Technical Whitepaper. Secure Docs

Similar documents
Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Balancing Security and Speed: Developing Mobile Apps for Enterprise

Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here.

Good for Enterprise Good Dynamics

Bring Your Own Device. Individual Liable User Policy Considerations

User Self-Service Configuration Overview

When enterprise mobility strategies are discussed, security is usually one of the first topics

Secure, Centralized, Simple

Symantec Mobile Management 7.2

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

BYOD Guidance: BlackBerry Secure Work Space

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Advanced Configuration Steps

Symantec Mobile Management 7.1

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT

Symantec Mobile Management 7.2

What We Do: Simplify Enterprise Mobility

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Symantec Mobile Management 7.1

Ensuring the security of your mobile business intelligence

Symantec Mobile Management for Configuration Manager 7.2

Building Secure Mobile Applications Using MaaS360 SDK and IBM Worklight

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Oracle Mobile Security

AVG Business SSO Partner Getting Started Guide

SharePlus Enterprise: Security White Paper

Athena Mobile Device Management from Symantec

The Top Five Security Challenges Presented by Mobile SharePoint Access

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Mobile Device Management Version 8. Last updated:

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh

Securing Enterprise Mobility for Greater Competitive Advantage

Good Share Client User Guide for ios Devices

Total Enterprise Mobility

ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS

Enterprise Security with mobilecho

MOBILE APP SECURITY THROUGH CONTAINERIZATION: 10 ESSENTIAL QUESTIONS

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Copyright 2013, 3CX Ltd.

Deploying iphone and ipad Mobile Device Management

Vodafone Secure Device Manager Administration User Guide

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Sophos Mobile Control Administrator guide. Product version: 3.6

activecho Driving Secure Enterprise File Sharing and Syncing

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

An Overview of Samsung KNOX Active Directory and Group Policy Features

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Resco Mobile CRM Security

ipad in Business Mobile Device Management

IBM United States Software Announcement , dated February 3, 2015

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

Enterprise Mobile App Management Essentials. Presented by Ryan Hope and John Nielsen

McAfee Enterprise Mobility Management

Kaspersky Security 10 for Mobile Implementation Guide

MTP. MTP AirWatch Integration Guide. Release 1.0

Managing enterprise in a mobile world

Compliance Rule Sets in MaaS360

MaaS360 Mobile Device Management (MDM) Administrators Guide

Safeguard Protected Health Information With Citrix ShareFile

WHITE PAPER. Best Practices for Globally Deploying Wireless Messaging

Cloud Services MDM. ios User Guide

ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS

Cortado Corporate Server

Secure Mobile Applications. A Technical White Paper

CHOOSING AN MDM PLATFORM

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Kaspersky Security for Mobile Administrator's Guide

System Configuration and Deployment Guide

Security Overview Enterprise-Class Secure Mobile File Sharing

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

Choosing an MDM Platform

Cloud Services MDM. Overview & Setup Admin Guide

Sophos Mobile Control Administrator guide. Product version: 3

Sophos Mobile Control User guide for Apple ios. Product version: 4

Kaspersky Lab Mobile Device Management Deployment Guide

RFI Template for Enterprise MDM Solutions

Windows Phone 8.1 Mobile Device Management Overview

User Manual for Version Mobile Device Management (MDM) User Manual

SENSE Security overview 2014

FileCloud Security FAQ

ForeScout MDM Enterprise

Mobile Admin Security

GO!Enterprise Mobile Device Management Android Release Notes

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

MaaS360 Cloud Extender

MDM User Guide June 2012

Introduction to the AirWatch Workspace

Egnyte Cloud File Server. White Paper

Android App Release Notes

The ForeScout Difference

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Mobile Device Management and Security Glossary

Transcription:

Technical Whitepaper Secure Docs

Contents Introduction 3 Overview 4 Technical Details 4 Conclusion 7 Good Technology 866-7-BE-GOOD www.good.com Secure Docs Technical Whitepaper 2

