October 25, 2016 Symantec and the Norton brand have been entrusted by consumers around the world to protect their computing devices and digital assets. This Norton Mobile Privacy Notice tells

More information

Kaspersky Security 10 for Mobile Implementation Guide

Kaspersky Security 10 for Mobile Implementation Guide Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful

More information

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes

More information

OVERVIEW. Enterprise Security Solutions

OVERVIEW. Enterprise Security Solutions Enterprise Security Solutions OVERVIEW For more than 25 years, Trend Micro has innovated constantly to keep our customers ahead of an everevolving IT threat landscape. It s how we got to be the world s

More information

BlackBerry 10.3 Work and Personal Corporate

BlackBerry 10.3 Work and Personal Corporate GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network

More information

Cloud Computing: What IT Professionals Need to Know

Cloud Computing: What IT Professionals Need to Know Learning Cloud Computing: What IT Professionals Need to Know Cloud computing promises new career opportunities for IT professionals. In many cases, existing core skill sets transfer directly to cloud technologies.

More information

FileMaker Pro 11. Running FileMaker Pro 11 on Citrix XenApp

FileMaker Pro 11. Running FileMaker Pro 11 on Citrix XenApp FileMaker Pro 11 Running FileMaker Pro 11 on Citrix XenApp 2007 2010 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker is a trademark

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

Security Considerations for DirectAccess Deployments. Whitepaper

Security Considerations for DirectAccess Deployments. Whitepaper Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift

More information

Norton Mobile Privacy Notice

Norton Mobile Privacy Notice Effective: April 12, 2016 Symantec and the Norton brand have been entrusted by consumers around the world to protect their computing devices and most important digital assets. This Norton Mobile Privacy

More information

Privacy + Security + Integrity

Privacy + Security + Integrity Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels

More information

Windows Phone 8 Device Management

Windows Phone 8 Device Management Windows Phone 8 Device Management with Windows Intune and System Center Configuration Manager SP1 This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows

More information

Kaspersky Lab Mobile Device Management Deployment Guide

Kaspersky Lab Mobile Device Management Deployment Guide Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile

More information

That Point of Sale is a PoS

That Point of Sale is a PoS SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Keeping Windows 8.1 safe and secure

Keeping Windows 8.1 safe and secure Keeping Windows 8.1 safe and secure 14 IN THIS CHAPTER, YOU WILL LEARN HOW TO Work with the User Account Control. Use Windows Firewall. Use Windows Defender. Enhance the security of your passwords. Security

More information

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats Windows XP Support Has Ended Why It Concerns You Protect Detect Respond 1 02 Windows XP support has ended Windows XP support

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS? What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

Information Systems. Connecting Smartphones to NTU s Email System

Information Systems. Connecting Smartphones to NTU s Email System Information Systems Connecting Smartphones to NTU s Email System Connecting Smartphones to NTU s Email System Contents Things to be aware of before you start 3 Connecting a Windows Mobile 6 (6.0-6.5) Phone

More information

Windows Phone 8 devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as

Windows Phone 8 devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as GOV.UK Guidance End User Devices Security Guidance: Windows Phone 8 Updated 14 October 2013 Contents 1. Usage Scenario 2. Summary of Platform Security 3. How the Platform Can Best Satisfy the Security

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12 Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge

More information

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents

More information

Enterprise Mobility Report 10/2014. Creation date: 31.10.2014. Vlastimil Turzík, Edward Plch

Enterprise Mobility Report 10/2014. Creation date: 31.10.2014. Vlastimil Turzík, Edward Plch 10/2014 Creation date: 31.10.2014 Author: Vlastimil Turzík, Edward Plch Content Content... 2 Introduction... 4 Interesting Articles... 4 95% of companies challenged by BYOD security... 4 ios... 4 Vulnerability...

