Problem: Mobile Device Data Security
Several opportunities exist to improve endpoint security in the face of the consumerization and Bring Your Own Device trends in IT:
- Authorization today is user-only, rather than User + Device.
- A heterogeneous client device environment is hard to manage.
- Unmanaged devices are hard to secure.
- High-value targets are compromised using Advanced Persistent Threats (APT) and boot-level attacks. These can be difficult risks to mitigate.
StrongNet Value Proposition
Authorization should be based on the current state of the device as well as on the identity of the user. Technologies such as TPM allow device security measurements to be taken and evaluated with high assurance. Most lines of business applications already support authentication schemes that can be adapted to this model.
- StrongNet provides a security health claim set that the relying network resource can evaluate.
- Network resource access is gated on hardware-based endpoint security health measurements. This serves to:
◦ Block root kits
◦ Provide interoperable, standard-based authorization
Security isn’t about the endpoint. It’s about the data. In this picture, the sensitive data resides on a web service. The protection of the data is only as good as the measurements that we can take at the web service about the identity of the user and about the integrity of the device he or she is using.
Mobile device management is only meaningful if device configuration policy is enforced at each protected resource during each access check.
StrongNet Data Access Solutions
JW Secure StrongNet complements the following productivity applications to provide seamless, high-assurance data security:
- Microsoft SharePoint
- Windows Server File Services
In addition, StrongNet components integrate with the following identity and authorization data sources to lock down any line of business scenario:
- Microsoft Active Directory Federation Services
- Microsoft System Center Configuration Manager
- Infoblox vIBOS Orchestration Server
- Juniper Pulse Unified Access Control Service
- Windows Server Enterprise Certificate Authority
JW Secure, Inc., founded in 2006, provides custom development services to software companies with security-related products. Our customers include Alstom Grid, DARPA, Lockheed Martin, and Microsoft. To request a demonstration or quote, please reach us at email@example.com.