Mobile device security/Credant
From Provider Wiki
Contents
|
This page has been frozen as of the presentation to SUG and IT Roundtable on February 12, 2007
Evaluation Questions
This evaluation covered Credant's Group Edition product. Their Enterprise version required a more extensive infrastructure in place than we felt necessary for the overall Penn community. The Group Edition is more appropriate for decentralized support model.
What devices does it work on?
BlackBerry
No support
Palm OS:
- Handspring Treo 600
- Palm LifeDrive
- Palm Treo 650
- Palm Tungsten C
- Palm Tungsten E
- Palm Tungsten E2
- Palm Tungsten T
- Palm Tungsten T/X
- Palm Tungsten T2
- Palm Tungsten T3
- Palm Tungsten T5
- Palm Z22
- Palm Zire 71
- Palm Zire 72
Windows Mobile 2003, Pocket PC
- Audiovox 6600
- Audiovox SX66
- Dell Axim X3
- Dell Axim X50
- HP iPAQ 1940
- HP iPAQ 22xx
- HP iPAQ 415x
- HP iPAQ 435x
- HP iPAQ 5xxx (2003)
- HP iPAQ 6310
- HP iPAQ 6315
- HP iPAQ 6340
- HP iPAQ 6365
- HP iPAQ hw6510
- HP iPAQ hw6515
- HP iPAQ hx2100
- HP iPAQ hx2110
- HP iPAQ hx2400
- HP iPAQ hx2410
- HP iPAQ hx2415
- HP iPAQ hx2700
- HP iPAQ hx2750
- HP iPAQ hx4710
- HP iPAQ rz1710
- Intermec 700 Color Series
- Intermec 700 Color Series
- Intermec 700 Color Series
- Samsung SCH-i830
- Samsung SPH-i730
- Siemens SX66
- Toshiba e755
- Toshiba e800
- i-mate PDA2k
Windows Mobile 5, Pocket PC
- Cingular 8125
- Dell Axim X51v
- HP iPAQ hw6910
- HP iPAQ hw6915
- HP iPAQ hx2790
- Sprint PPC6700 / Verizon XV6700
- T-Mobile MDA Vario
- Treo 700w
- i-mate JAM
- i-mate JASJAR / T-Mobile MDA Pro / Vodafone v1640
- i-mate K-JAM / Qtek 9100
Windows Mobile 2003, 5 for Smartphones
- Audiovox SMT 5600
- Cingular 2125
- Motorola MPx220
- Motorola Q
- i-mate SP3i
- i-mate Smartphone2
Policies
Policy Comparison by Platform
These are all of the policies available in the Policy editor. The table below shows whether or not individual policies can be set on specific platforms:
| This Policy ... | Is available on these platforms ... | ||||
|---|---|---|---|---|---|
| All | PPC | PPC (WM5) | Smartphone | Palm 5 | |
| Shield access control policies | |||||
| Enable "Forgot" Button | * | * | * | * | * |
| Idle Time before Lock Action | * | * | * | * | * |
| Power Off Time before User Logoff | n/a | * | * | * | * |
| Idle Timeout Action | n/a | * | * | * | n/a |
| Lock Device on Power Off | n/a | * | n/a | * | * |
| PIN Attempts Allowed | * | * | * | * | * |
| PIN Expiration Time | * | * | * | * | * |
| PIN History Count | * | * | * | * | * |
| PIN History Time | * | * | * | * | * |
| PIN Reset | * | * | * | * | * |
| Unique Numbers Required in PIN | * | * | * | * | * |
| Alpha Characters Required in Password | * | * | * | * | * |
| Mixed Case Required in Password | * | * | * | * | * |
| Number of Characters Required in Password | * | * | * | * | * |
| Numeric Characters Required in Password | * | * | * | * | * |
| Password Attempts Allowed | * | * | * | * | * |
| Password Expiration Time | * | * | * | * | * |
| Password History Count | * | * | * | * | * |
| Password History Time | * | * | * | * | * |
| Password Reset | * | * | * | * | * |
| Special Characters Required in Password | * | * | * | * | * |
| Alpha Characters Required in Answer | * | * | * | * | * |
| Authentication Questions | * | * | * | * | * |
| Mixed Case Required in Answer | * | * | * | * | * |
| Number of Characters Required in Answer | * | * | * | * | * |
| Numeric Characters Required in Answer | * | * | * | * | * |
| Question/Answer Attempts Allowed | * | * | * | * | * |
| Question/Answer Expiration Time | * | * | * | * | * |
| Question/Answer History Count | * | * | * | * | * |
| Question/Answer History Time | * | * | * | * | * |
| Question/Answer Reset | * | * | * | * | * |
| Special Characters Required in Answer | * | * | * | * | * |
| Master Password Attempts Allowed | * | * | * | * | * |
| Master Password Failure Action | n/a | * | * | * | * |
