2014 Articles

Using Secure Mobile

Digital Defence provides software that secures and encrypts the information held on mobile devices and removable media. It is fast, highly intuitive and works without compromise or complication. It is also invisible to the end user, does not impede on the performance of the device and is FIPS 197 accredited.

Security of data, coupled with the prevention of unauthorised access, is the fundamental issue affecting all mobile device users and the organisations they work for.

The latest release of Secure Mobile, from Digital Defence Ltd, addresses this by providing real-time encryption of persistent data, using 128 or 256-bit AES encryption algorithms, utilising FIPS197-certified XTS cipher mode. (Persistent data refers to data which is not affected by factory resets, such as storage cards or the /application folder on Motorola devices).

Each file is fully encrypted in a seamless manner, wholly transparent to the user, and each using unique encryption keys. The key is generated in part from data within the file, and in part from securely stored data in the registry folder. Device authentication, which integrates with Microsoft’s LASSD system, protects against unauthorised access.

Access can be restricted to specific applications, thus ensuring that unknown or unauthorised programs are unable to process data; this is achieved by White or Black listing the various applications from execution and encryption access.

All data ports are protected by the Access Control module within Secure Mobile, which ensures data transfer is only permitted to secure channels; it is also possible to White List all WWAN, WLAN and USB channels to restrict or enable access.

Encryption is wholly transparent – both to user and to application. It is accomplished by the use of a file system filter driver, which means that we intercept all file access – effectively acting as a second file system driver. Only data that remains after a factory reset (i.e. persistent or permanent data) is handled; storage folders on the \windows folder, which is wiped after a reset, are not encrypted.

Secure Mobile is system wide, and independent of any applications that may be installed; if any storage card or local persistent folder is marked to be encrypted, this will apply to everything that is stored on or in it. Secure Mobile takes supremacy over all other forms of user authentication once installed, thus ensuring ‘security for life’ - no matter what resets or other applications are encountered. This prevents any user, or any intruder, from accessing any element that you wish to keep secure, no matter what actions they may take. User authentication is by way of either password or biometric validation; or a combination of both approaches can be used. If required, LDAP can be used for corporate network preferences for each user, thus reducing the overhead for system administrators.

Additional levels of security can be enabled, for even greater protection; if, for example, a user has not accessed the system for a given period, or if there have been a (system-definable) number of unauthorised or incorrect access attempts, or if access to a given device has not been made for a certain period.

Device wipes will remove key system files and registry entries, rendering the device unusable without a clean reboot; data on storage cards can be set, at installation, to be deleted or kept when a device wipe is takes place. Fully Code of Connection compliant, Secure Mobile meets all Data Protection Act requirements, and allows organisations to deploy a wholly secure mobile working infrastructure. Current users include a major police force that uses 27 different applications which populate in excess of 300 different forms, directly integrated into government databases. This allows officers to do virtually all ‘paperwork’ by direct electronic means. The same force has made savings of around ¾ million pounds, by reducing secured voice traffic and moving to a mobility-centric environment.

Secure Mobile is the only global Enterprise Mobility Validated security solution running WEH and all security policies can be either set centrally or locally on the device by using an administrator’s password. System overheads are around only 2% - ensuring there is no perceivable impact, on application or response speed, when data is being encrypted or decrypted in real time. Single sign-on means that, upon authentication, all files are ready to be decrypted; and a centralised management console ensures mass deployment of all corporate security policies on mobile computers.

Any modern-day, distributed workforce requires a mobile security solution that seamlessly integrates with IT initiatives to maintain compliance.

Working with police forces, we have developed a solution that protects all of the selected data on end point devices and ensure that you are able to remotely deploy security policies that limit access to encrypted folders from Applications, Connections and Ports. Flexible user authentication is achieved either by using password, biometric fingerprint authentication or a combination of both.

Due to its unique architecture, our solution is completely invisible to the end user and also does not drain the battery or reduce device performance when data is encrypted at bit level in real time. Our solution
is compliant with all requirements set out in the MoPI guidelines and is FIPS compliant.

Premium technology that takes care of your mobile data security issues at every level.

“The Secure Mobile solution is effective but also simple and straightforward to use. In particular, the facilities provided to remotely deploy the software and to support users remotely simplified the logistics of supporting a large population of highly mobile users.” Russell Lawson, Mobile Data Technical Team Leader, Staffordshire Police Support is readily available as required – Digital Defence has a solid reputation in this area, and the company, specialists in the field of file and folder encryption, is fully committed to customer-driven development.