web analytics
  Featured Eseminar Auditor Download GuardianEdge Federal GuardianEdge

“Three years before news stories of lost data were commonplace, we committed to whole disk encryption on all our laptops and field office computers. The decision is paying for itself many times over with saved notification costs, brand reputation, and by living up to our customer promise of protecting their identity and confidential information.”

—Pat Lefemine, Chief Information Security Officer, Lincoln Financial Group.

GuardianEdge Smartphone Protection

Smartphone Data Loss and Data Leakage Prevention for Enterprises

Smartphones and PDAs are making your data more mobile than ever. No longer just for executives, now it seems everyone in your organization is taking Palm®, Windows® Mobile and similar devices on the road—from salespeople and field engineers corresponding with customers to accountants conducting audits.

In addition to their small size, which makes these devices more subject to loss, smartphones and PDAs are increasingly targets of sophisticated criminal attacks—and chances are they contain valuable competitive data or private and legally protected information. This puts trade secrets, source code, formulas or other key IP at risk. Loss or leakage of stored data can cause organizations to incur substantial legal fees, customer service costs, and damage to their image and brand equity.

To avoid these negative impacts, and still maintain productivity, enterprises require scalable, manageable solutions that include both data loss and data leakage protection for smartphones.




By deploying GuardianEdge Smartphone Protection, organizations can:

  • Manage Smartphone Protection with strong central policy control linked to Microsoft® Active Directory™ for Windows Mobile, Palm OS, and Pocket PC based devices
  • Encrypt key corporate data by file type on smartphones to protect that data from physical loss or theft, while allowing employees to continue to use their personal applications
  • Keep data from leaking off of smartphones by controlling via policy
    • The ports that data can be moved through
    • The devices that data can be moved to
    • The software that is allowed to run on the Smartphone
    • The protection status of the device before it is allowed to connect to the corporate email server
  • Protect from device security threats with firewall, WiFi NAC and other connection controls
  • Manage devices and assist users with a full, easy to use, over-the-air (OTA) support environment including:
    • Help desk
    • Software deployment
    • Password and device recovery
    • Policy deployment and updates

GuardianEdge Smartphone Protection safeguards key intellectual property and private, sensitive or legally protected data on smartphones.

  • Enterprise-class Management
    • Delivers Microsoft® Active Directory™ integrated administration and standardization of cross-platform device access policies, software usage and resource capabilities
    • OTA (Over-the-air) remote management components for software update, provisioning, help desk and device lock/unlock/wipe
    • Detailed auditing and reporting for compliance and usage
  • Data Loss Prevention
    • Provides strong, file level encryption to secure sensitive data and provide legal safe harbor from disclosure requirements in the event of loss of the device or externally connected media
    • Data protection policies make it easy for the enterprise to protect critical information, while concurrently allowing for personal use of the devices
  • Data Leakage Prevention
    • Employs port and device policy based controls for connecting to devices, networks and resources on the smartphone
    • Software image locking ensures that only appropriate, trusted and approved applications execute on the device
    • Network firewall protects against mal-ware and other threats
    • Microsoft® Exchange ActiveSync™ access control ensures that Smartphones meet policy requirements before connecting to email

 
Encryption
  • FIPS 140-2 validated encryption (AES 128/196/256 and Triple DES)
  • Administrator configured, policy controlled encryption by data types: Outlook (email, contacts, tasks, calendar), Word, Excel, PDF, Docs to go
  • Data on the phone
  • Data on SD cards
  • Shared key encryption option for groups available
  • Digitally encrypt and sign email messages
Authentication
  • Controlled by policy
  • Password based
Device, port and access control
  • Port control: USB, serial, SD card
  • Access control: Bluetooth, WiFi enable / disable, WiFi NAC control, Infrared, Camera
  • Resource access control: IR, camera, voice recording
Device security
  • Trusted application architecture prohibits unauthorized applications from accessing data
  • Blacklist prohibits execution of specific applications
  • Firewall control: IP traffic, email, IM, Web-browsing, SMS/MMS
  • Lock application profile on device
  • Data wipe by device inactivity time and password failure threshold (also OTA from console)
  • Application specific passwords
User self-service portal
  • Self-service password recovery
Exchange ActiveSync (EAS) access server
  • Allow synchronization only with registered, approved and compliant devices
  • Required by policy before connection allowed to Exchange ActiveSync
  • Authentication
  • Registration
  • Pass policy compliance
Device management gateway
  • Over the air (OTA) policy update deployment
  • OTA reporting
  • OTA software updates and deployments
  • OTA remediation for devices not meeting compliance policy requirements
  • OTA self-provisioning for new devices
Enterprise management console
  • Help desk assisted password recovery
  • Policy management
  • Remote wipe, unlock, device decommission
  • Reporting for device compliance and activity
  • Systems management and administration
  • 80+ policy customizations
  • Best practice profiles
  • Assign on-device security policies to specific Active Directory groups
  • Support for security compliance and IT audits
Supported smartphone OS versions
  • Windows Mobile® 5
  • Windows Mobile 5 Smartphone
  • Windows Mobile 6
  • Palm OS® 5.x
  • PocketPC 2003
Server requirements for: Enterprise Console, Compliance Server, Self Service Portal and Device Management Gateway
  • All four components may be installed on one server
  • Microsoft Windows 2003 server standard, SP1, .NET Framework 2.0, IIS
  • Dual CPU, 2.8GHz or greater, 2GB RAM, 10GB free disk space, Ethernet adapter
Database
  • Microsoft SQL server 2000, SP4
EAS access manager server requirements
  • Microsoft ISA server 2004 Enterprise / 2006 Enterprise
  • Microsoft Windows Server 2003 Standard, SP!, .NET Framework version 2.0
  • Dual CPU, 2.8GHz or greater, 2GB RAM, 250MB free disk space
  • Two Network adaptors: Corporate LAN and Carrier Data Network (via Internet)
 
Carriers