Published: 01 Jun 2008
| MOBILE SECURITY
The latest version of Credant Mobile Guardian (CMG) offers a unified Web-based management portal that lets administrators discover, secure and monitor endpoints, regardless how they touch the enterprise network.
Be prepared to dedicate some time to install and deploy its components in large, distributed environments to ensure for efficient scalability. Even our basic installation consumed a significant amount of configuration time.
The Gatekeeper component listens for synchronization between mobile devices and workstations, performs automatic discovery of mobile devices, distributes up-dates, policies and encryption keys, and performs monitoring, reporting and application control. Agents enforce policies, regardless of connection status.
The Enterprise Server is managed through a browser-based interface that works equally well on Internet Explor- er and Firefox. Integrating with Active Directory provided a speedy designation for individual users and groups.
Installing client software on workstations was straightforward, but the agent deployment on our Windows Mobile device required several attempts.
Defining policy by user, groups and devices was much easier. The Web-based policy editor's tabbed environment is broken down by mobile device platforms, and Gatekeeper offers pages of comprehensive options, including login attempt thresholds, number of characters required in passwords, etc.
Our policies worked flawlessly on endpoints, regardless of their network connection status. For example, when we attempted to replace the SD card in our smartphone with an unauthorized card, we were no longer able to access network resources. Equally impressive was the granular control over connection types, including infrared, Bluetooth and Wi-Fi. Whitelist/blacklist functionality let us control applications policies.
By far the strongest feature of CMG is encryption--your choice of AES 128 or 256, Blowfish and Triple DES. We designated automatic encryption data in a variety of mobile device and workstation scenarios, all transparent to the end user.
In case of lost or stolen laptop, we could issue a command that would instantly destroy the data and/or encryption key on the device as soon as it is connected to the Internet and automatically polls the Gatekeeper for updates. You can also designate similar actions upon a predetermined number of failed logins. One feature in particular caught our eye--the In Case of Emergency button that could be installed on the login screen. This offered non-authenticated access to the device user's contact information in the event of an emergency or if a good Samaritan wanted to return a lost device.
Intelligent Encryption allows administrators to designate different layers of encryption based upon user data, application data, system files and external media.
CMG's logging and reporting offers robust insight into what's happening on devices throughout the network.
Through the Web interface, we could check on the status of the Enterprise Server, Gatekeepers, Policy Proxies, Shields, encryption and users, along with a full accounting of devices discovered by the Gatekeeper.
We particularly like the fully searchable log files, allowing us to quickly pin down a specific event.
CMG is a robust endpoint security solution that can meet the demands of large and small enterprises.
Testing methodology: We deployed Mobile Guardian on Microsoft Windows Server 2003 with Active Directory and managed a variety of devices, including workstations, mobile phones/PDAs with wireless network connectivity, and portable media such as flash drives and SD cards.