Do you have Mobile Security for your DEVICES and DATA covered?

Manage the Device | Protect the Device | Control the Data

Mobile Security Solutions

Multiple Platform & Device Type Integration & Support	Mobile Device Management (MDM)	Mobile Application Management (MAM)
Mobile Content Management (MCM)	Granular Access Control	Mobile Anti-Malware
Mobile Anti-Virus	Mobile Anti-spam	Sand-Boxing
Defence Against New and Emerging Threats	File Sync & Share	Secure Data Containers
Mobile Web Security	Prevent Rooting / Jail-breaking	Anti-Theft (Remote Find, Lock & Wipe lost / stolen devices)
Encryption	Device Asset Management for Risk Vulnerability & Patch Management	Removable Media & Port Control
Mobile VPN & Wi-Fi encryption	Lightweight Agents	Audit, Logging & Reporting

'Mobile' - the definition

Not to be confused with 'endpoints'.

An endpoint can mean any terminating device (including the ones listed below) that would also reside within a network (on-premise, public / hybrid cloud environment (anywhere), like desktop computers, servers, storage devices.

A 'mobile' device is something that is portable, normally a computing device such as a smartphone, laptop, notebook, tablet PC, PDA.

Generally these device will have access to the Internet or a network via wireless (802.x or 3G/4G) or a wired connection.

It is important to make the distinction and make considerations between 'endpoints' and 'mobile' devices in your security strategy and policy enforcement.

The features presented below are addressed by one or a number of solutions within our portfolio, designed specifically to address securing 'mobile' devices, users and data.

No doubt any business executive or organisation would want to employ these solutions, if not already mandated by your industries given compliance and regulation for data security.

Mobile Security Addresses Business Requirements

Address compliance & enforce corporate policy

Enable secure mobile collaboration in the cloud with confidence

Secure (encrypt) sensitive content in cloud collaboration platforms

Secure data backup, sync and cloud file sharing

Granular access control

Data Loss Prevention

Securely access applications

Mobile Anti-Malware & Threat protection

Mobile Device Management

Mobile Security

Ensure your mobility deployment is secure and corporate data is protected with end-to-end security that extends to users, devices, applications, content, data, email and networks.

Prevent data loss with features like security policies, user authentication, data encryption, data backup restrictions, compliance tracking and reporting.

Our Mobile Security Portfolio: Features & Benefits

Mobile Data Loss Prevention (DLP)

All of the security solution features below contribute to help prevent the loss of corporate data either through unauthorised / hacker / theft or authorised /employee actions.

Mobile Device Management (MDM)

Gain visibility over the devices connecting to your network, content and resources. Quickly enroll devices, configure and secure devices on the move, without the need to recall them into the office. Enable IT to secure and manage mobile devices across multiple operating systems, providing secure corporate email, automatic device configuration, certificate-based security, and selective wipe of enterprise data for both corporate and user-owned devices. Create a clear separation between personal and business data.

Multiple Platform & Device Type Integration & Support

Empower users to be free to use any device

Centralise support and management for smartphones, tablets and shared computers on a wide range of platforms – including;

> Android,
> iOS (Apple Mac devices),
> Blackberry,
> Symbian,
> and Windows Mobile.

Integration with Apple MDM server, and Microsoft Exchange ActiveSync (EAS) protocol, and Samsung SAFE.

Mobile Application Management (MAM)

Manage internal, public and purchased apps across devices enrolled in your organisation. Distribute, update, track apps. Build custom internal apps and apply controls and restrictions on applications accessing corporate data (ensure employees only have access to the apps they need, white-list and black-list with role-based access control). View apps inventory. View how many users have installed an app versus how many were assigned the app. Enable single-click app installation and removal from the management console.

Permit approved employees to access customer data from a corporate device, while blocking access from a personally owned device.

Manage applications without need for MDM tools: Application Management works with or without mobile device management (MDM), allowing you to focus on protecting applications and data, not just the device.

Mobile Content Management (MCM)

Many people and the workforce prefer to use mobile devices. These users expect access to essential and often times, confidential documents on their devices. To help IT secure corporate data without comprising the end-user experience, an enterprise must provide mobile content management (MCM) in a secure manner.