| Master Password Protected Uninstall Message | * | * | * | * | * |
| Master Password Required Message | * | * | * | * | * |
| Master Password Failed Message | * | * | * | * | * |
| Master Password Cooldown Time Delay | * | * | * | * | * |
| Master Password Cooldown Time Increment | * | * | * | * | * |
| Shield access control policies | |||||
| Allow the use of Permanent PIM | n/a | * | n/a | n/a | n/a |
| Mail Encryption | n/a | equivalent | |||
| PIM Encryption | n/a | equivalent | |||
| Calendar Database Encryption | n/a | * | equivalent | * | equivalent |
| Contacts Database Encryption | n/a | * | equivalent | * | equivalent |
| Mail Attachment Encryption | n/a | * | * | * | equivalent |
| Mail Database Encryption | n/a | * | equivalent | * | equivalent |
| Tasks Database Encryption | n/a | * | equivalent | * | equivalent |
| Encrypt My Documents | n/a | * | * | n/a | |
| Encrypt Notes | * | * | * | * | * |
| Encrypt Media Files | * | * | * | * | equivalent |
| Encrypted Databases | n/a | * | * | * | equivalent |
| Databases to Decrypt on Open | n/a | n/a | n/a | * | |
| Databases to Exclude from Encryption | n/a | n/a | n/a | * | |
| Encryption Algorithm | * | * | * | * | * |
| Encryption Enabled | n/a | n/a | n/a | n/a | * |
| Administrator-created Encrypted Folder Enabled | n/a | * | * | n/a | |
| Encrypted Folder Name | n/a | * | * | n/a | |
| Encrypted Folder Path | n/a | * | * | n/a | |
| Encrypted Folder Size | n/a | * | * | n/a | |
| Shield permissions policies | |||||
| Hard Reset Recovery Enabled | n/a | * | n/a | ||
| Managed Applications | n/a | * | * | * | |
| Post Install Actions | n/a | * | * | * | |
| Startup Actions | n/a | * | * | * | |
| Trusted Applications | n/a | * | * | * | |
| Bluetooth Enabled | * | * | * | * | * |
| External Storage Card Enabled | * | * | * | * | * |
| Infrared Enabled | * | * | * | * | * |
| Network Device Enabled | * | * | * | * | * |
| Restricted Applications | n/a | * | * | * | * |
Policy Installation
Once a policy is set, a "Shield Image" is created for installation on the individual handhelds. Installation is handled one of several ways, depending on the handheld operating system:
- Using synchronization software such as ActiveSync or Hotsync
- Using device imaging software such as Sprite Clone
- Using device management software from vendors such as Intellisync
The Shield may also be installed by the individual user, as long as they have access to the Shield generated by the Policy Editor.
What level/type of encryption does this support
Depending on the OS (as listed in the policy editor tables above), all industry standard encryption methods are supported (AES 256, AES 128, 3DES, Blowfish, and so on).
Is there device-wipe capability?
In the Group edition, there is no wipe capability. In order to have this available, the Enterprise version of Credant's software would have to be deployed.
Cost
Pricing for Credant Mobile Guardian (CMG) Group Edition is as follows:
Each environment requires:
| 1 CMG Policy Editor | $ 995.00 | |
| Annual Maintenance | $ 199.00 | |
| Total | $1194.00 |
Each device requires (min 25):
| 1 CMG Shield | $ 49.00 | |
| Annual Maintenance | $ 9.80 | |
| Total | $ 58.80 |
The minimum environment for 25 devices is:
| Software | $2220.00 | |
| Annual Maintenance | $ 444.00 | |
| Total | $2664.00 |
50 devices is:
| Software | $3445.00 | |
| Annual Maintenance | $ 689.00 | |
| Total | $4134.00 |
100 devices is:
| Software | $5895.00 | |
| Annual Maintenance | $1179.00 | |
| Total | $7074.00 |
They recommend at least 1 day of training/implement support at $2000.00
Comments?
For example:
- include mention of any server-based components that we're not reviewing right now.
- How easy is it to install, use?
- Installation of the Policy Editor on the desktop was very easy.
- Configuration of policies was as easy as choosing the desired option for each item from a dropdown menu.
Screenshot
Below is a screenshot of the Credant Policy Editor window:
