This article can also be found in the Premium Editorial Download "Information Security magazine: Exclusive: Security salary and careers guide."
Download it now to read this article plus other related content.
MOBILE DEVICE SECURITY
Mobile Guardian Enterprise Edition 5.1
Price: Starts at $46.37 per client for 1-249 clients
|CREDANT Technologies' Mobile Guardian|
CREDANT Technologies' Mobile Guardian gives peace of mind to security managers who lose sleep over sensitive information on laptops and PDAs.
Given the mobile nature of today's workforce, protecting confidential data on portable devices has become a red-hot area of concern for security managers. CREDANT Technologies' Mobile Guardian (CMG) meets this challenge with strong, policy-driven encryption.
CMG supports strong encryption--TripleDES, Blowfish, and 128- and 256-bit AES--on Windows hosts and popular PDAs like Palm, Symbian and BlackBerry.
Flexible encryption policies are a CMG strong suit, allowing managers to define robust business rules governing what gets encrypted on the Java-based management server and published to an agent on the managed nodes. The administrator can specify that specific folders be encrypted, including "My Documents," the Inter-net Explorer cache directory and removable media. A nice feature is its capability to mandate encryption for all content created by specified applications.
The Java-based management server connects to any enterprise level LDAP environment and maps user accounts to the appropriate encryption policy, in addition to allowing the delegation of CMG management rights to appropriate personnel. CMG has a built-in key recovery facility, and stores configuration and policy information in a MySQL or MS SQL Server database.
If a device is lost or stolen, there are administrator-configurable autodestruct capabilities built into the client that could, for example, automatically delete all of the data on a device if the user fails authentication within a given period. On the other hand, authorized admins can access encrypted data in the event of a failed password check through self-service authentication questions and/or one-time decryption keys.
Although functional, both the installation and management programs need work. The administration and configuration functions are spread among several different GUI applets, and we had to find and execute them. It would be far more user-friendly to have all such functionality available within a single console.
This was first published in July 2006