Data and traffic between the mobile device and corporate resources can be configured to flow through a security gateway, which controls access to files based on policy, encrypts files and documents delivered to mobile devices so that unauthorised apps or people cannot open them on the mobile devices, nor read them if they are copied to external cloud storage sites.

Monitor and block sensitive data stored in messages being downloaded onto mobile devices.

Bring Your Own Device (BYOD)

Centrally manage all devices, secure access to enterprise resources from employee or corporate-owned devices, to protect corporate data privacy. With custom Terms of Use (TOU) agreements based on user role, organisation group and device platform, users can be informed about data that will be captured and what they are allowed to do with the device.

Granular Access Control

Device and Data Access Set access rights and permissions to mobile device users, such as read, edit, print, change classification, print screen, and copy/paste. Organisations now have the ability to share and upload documents without the risk of losing data.

Network Access
Protect corporate data by restricting unknown devices from accessing corporate network.

Securely control and enable access to corporate VPN and Wi-Fi networks.

Context-Based Network Access Control

Go beyond simple and traditional password and two factor authentication access to networks and resources, as these can both be compromised or taken advantage of by a user to gain access to networks and data when they are not supposed to.

Context-based access control allows you to control a user or groups access to the network or data base on a number of factors (time, device type, running the latest anti-virus, location, user, data being accessed...). The access rules and client inspections that can be defined for an individual application are almost limitless to meet any corporate security policy.

Mobile Anti-Malware

Malware means content derived from internet, email or file content that has malicious intent (to hack, steal or corrupt data on your device or network).

Mobile security agent software scans every file, application, website content and email attachment.

Engineered to provide up-to-date protection against the latest viruses, trojans, worms, spyware, bots, social engineering techniques, phishing attacks...

Anti-Malware software providers typically incorporate these specific defense solutions into their products, but not in every case, so it is worth ensuring you have these features covered;

- Mobile Anti-virus
- Mobile Anti-spam

- Sand Boxing (where a new application or file is opened in a secure container for inspection before being allowed to be viewed or stored on the device or network).

Defend Against New and Emerging Threats

Our solutions are backed by the industries leading threat and security intelligence centers (SOCs) around the world.

Mobile device security agent software is updated in real-time to defend against new and emerging threats.

File Sync and Share

Organisations have been wary of allowing users to upload, save or create corporate sensitive information on mobile devices because of numerous public reports of devices being lost or public cloud file storage and sharing platforms being hacked and corporate sensitive data being exposed.

Also,project or company data is not always created or kept within the central corporate network. Files are often create on mobile devices, at home and shared with other people on similar devices and locations.

'File Sync and Share' ensures corporate data is backed up and only shared via corporate approved storage silos. For example, approved storage vendors (that provide a 'cloud service' but integrate with your private cloud) rather than public cloud provider such as DropBox, Google Drive or Box (to name only a few) where as an organisation you have no control over security of that information (saved in open text / not encrypted, can be saved and sent to any number of people).

Sync and Share platforms can be used to create secure collaborative workplaces where people can access, edit and share content with other users.

Integrated data encryption (on mobile devices, in-transit and at rest), backup, access, restore, and sharing, provides a unified platform to easily create policies, monitor activity, manage legal holds, and provide data access for eDiscovery - all without impacting employee productivity.

Secure Data Containers

Keeping corporate data and personal information separate.

Isolates business data by controlling lateral data movement between business and personal apps.

You can force encryption for the containerised data and also prevent corporate data from leaving its container. In addition, if a device is stolen or lost, remotely operated features make it easy for you to delete all information inside each container, without deleting any of the user’s own data.

In the event that portable devices are lost or stolen, solutions provide a remote ‘kill’ function that removes access or ultimately removes the documents.

Mobile Email Management

Control device access to corporate email. Integrate with existing email infrastructure. Open attachments in secure content vault mode and encrypt sensitive data to prevent data loss.

Mobile Web Security

Extends your web security policies to mobile devices when they are used outside your corporate network on 3G/4G and other wireless networks.

In addition to blocking malicious websites / URLs, administrators can control access to sites that don’t conform to corporate security or usage policies – for example social media, gambling, recruitment, retailing and adult websites, plus proxy servers.

