Have a
representative
contact me

Data protection is of the utmost importance, but companies often don't give it the attention it deserves. High profile data breaches like the recent Nationwide example have brought data protection to the boardroom.

Alex Kwiatkowski, lead analyst at Datamonitor.

Smartphone Protection Frequently Asked Questions

This page contains answers to the most commonly asked questions about Smartphone Protection

Apple iPhone

Will I be able to manage iPhones with my other smartphones?
Yes. A single console is used to manage iPhones as well as Windows Mobile smartphones and Palm OS devices
What functionality is available with iPhones?

Encryption

Port, Device and Network Control

Enterprise Manageability

Exchange eMail Access Security

Data Portability

End User Experience

Reporting

Apple iPhone

1) Will I be able to manage iPhones with my other smartphones?

Yes. A single console is used to manage iPhones as well as Windows Mobile smartphones and Palm OS devices

2) What functionality is available with iPhones?

GuardianEdge Smartphone Protection supports the following functionality for iPhones:

Active Directory user and group support
Exchange ActiveSync access control
Password strength control
Remote wipe from the management console or user portal
Wipe on exceeded password attempts
Reporting – common asset and inventory management reports with other devices

Encryption

1) What data on phones and removable storage is encrypted?

Data on the phone is encrypted by administrator controlled policy. Options include; Outlook database encryption (email, contacts, folders, tasks, etc.), encryption by file extension (.exe, .doc, etc.) and encryption by folder and/or file extension. Data on SD cards can also be encrypted by administrator controlled policy. Options include; encrypt entire card or encrypt by file extension (.exe, .doc, etc.).

2) When does encryption of data happen?

Encryption happens transparently in the background whenever policy controlled files are written, copied or moved, and is not visible to users.

3) What standards and algorithms for encryption are supported?

AES 128/196/256 and Triple DES encryption are supported

4) Is the encryption FIPS-certified?

Encryption on the phone and on SD cards is FIPs 140-2 certified

5) How does the operation of the encryption client affect the performance of the smartphone?

Using the encryption client results in no visible performance impact on the use of the phone or applications.

6) What smartphone OS platforms are supported?

Mobile 5, 6, 6.1, Pocket PC and Palm 5.x are supported for encryption

Port, Device and Network Control

1) What does port, device and network control do on a smartphone?

Port Controls – Administrator configured policy controls what ports are available to be used on the phone.
Device Control – Allows administrators configure access to the camera on the phone by policy
WiFi / Network Control – Allows administrators to configure availability of WiFi on the smartphone by policy

2) What are the options for port and network restriction?

USB (controls synch via USB), Serial, and SD card (turns on/off SD card use) slot ports can be enabled or disabled. Bluetooth, WiFi and Infrared networking connections can also be enabled or disabled. In the case of Bluetooth and IR connections specific device types (like Bluetooth headsets for instance) can also be configured by policy.

3) Can I control use of “on phone” devices and software?

Camera use can be controlled in addition to control of ports and restrictions as noted above. Software access to encrypted data can be limited to only "trusted" determined by the administrator if desired.

4) What features does the firewall on the smartphone offer?

The firewall provides protection and controls for IP traffic to / from device, email, IM, Web-browsing, SMS/MMS and IP address and port ranges

Enterprise Manageability

1) Is the GuardianEdge Smartphone product integrated with Active Directory?

Yes. Smartphone protection uses Active Directory credentials for log in and access the Self Service Portal and to corporate email data on Exchange message servers. The Management Console also provides direct integration with Active Directory groups and users.

2) How is the security software installed on smartphones?

Provisioning is accomplished by visiting a web site using the phone’s browser and downloading the software. This can be done by the administrator (who must have physical access to the device) or via self provisioning by the users. For self-provisioning, users receive a text message pointing them to an internet location for the customer’s Self Service Portal. On the portal, they verify their credentials using Active Directory, and then download and install the client on their phone. After the device is provisioned, it automatically check in with the Device Management portal and downloads the latest policy.

3) Can software updates be deployed over the air?

Yes. GuardianEdge Smartphone Protection provides the capability in the Management Console to create installation packages from existing application software packages for smartphones. Phones with the platform (OS) specified at the time the package is created then receive the package on their next check-in.

4) How do I create, manage and deploy policy updates and changes to smartphones?

A complete policy management environment is provided in the Management Console, including support for groups, users and administrators. Policies are automatically deployed to devices on their next check in.

5) Can I require encryption of data on the phone?

Yes – With the exception of the Apple iPhone. Data can be encrypted by Outlook database (yes/no), file type, or folder on the phone and on SD cards either by file type or for all data written to the cards. SD cards and data may also be encrypted for group use.

6) Can the devices be wiped remotely?

Yes. Remote wipe is available; from the administrative console, from the user self-service console or after a predefined number of unsuccessful logon attempts

7) What are the user authentication options?

Password and PIN authentication is supported.

8) How effectively does the product scale?

GuardianEdge Smartphone Protection scales to 5000 users in a single instance.

Exchange eMail Access Security

1) Can I require that smartphones meet security policy requirements before they connect to my corporate mail server?

Yes. Using the Compliance Service, access to the Exchange server can be restricted to phones that comply with current policy.

2) How can devices that are not compliant with my access control policy for Exchange be brought into compliance?

If devices are not in compliance with the current policy when attempting to access the Exchange server (either does not have the current policy or the GuardianEdge software), users either visit the self service portal to provision their device or call the help desk.

Data Portability

1) Is it possible to share SD cards with encrypted data safely within groups?

Yes. Encryption for SD cards may be set so that cards may be shared within a group of users as defined in the Management Console.

2) Will it be possible for my users to continue to use their MP3, video and other multimedia files? Can I prohibit their usage by policy?

Yes, if desired. Policy control is provided to prohibit or allow use by application and to allow access to applications by password control.

3) Can encrypted SD cards be read from a computer?

Yes. To do so, users logs in to the self-service portal from the computer, upload encrypted files, decrypt the files on the portal and then download them back to the computer

4) If an employee leaves the company without revealing their password, can administrators recover access to the data on SD cards?

Yes. Administrators con recover access to the data using the administrative console.

End User Experience

1) Will users be aware of encryption on the device?

Encryption is completely in the background, and will not be noticed.

2) How can user access to devices be restored is they forget their password?

The Self-Service portal can provide an unlock code once the user authenticates properly with Active Directory, or users can contact the help desk for assistance.

3) Is a password or PIN required before a phone call can be received?

No … Incoming calls can be answered without a user log on to the device.

4) Are there user self-service capabilities for password retrieval and other functions available?

Yes. Activities available at the self-service portal include; providing an unlock code for a locked device once the user authenticates properly with Active Directory, self-provisioning of devices, unlocking content from an SD card encrypted by the phone and remotely wiping the device.

5) What help desk services are available?

Common Help desk tasks available from the Management Console include:

Unlocking devices remotely
Sending messages to new users with the self-service portal URL to begin provisioning
Adding, deleting and viewing users
Adding, deleting and viewing devices
Uninstalling the GuardianEdge Smartphone Protection software
Remotely wiping devices
Viewing reports
And more …

Reporting

1) How will I know what the current compliance state of smartphones that I’ve allowed to access my network is?

The compliance status at the last check in of each device being managed, and when that check in occurred, is available from the help desk.

2) Is it possible to know the last check in date, type of device and other device configuration information?

Available reporting includes:

Device: user, phone number, model / manufacturer
Last check in
Compliance status at last check in
Noncompliant devices
Compliance check expiration
Initial registration / provisioning time and date

Email Page

Print Page

top of page

learn more

nobis