Featured Eseminar Auditor Download GuardianEdge Federal GuardianEdge

“We already have the Data Protection Act and Sarbanes Oxley in the UK, but inevitably these will get stronger and new laws will be introduced.”

—Alex Kwiatkowski, lead analyst at Datamonitor.
Smartphone Protection FAQs


Smartphone Protection Frequently Asked Questions

This page contains answers to the most commonly asked questions about Smartphone Protection

Encryption

  1. What data on phones and removable storage is encrypted?
  2. When does encryption of data happen?
  3. What standards and algorithms for encryption are supported?
  4. Is the product certified?
  5. How does the operation of the encryption client affect the performance of the smartphone?
  6. What smartphone OS platforms are supported?

Port, Device and Network Control

  1. What does port, device and network control do on a smartphone?
  2. What are the options for port and network restriction?
  3. Can I control use of “on phone” devices and software?
  4. What features does the firewall on the smartphone offer?

Enterprise Manageability

  1. Is the GuardianEdge Smartphone product integrated with Active Directory?
  2. How is the security software installed on smartphones?
  3. Can software updates be deployed over the air?
  4. How do I create, manage and deploy policy updates and changes to smartphones?
  5. Can I require encryption of data on the phone?
  6. Can the data on the devices be wiped remotely?
  7. What are the user authentication options?
  8. How effectively does the product scale?

Exchange eMail Access Security

  1. Can I require that smartphones meet security policy requirements before they connect to my corporate mail server?
  2. How can devices that are not compliant with my access control policy for Exchange be brought into compliance?

Data Portability

  1. Is it possible to share SD cards with encrypted data safely within groups?
  2. Will it be possible for my users to continue to use their MP3, video and other multimedia files? Can I prohibit their usage by policy?

End User Experience

  1. Will users be aware of encryption and security policies on the device?
  2. How can user access to devices be restored is they forget their password?
  3. Is a password or PIN required before a phone call can be received?
  4. Are there user self-service capabilities for password retrieval and other functions available?
  5. What help desk services are available?

Reporting

  1. How will I know what the current compliance state of smartphones that I’ve allowed to access my network is?
  2. Is it possible to know the last check in date, type of device and other device configuration information?


Encryption

1) What data on phones and removable storage is encrypted?

Data on the phone is encrypted by administrator controlled policy. Options include; Outlook database encryption (email, contacts, folders, tasks, etc.), encryption by file extension (.exe, .doc, etc.) and encryption by folder Data on SD cards can also be encrypted by administrator controlled policy. Options include; encrypt entire device or encrypt by file extension (.exe, .doc, etc.). Last, email communications between the phone and the server can be encrypted by policy.

2) When does encryption of data happen?

Encryption happens transparently in the background whenever policy controlled files are written, copied or moved, and is not visible to users.

3) What standards and algorithms for encryption are supported?

AES 128/196/256 and Triple DES encryption are supported

4) Is the product certified?

Encryption on the phone and on SD cards is FIPs 140-2 certified

5) How does the operation of the encryption client affect the performance of the smartphone?

Using the encryption client results in no visible performance impact on the use of the phone or applications.

6) What smartphone OS platforms are supported?

Windows Mobile 5 and 6, Pocket PC, Symbian and Palm 5.x are supported.

Port, Device and Network Control

1) What does port, device and network control do on a smartphone?

Port, device and network control uses administrator configured policy to decide what ports and networks are open on the phone, what devices are allowed to connect those ports and what on-phone devices are available.

2)What are the options for port and network restriction?

USB, Serial, and SD card slot ports can be enabled or disabled. Bluetooth, WiFi and Infrared networking connections can also be enabled or disabled. In the case of Bluetooth and IR connections specific device types (like Bluetooth headsets for instance) can also be configured by policy.

3) Can I control use of “on phone” devices and software?

Camera use can be controlled in addition to control of ports and network restrictions as noted above. Software access can be limited to only “trusted” applications determined by the administrator if desired.

4) What features does the firewall on the smartphone offer?

The firewall provides protection and controls for IP traffic to / from device, email, IM, Web-browsing and SMS/MMS.

Enterprise Manageability

1) Is the GuardianEdge Smartphone product integrated with Active Directory?