Data Loss Prevention technologies are also often now employed that this level of data, traffic and file inspection and control. For example a corporate file containing credit card details can not be copied or sent through web based email or Facebook.

Prevent Rooting / Jail-breaking

If a user attempts to jail-break or root a device, this can render devices more susceptible to malware and data loss.

Detect jail broken devices that might create threats.

Mitigate consumer device security fears with data containerisation and encryption from source, in-transit and to its destination / at-rest.

Anti-Theft

Remote Find, Lock and Wipe lost / stolen devices

Find feature helps you to recover / retrieve / track the device, lock it down remote or perhaps kill / wipe of corporate data only (users personal data would be unaffected).

Encryption

> 256-bit SSL encryption

> Encrypt sent and stored data on device (for example, files or applications data like emails).

> Per-application SSL encryption tunnels, separating corporate and personal traffic and simplifying compliance by controlling application communication without requiring a device-level VPN or firewall modifications.

> Email encryption

Enable users to one click or auto send encrypted emails and for recipients to send a fully-encrypted reply back to the sender without purchasing a license.

> Full-disk encryption (laptop or devices with hard disks) / data-at-rest (files, folders, containers)

> Removable media encryption (USB devices, CDs...)

> Data-in-transit encryption: Encrypts, and secures traffic between the mobile device and back-end enterprise systems. Encryption persists with files as they travel anywhere within an enterprise, from collaboration and messaging applications (for example, SharePoint to email), to outside corporate boundaries, onto a thumb drive or copied to a laptop or tablet.

Device Asset Management

For risk vulnerability & patch Management

Security breaches can occur through many different avenues - servers, applications, data centers, endpoints, stolen/lost USB drives, etc. By cataloging all of these different asset types, you can gain visibility into all of the areas of potential IT risk exposure.

Centrally assess and set baseline OS / software settings for all devices on (servers, network devices...) or entering your network (laptops, smartphones...). Reduce the risk of vulnerability exploitation by automating the process of patching devices and software applications.

Removable Media & Port Control

Restrict and control the usage of USB devices in the network both at the user-level and at the computer-level.

Granular device control by securing data stored on PCs, laptops, CDs, DVDs and USB drives with removable media encryption.
In some cases, also limit the amount of data that can be transferred to minimise the harm done by the loss or theft of any single USB stick, be intentional or through accident.

Mobile VPN & WiFi encryption

Protect your corporate mobile devices when trying to access the network or internet from outside the corporate network.

A VPN will secure and encrypt access back to the network. These VPNs can be used to secure both wired or wireless connections from any place (wireless guest access from a partners office, coffee shop, airport or from within a network anywhere in the world).

Lightweight Agent Software

Lightweight and optimised security ensures no impact on device, application or network performance.

Secure and Manage Macs Just Like Your PCs

Users increasingly want to use Apple Macs and mobile devices in the workplace and while working out of the office. Yet most organisations have traditionally provisioned PCs and used Microsoft Server infrastructure to secure and manage their computing devices and users.

The resulting challenge is how to make users more productive with their personal devices without compromising corporate security and privileged access to corporate resources and data.

Securely deploy Apple Macs and mobile devices side-by-side with PCs, using an on-premises Microsoft Active Directory and/or cloud-based identity and policy management infrastructure.

Workers can now use their device of choice while meeting IT security and policy guidelines, resulting in more productive, satisfied users and better security for corporate assets and data.

Audit, Event Logging, Analytics, Compliance & Reporting

Corporations need to enable mobile devices without sacrificing the security needs of IT and preserving the separation of corporate and personal data.

Monitor all files being transferred onto / off your network (visibility across both cloud and on-premises).

Monitor and report device state information reporting, such as:

Patch management	Host anti-spyware	Host antivirus
Host firewall	Disk encryption	Disk backup
Data loss prevention	Customised host conditions (e.g.registry entries, running software)	Managed/unmanaged
Jail-broken / rooted	Device status	Malware infection
Device ownership (Corporate/BYOD)	IMEI	Serial number
Device security settings (device pass-code status, encryption)	White-listed apps	Blacklisted apps

If you want to implement one or more of the solution features presented above, contact us today to book a meeting.

+44(0)7714 209927

info@securenetconsulting.co.uk