Introduction As of Q1 2012, Good introduced Secure Docs, a new Good for Enterprise capability that for the first time ever allows users to securely view, edit, save and send files leveraging popular third-party document editors. Secure Docs is a new set of functionality that allows users to securely view, edit, save and send files leveraging popular third-party document editors supported by Good for Enterprise. With Good s new solution, mobile workers can install and utilize secure third-party editing applications that were developed on the Good Dynamics security platform for mobile applications, ensuring that they all contain enterprise-grade security and the flexibility to be deployed across multiple platforms with the same set of policies. This whitepaper provides a technical overview of this solution, including its complete, secure workflow with Good for Enterprise. The Need for Secure Docs The penetration of smart devices into consumer markets has made connectivity relatively easy and inexpensive, especially outside of the workplace. Connectivity, accompanied by the right apps and tools, increases collaboration and productivity in nearly any organization. While access to corporate email, calendar and contacts is often the starting point, industry-leading companies recognize that employees need more than email to fully participate in business processes. With the rapid emergence of ipads, the ability to edit documents on-the-go and manage transmitted files is more important than ever. Currently, editing documents on a mobile device requires the use of a third-party application, which is generally not secure and puts corporate information at risk. With Secure Docs, workers can now securely edit, save and send files using their ipad (support on more platforms is expected in 2012) without the worry of potentially corrupting corporate data or inadvertently sharing it with cloud-based applications. Good Technology 866-7-BE-GOOD www.good.com Secure Docs Technical Whitepaper 3

Secure Docs: An Overview The Secure Docs capability delivers enterprise-grade security through a complete mobile content editing workflow from viewing and editing to saving and sending. Mobile workers can edit a document using one of the new, secure third-party editors, and then save it in the Good File Repository, a secure environment for document saving and archiving. Files are stored and secured with FIPS certified AES encryption. Additionally, because Secure Docs works solely with Good for Enterprise (GFE), IT can rest assured that security policies for disabling cloud-based sync, Open In and Share capabilities, and Cut/Copy/Paste functions are applied to the corporate data being accessed by the secured editor, and that corresponding application-level security policies for password requirements and Jailbreak detection are enforced on the secured editor prior to data access. Technical Details Secure Docs is a means of exchanging data between two applications running on the same device. One of the applications must be the GFE e-mail and PIM application; the other must be a Good Dynamics-secured application. The security of data is not compromised during exchange. The data remains in Good secure storage throughout. The method of moving data from one application to another is the Good Dynamics API. This API includes the functions and structures required to send and receive data using Good Secure Docs. To utilize this API, the application must authorize by pairing with Good for Enterprise. Good for Enterprise (GFE) Secure Storage Secure Docs Editor (3 rd Party) Good Dynamics Libraries Mobile Device Good NOC Secure Inter-Container Communication of Files and Policies Firewall SECURE PIPE Good Mobile Control (GMC) Policies Good Mobile Messaging Server (GMMS) Email/Files Lotus Domino An IT administrator uses the Good Mobile Control console to enable users to use the third-party secure editors. The IT admin may specify the specific third-party editor to individual devices or groups of devices. End-users, on the other hand, need to install a third-party editor for free from the Apple App Store. Good Technology 866-7-BE-GOOD www.good.com Secure Docs Technical Whitepaper 4

Single Sign-On Secure Docs has a single sign-on method that is synced with the user s GFE password. The password policy protection is identical to GFE and the secure third-party editors. After authentication, every time a secure third-party editor is opened, it will flip to the GFE login page: 1. If GFE is logged in, user will automatically flip back to the secure editor 2. If GFE is not logged in, user will enter GFE s password that will take him/her back to the secure editor After authentication has been established, and on each and every user access or other application launch event, the Secure Docs editor invokes the Good Dynamics Libraries in order to perform compliance checks and authenticate the user as necessary, based on customer-specified policies for password entry, password timeouts, etc. It is not possible for the user to access documents or perform other application functions unless and until compliance checks and user authentication have been completed. The Good Dynamics library will determine if inactivity timeout has expired and will handle interaction with GFE to authenticate the user when timeout occurs. MDM and Security: Compliance Policies Secure Docs editors take advantage of the GFE MDM commands through the use of the Good Dynamics Libraries. When an MDM command is sent from GMC to the GFE application, not only will it trigger an action on the GFE side, all connected Secure Docs editors will be triggered. The following MDM features are supported: Lock Remotely lock GFE and Secure Docs editors Wipe Remotely wipe all container data, GFE and Secure Docs editors In addition to MDM functionality, the following Security Policies are supported: Password Timeout Maximum timeout before password is required for client unlock Lock on Background Always lock the UI when entering background mode Enable Lock Notifications Show notification alerts on lock screen for this user Cut / Copy / Paste Disable container data to be cut, copied, and pasted outside of the container. The following Compliance Policies from GMC are also enforced upon the launch of a Secure Docs editor: OS Version Compliance requires that the device is running one of a set of supported OS versions Model Compliance requires that the device hardware is in a set of supported hardware Rooted Compliance requires that the device not be Jailbroken Good Dynamics Library Compliance requires that the device is running one of a set of supported Good Dynamics library versions. Good Technology 866-7-BE-GOOD www.good.com Secure Docs Technical Whitepaper 5

Data Storage and Encryption Secure Docs editors use the Good-provided Good Dynamics Libraries to store and retrieve data and perform related encryption and decryption functions, in combination with a user-provided password, where that password s length, complexity, etc. shall be defined by policy parameters passed from the GFE application to the Secure Docs editors, as further described below. The Good Dynamics Libraries handle all aspects of password selection, password updates, and related key generation and management, data encryption and storage, and data decryption and retrieval. The Secure Docs capability disables the ability for a user to store data unencrypted, outside the storage provided, through the Good Dynamics Libraries. Data Leakage Controls Secure Docs carries the same set of flexible policies as GFE that helps manage the mobile fleet and keeps corporate data secure. Secure Docs includes an extra set of secure policy features: Prevent data loss and data exposure by disabling cloud-based sync and sharing options. Easily set security levels and which approved third party editors your employees can use for viewing and editing documents. In addition to the use of the Good Dynamics Libraries to provide for secure and encrypted data storage, Secure Docs editors implement the following application-level controls to prevent data loss/leakage to other native and/or third party applications and cloud services: Cut/Copy/Paste If an application allows a user to cut/copy text, and paste it outside of the application, you must first implement cut/copy/paste policy controls that prevent the end user from copying data either into or out of the application. The Good Dynamics library will provide current policy at startup and invoke a callback if the policy changes. The Good Dynamics library will also clear the clipboard automatically when the third-party editor enters background mode. This policy is controlled by the GMC and mirrors the policy set for GFE. Open With/Open In Secure Docs editors prevent the user from opening documents with or in other native and/or 3 rd party applications, other than within the Good for Enterprise application itself. Connect To/Upload Secure Docs editors disable the ability of the user to upload documents to 3 rd party document storage/sharing services, FTP servers, etc. Send/Save Secure Docs editors do not allow the user to Save or Send documents using any 3 rd party or native applications. URL-Based Invocation Secure Docs editors do not allow for URL-based invocation or provide any URL-based or other similar external interfaces that would allow the application to be launched or application functions to be used by any native or 3 rd party application. Save 1 Secure Docs editors allow the user to Save selected documents, both in their own file store and in the GFE application. Secure Docs editors do not allow saving to any other apps or storage areas on the device, other than the storage provided through the Good Dynamics Libraries, or in the GFE application. The Good Dynamics Libraries will provide an Application Programming Interface to enable this Save function. Send Similarly to Save, Secure Docs editors allow the user to Send selected document(s) using the GFE application. They do not allow sending via native email or any 3 rd party application. The Good Dynamics Libraries will provide an Application Programming Interface to enable this Send function. The first Good for Enterprise ios client version to include support for Secure Docs is v1.9.6. 1 Both the Save and Send features are executed using the Open With API. To either save or send a document to GFE, a use selects a button that securely pushes the document to GFE. The user is then asked via a dialogue box whether they would like to Email or Save the document. Selecting Email will launch Good Compose. Selecting Save will save the document in the Good File Repository. Good Technology 866-7-BE-GOOD www.good.com Secure Docs Technical Whitepaper 6

Conclusion In today s dynamic business environment, enterprises must keep pace with technological innovation while maintaining corporate security. With Secure Docs, employees can increase productivity on-the-go. And IT can rest assured that all enterprise data is secure. To learn more about Good solutions, visit good.com or call 866-7-BE-GOOD. Good Technology For more information, please call 866 7 BE GOOD or visit www.good.com. Global Headquarters +1 408 212 7500 (main) +1 866 7 BE GOOD (sales) EMEA Headquarters +44 (0) 20 7845 5300 2012 VISTO Corporation and Good Technology, Inc. All rights reserved. Good, Good Technology, the Good logo, Good for Enterprise, Good for Government, Good for You, Good Mobile Messaging, Good Mobile Intranet, and Powered by Good are trademarks of Good Technology, Inc. ConstantSync, Constant Synchronization, Good Mobile Client, Good Mobile Portal, Good Mobile Exchange Access, Good Mobile Platform, Good Easy Setup, Good Social Networking and Good Smarticon are either trademarks or registered trademarks of VISTO Corporation. All third-party trademarks, trade names, or service marks may be claimed as the property of their respective owners. Good and Visto technology are protected by U.S. patents and various other foreign patents. Other patents pending. WP_Secure Docs_Jan2012_US Good Technology 866-7-BE-GOOD www.good.com Secure Docs Technical Whitepaper 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information