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse

More information

for this software, unless other terms accompany those items. If so, those terms apply.

for this software, unless other terms accompany those items. If so, those terms apply. MICROSOFT SOFTWARE LICENSE TERMS WINDOWS VISTA ENTERPRISE SERVICE PACK 1 Your use of this software is subject to the terms and conditions of your volume license agreement. You may not use this software

More information

Network Access Protection (NAP)

Network Access Protection (NAP) Executive Summary Management and consistent availability of servers and endpoints in a business means higher productivity. Period. When employees no longer have to be concerned with the availability of

More information

PULSE SECURE FOR GOOGLE ANDROID

PULSE SECURE FOR GOOGLE ANDROID DATASHEET PULSE SECURE FOR GOOGLE ANDROID Product Overview In addition to enabling network and resource access for corporate managed mobile devices, many enterprises are implementing a Bring Your Own Device

More information

Choosing an MDM Platform

Choosing an MDM Platform Whitepaper Choosing an MDM Platform Where to Start the Conversation 2 Choosing an MDM Platform: Where to Start the Conversation There are dozens of MDM options on the market, each claiming to do more than

More information

VAULTIVE & MICROSOFT: COMPLEMENTARY ENCRYPTION SOLUTIONS. White Paper

VAULTIVE & MICROSOFT: COMPLEMENTARY ENCRYPTION SOLUTIONS. White Paper COMPLEMENTARY ENCRYPTION SOLUTIONS White Paper Table of Contents Section I: Vaultive & Microsoft: Complementary Encryption Solutions... 2 Section II: Vaultive is a Microsoft ISV Partner... Appendix A:

More information

The Shortcut Guide To

The Shortcut Guide To tm The Shortcut Guide To Securing Your Exchange Server and Unified Communications Infrastructure Using SSL Don Jones Ch apter 3: Best Practices for Securing Your Exchange Server... 32 Business Level Concerns

More information

Symantec Enterprise Vault.cloud Overview

Symantec Enterprise Vault.cloud Overview Fact Sheet: Archiving and ediscovery Introduction The data explosion that has burdened corporations and governments across the globe for the past decade has become increasingly expensive and difficult

More information

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Overview of Active Directory Rights Management Services with Windows Server 2008 R2

Overview of Active Directory Rights Management Services with Windows Server 2008 R2 Overview of Active Directory Rights Management Services with Windows Server 2008 R2 Student Manual Module 3: Active Directory Rights Management Clients and Information Rights Management on Desktop Applications

More information

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Building Secure Cloud Applications. On the Microsoft Windows Azure platform Building Secure Cloud Applications On the Microsoft Windows Azure platform Contents 1 Security and the cloud 3 1.1 General considerations 3 1.2 Questions to ask 3 2 The Windows Azure platform 4 2.1 Inside

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

CHOOSING AN MDM PLATFORM

CHOOSING AN MDM PLATFORM CHOOSING AN MDM PLATFORM Where to Start the Conversation Whitepaper 2 Choosing an MDM Platform: Where to Start the Conversation There are dozens of MDM options on the market, each claiming to do more than

More information

SECURING TODAY S MOBILE WORKFORCE

SECURING TODAY S MOBILE WORKFORCE WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table

More information

iphone in Business Security Overview

iphone in Business Security Overview iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

Securing Corporate Email on Personal Mobile Devices

Securing Corporate Email on Personal Mobile Devices Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:

More information

Deploying iphone and ipad Security Overview

Deploying iphone and ipad Security Overview Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services

More information

IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security

IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security INTC-8608-01 CE 12-2010 Page 1 of 8 Table of Contents 1. Scope of Services...3 2. Definitions...3

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Computer Security and Privacy

Computer Security and Privacy Computer Security and Privacy 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Guidelines for Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures

More information

ipad in Business Security

ipad in Business Security ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security

More information

Quick Heal Exchange Protection 4.0

Quick Heal Exchange Protection 4.0 Quick Heal Exchange Protection 4.0 Customizable Spam Filter. Uninterrupted Antivirus Security. Product Highlights Built-in defense keeps your business communications and sensitive information secure from

More information

"Secure insight, anytime, anywhere."

