Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Tip from IBM Connect 2014: Mobile security roundup


Published on

In this tip, session speakers Bill Wimer and Paul miller detail the out-of-the-box security features for IBM Notes Traveler around connecting devices, restricting access, remote data wipes, device security policies (iOS, Android, Windows Phone, BlackBerry 10, etc.), and attachment security for iOS and Android.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Tip from IBM Connect 2014: Mobile security roundup

  1. 1. © 2014 IBM Corporation ID611: Mobile Security Roundup Bill Wimer, IBM Senior Technical Staff Paul Miller, IBM Notes Traveler & IMC Development Manager
  2. 2. 22 IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. Please Note
  3. 3. 66 Out of the box security features
  4. 4. 7 Notes Traveler – Connecting Devices  Data in motion is encrypted − All device clients support SSL connections − Notes Traveler server can enforce that and SSL connection is required  Administrator can block devices of a specific type or class ( )  Administrator can require that devices must be pre-approved before they can sync data
  5. 5. 8 Notes Traveler – Restricting Access  Only users that are authorized to use this server can connect devices to the server
  6. 6. 9 Notes Traveler – Restricting Access  Require devices to connect from a specific IP address or range of addresses
  7. 7. 10 Notes Traveler – Restricting Access  Administrator can explicitly deny access to specific devices
  8. 8. 11 Notes Traveler – Remote data wipe  Performed by administrator (admin console) or device owner (self service user page)  Option to erase just Notes Traveler data or reset the device to factory settings  Once wiped, administrator (or user) must clear wipe command
  9. 9. 12 Notes Traveler - Device security policies  Notes Traveler Administrator can define basic device security policies using the Notes Traveler administration console (https://traveler_host/LotusTraveler.nsf) − If policies change, they are pushed to the devices − Device enforces policies, locks out the application if device is not compliant  Security capabilities vary slightly by device type
  10. 10. 13 Notes Traveler – Apple iOS security policies  Most settings enforced using Apple EAS account  Settings apply to entire device, not just PIM account
  11. 11. 14 Notes Traveler – Windows Phone/RT/Pro security policies  Most settings enforced using EAS account  Settings apply to entire device, not just PIM account
  12. 12. 15 Notes Traveler – BB10 security policies  Most settings enforced using EAS account  Settings only apply if device is not managed via BES 10  Use BES 10 policies to separate work and personal data
  13. 13. 16 Notes Traveler – Android security policies  Notes Traveler client installs Android Device Administrator account  Supports both device wide policies and Notes Traveler application only policies
  14. 14. 17 Notes Traveler – Attachment security policies  Problem − Attachment file data can be “opened in” untrusted or unapproved 3rd party applications − Business no longer able to control access to the file data − Could be uploaded to Dropbox or other cloud based service − Shared with editors that allow “save as” to the SD Card  Solution − Notes Traveler Attachment Security Policies − IBM Notes Traveler Clients and Administration updated for − Policy is administered via Notes Traveler web based administration − Clients Supported  Apple iOS using Traveler Companion  Notes Traveler for Android ( version)
  15. 15. 18 Notes Traveler – Attachment security policies  Administrator defines attachment handling policies − View only option for files where the platform supports embedded viewing (iOS) − Define which applications are allowed to consume attachments (Approved Applications)  Notes Traveler clients modified to recognize attachment policies and limit attachment sharing  Advantages − Can be used out of the box with a small amount of definition needed by the administrator − No additional software or hardware requirements (no separate MDM solution needed) − No application wrapping, app vendor integration or testing of wrapped applications required − Able to leverage built-in viewer technology on iOS
  16. 16. 19  Traveler administrator enables a policy to only allow built-in viewers or approved applications to access attachments Notes Traveler – Attachment security policies Android Apple iOS
  17. 17. 20  Notes Traveler clients enforce that attachments can only be shared with applications in this list  Changes to Approved Application list are pushed to clients  Notes Traveler administrator defines list of Approved Applications for attachment handling  If no applications are defined, only built-in viewers are allowed (where supported) Notes Traveler – Attachment security policies
  18. 18. 21  User clicks on attachment in email. If Approved Applications are installed, user selects which application to use to view the file.  Only viewers defined by the administrator as an Approved Application are considered for file handling.  Allows for disconnected viewing/handling of attachments  3rd party viewer unless open document format (Lotus Symphony) Notes Traveler – Attachment security for Android
  19. 19. 22  No file attachments are present in the Apple iOS mailbox  Built-in viewing scenario  File data never leaves Companion Traveler Companion AppApple iOS Email App Supported document types  Microsoft Office documents  Rich Text Format (RTF) documents  PDF files  Images Attachment security for iOS  iWork documents  Text files  Comma-separated value (csv) files
  20. 20. 23  Traveler Companion using Approved Applications − Open In menu will display all possible apps, as there is no way to suppress individual apps from the list − If user selects an app that is not approved, Open In operation fails with message − Apps defined using Approved Applications use Open In normally Long Press Attachment security for iOS
  21. 21. 6161 © Copyright IBM Corporation 2014. All rights reserved.  U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.  IBM, the IBM logo,, Domino and Notes are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at MobileIron is a trademark of MobileIron, LLC. Airwatch is a trademark of Skysocket, LLC. Fiberlink is a trademark of Fiberlink Communications Corporation. Other company, product, or service names may be trademarks or service marks of others. Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Acknowledgements and Disclaimers