Yes. Smartphone protection uses Active Directory credentials for log in and access the Self Service Portal and to corporate email data on Exchange message servers. The Management Console also provides direct integration with Active Directory groups and users.

2) How is the security software installed on smartphones?

Provisioning is accomplished by visiting a web site using the phone’s browser and downloading the software. This can be done by the administrator (who must have physical access to the device) or via self provisioning by the users. For self-provisioning, users receive a text message pointing them to an internet location for the customer’s Self Service Portal. On the portal, they verify their credentials using Active Directory, and then download and install the client on their phone. After the device is provisioned, it automatically check in with the Device Management portal and downloads the latest policy.

3) Can software updates be deployed over the air?

Yes. GuardianEdge Smartphone Protection provides the capability in the Management Console to create installation packages from existing application software packages for smartphones. Phones with the platform (OS) specified at the time the package is created then receive the package on their next check-in.

4) How do I create, manage and deploy policy updates and changes to smartphones?

A complete policy management environment is provided in the Management Console, including support for groups, users and administrators. Policies are automatically deployed to devices on their next check in.

5) Can I require encryption of data on the phone?

Yes. Data can be encrypted by Outlook database (yes/no), file type, or folder on the phone and on SD cards either by file type or for all data written to the cards. SD cards and data may also be encrypted for group use.

6) Can the data on the devices be wiped remotely?

Yes. Remote wipe is available from the console or by policy control on log in to the device (for instance, after a set number of unsuccessful log in attempts occur).

7) What are the user authentication options?

Password and PIN authentication is supported.

8) How effectively does the product scale?

GuardianEdge Smartphone Protection scales to 5000 users in a single instance.

Exchange eMail Access Security

1) Can I require that smartphones meet security policy requirements before they connect to my corporate mail server?

Yes. Using the Compliance Service, access to the Exchange server can be restricted to phones that comply with current policy.

2) How can devices that are not compliant with my access control policy for Exchange be brought into compliance?

If devices are not in compliance with current policy when attempting to access the Exchange server (either does not have the current policy or the GuardianEdge software), users either visit the self service portal to provision their device or call the help desk.

Data Portability

1) Is it possible to share SD cards with encrypted data safely within groups?

Yes. Encryption for SD cards may be set so that cards may be shared within a group of users as defined in the Management Console.

2) Will it be possible for my users to continue to use their MP3, video and other multimedia files? Can I prohibit their usage by policy?

Yes, if desired. Policy control is provided to prohibit or allow use by application and to allow access to applications by password control.

End User Experience

1) Will users be aware of encryption and security policies on the device?

Encryption is completely in the background, and will not be noticed. Users will be aware of security policies only as they use items controlled by that policy. For instance, if passwords are required to access an application, they will be aware of the password requirement when they attempt to run that application. Or, if WiFi use is disabled, they will be aware that it is disabled when they attempt to use WiFi.

2) How can user access to devices be restored is they forget their password?

The Self-Service portal can provide an unlock code once the user authenticates properly with Active Directory if it this features is enabled, or users can contact the help desk for assistance.

3) Is a password or PIN required before a phone call can be received?

No … Incoming calls can be answered without a user log in to the device.

4) Are there user self-service capabilities for password retrieval and other functions available?

The Self-Service portal can be configured for self service activities if desired. These activities include providing an unlock code for a locked device once the user authenticates properly with Active Directory, and self-provisioning of devices.

5) What help desk services are available?

Common Help desk tasks available from the Management Console include:

  • Unlocking devices remotely
  • Sending messages to new users with the self-service portal URL to begin provisioning
  • Adding, deleting and viewing users
  • Adding, deleting and viewing devices
  • Uninstalling the GuardianEdge software
  • Remotely wiping devices
  • Viewing reports
  • And more …

Reporting

1) How will I know what the current compliance state of smartphones that I’ve allowed to access my network is?

The compliance status at the last check in of each device being managed, and when that check in occurred, is available from the help desk.

2) Is it possible to know the last check in date, type of device and other device configuration information?

Available reporting includes:

  • Device: user, phone number, model / manufacturer
  • Last check in
  • Compliance status at last check in
  • Compliance check expiration
  • Initial registration / provisioning time and date