Secure insight, anytime, anywhere. "Secure insight, anytime, anywhere." THE MOBILE PARADIGM Mobile technology is revolutionizing the way information is accessed, distributed and consumed. This 5th way of computing will dwarf all others

More information

The ForeScout Difference

The ForeScout Difference The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete

More information

New Features: What s new in Windows Intune?

New Features: What s new in Windows Intune? New Features: What s new in Windows Intune? Contents Release Overview... 2 Unified Enterprise Management Solution... 2 User-based Licensing... 5 Extending Client Support... 5 Understanding Mobile Device

More information

Getting Started Guide: Getting the most out of your Windows Intune cloud

Getting Started Guide: Getting the most out of your Windows Intune cloud Getting Started Guide: Getting the most out of your Windows Intune cloud service Contents Overview... 3 Which Configuration is Right for You?... 3 To Sign up or Sign in?... 4 Getting Started with the Windows

More information

FileMaker Pro 12. Using a Remote Desktop Connection with FileMaker Pro 12

FileMaker Pro 12. Using a Remote Desktop Connection with FileMaker Pro 12 FileMaker Pro 12 Using a Remote Desktop Connection with FileMaker Pro 12 2007 2012 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker

More information

Mobile Access Software Blade

Mobile Access Software Blade Mobile Access Software Blade Dimension Data BYOD event Jeroen De Corel SE BeLux 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd.

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012 BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

Three Best Practices to Help Government Agencies Overcome BYOD Challenges

Three Best Practices to Help Government Agencies Overcome BYOD Challenges WHITE PAPER This paper discusses how IT managers in government can address the challenges of the new Bring-Your-Own-Device (BYOD) environment as well as best practices for ensuring security and productivity.

More information

overview Enterprise Security Solutions

overview Enterprise Security Solutions Enterprise Security Solutions overview For more than 25 years, Trend Micro has innovated constantly to keep our customers ahead of an ever-evolving IT threat landscape. It s how we got to be the world

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation. eblvd enables secure, cloud-based access to a PC or server over the Internet. Data, keyboard, mouse and display updates are transmitted over a highly compressed, encrypted stream, yielding "as good as

More information

Securing Office 365 with MobileIron

Securing Office 365 with MobileIron Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,

More information

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Ensuring Enterprise Data Security with Secure Mobile File Sharing. A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite

More information

Android for the Enterprise Ge#ng from Here to There

Android for the Enterprise Ge#ng from Here to There Android for the Ge#ng from Here to There 1 Overview addresses enterprise needs: security and device management. 2 Overview pla6orm server so4ware 3 Overview 4 Use cases 5 Use cases Loss Remediation Minimize

More information

Mobile malware hits ActiveSync-only devices

Mobile malware hits ActiveSync-only devices Mobile malware hits ActiveSync-only devices Mobile platforms have leapfrogged PC security for years, but as mobile device adoption explodes worldwide, these platforms face more security threats than ever

More information

Blue Jeans Network Security Features

Blue Jeans Network Security Features Technical Guide Blue Jeans Network Security Features Blue Jeans Network understands an organization s need for secure communications. The Blue Jeans cloud-based video conferencing platform provides users

More information

Presents: INTERMEDIATE COMPUTER BASICS. By Angie Harris Adapted from the Texas State Library s TEAL for All Texans Student Resources Manual

Presents: INTERMEDIATE COMPUTER BASICS. By Angie Harris Adapted from the Texas State Library s TEAL for All Texans Student Resources Manual Presents: INTERMEDIATE COMPUTER BASICS By Angie Harris Adapted from the Texas State Library s TEAL for All Texans Student Resources Manual Intermediate Computer Basics Topics Windows Explorer Getting to

More information

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks Smartphones and tablets are invading the workplace along with the security risks they bring with them. Every day these devices go unchecked by standard vulnerability management processes, even as malware

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Windows 8 Pro: For Small Business. Speaker Name, Title

Windows 8 Pro: For Small Business. Speaker Name, Title Windows 8 Pro: For Small Business Speaker Name, Title The growing needs of small businesses Balance work and life Work smarter Stay connected and mobile Stay in control Improved security Increase competitive

More information

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is

More information