This article can also be found in the Premium Editorial Download "Information Security magazine: Exclusive: Security salary and careers guide."
Download it now to read this article plus other related content.
We were not able to initially connect to our Win-dows 2003 SP1 Active Directory infrastructure for the mandated LDAP synchronization, though a quick call to tech support showed us how. There is no reason why this functionality couldn't be thoroughly integrated into the main console. Additionally, the client agent installations need to be streamlined and integrated directly into the management console. Although CMG's solution--providing MSIs for the client software installation--is serviceable, other products in this market allow a direct agent push from management.
Given the stringent requirements of regulatory compliance and corporate governance, we were somewhat surprised not to see richer reporting capabilities. Logging and reporting is pretty basic, consisting largely of recording various successful/failed communications and administrative activity, such as agent contact and policy downloads. While this is adequate for debugging, we'd expect to see detailed records of user activity.
If you're concerned about sensitive data leaking beyond your organization, it's worth considering CMG, particularly if you have a large number of PDAs in your environment. We hope to see an improved management interface and more robust reporting in future releases, but it does an excellent job performing its main mission of providing strong, policy-based encryption for por-table devices.
This was first published in July 2006