Secure Mobile

Using Secure Mobile

Digital Defence provides software that secures and encrypts the information held on mobile devices and removable media. It is fast, highly intuitive and works without compromise or complication. It is also invisible to the end user (including any other applications on the system), does not impede on the performance of the device and is FIPS 140-2 accredited.

Data Protection

Security of data, coupled with the prevention of unauthorised access, is the fundamental issue affecting all mobile device users and the organisations they work for. Many regions of the world now maintain legislation to ensure a corporation is penalised sufficiently for any breach of data access. Reasonable means must be taken to ensure corporate data is safe from a potential security breach. Simply encryping data on mobile devices is no longer acceptable.

Secure Mobile ensures Code of Connection compliance with the stored data encryption directive.  Secure Mobile meets all legislative Data Protection requirements, and allows organisations to deploy a wholly secure mobile working infrastructure.

Healthcare Data Directives

As the following article explains,

“The umbrella vendor statement ‘we encrypt all of our data’ isn’t enough to satisfy HIPAA regulations, nor is it sufficient for a healthcare organization to trust in those words as it’s building a strong security program.”

http://healthitsecurity.com/2014/09/03/health-data-encryption-questions-to-ask-your-vendors/?utm_medium=referral&utm_source=t.co

The full directive for the encryption of stored data can be found at,

http://csrc.nist.gov/publications/nistpubs/800-111/SP800-111.pdf

Secure Mobile has been architected and FIPS 140-2 certified to ensure healthcare organisations can rest with ease aware that their mobile data is secure to NIST standards.

Certifications

The latest release of Secure Mobile, from Digital Defence Ltd, addresses data protection and NIST directives by providing real-time encryption of persistent data, using 128 or 256-bit AES encryption algorithms, utilising FIPS197-compliant XTS cipher mode. (Persistent data refers to data which is not affected by factory resets, such as storage cards or the /application folder on Motorola devices).

Each file is fully encrypted in a seamless manner, wholly transparent to the user, and each using unique cryptographic keys. The master key, stored in the system registry, is derived from unique organisation data using a NIST certified SP 800-108 algorithm. Cryptographic information, unique to each file, is generated at file creation and is stored in a file header. The master key algonside the file unique data ensures unique file encryption taken from numerous sources. In order to generate unique file information and master key data, FIPS compliant cryptographic algorithms (FIPS 198, FIPS 180-3, and FIPS 186-2) are implemented by Secure Mobile.

Device Protection

Device authentication, which integrates with Microsoft’s LASSD system, protects against unauthorised access. Access can be restricted to specific applications, thus ensuring that unknown or unauthorised programs are unable to process data; this is achieved by White or Black listing the various applications from execution and encryption access.

All data ports are protected by the Access Control module within Secure Mobile, which ensures data transfer is only permitted to secure channels; it is also possible to White List all WWAN, WLAN and USB channels to restrict or enable access.

Secure Mobile takes supremacy over all other forms of user authentication once installed, thus ensuring ‘security for life’ - no matter what resets or other applications are encountered. This prevents any user, or any intruder, from accessing any element that you wish to keep secure, no matter what actions they may take. User authentication is by way of either password or biometric validation; or a combination of both approaches can be used. If required, LDAP can be used for corporate network preferences for each user, thus reducing the overhead for system administrators.

Encryption Access

Encryption is wholly transparent – both to user and to application. It is accomplished by the use of a file system filter driver, which means that all file access is intercepted – effectively acting as a second file system driver. Only persistent data (that which remains after a factory reset) is handled; therefore storage folders such as the \windows folder, which is wiped after a reset, are not encrypted.

Secure Mobile encryption is system wide, and independent of any applications that may be installed; if any storage card or local persistent folder is marked to be encrypted, this will apply to everything that is stored on or in it.

Conditional Data Access

Additional levels of security can be enabled, for even greater protection; if, for example, a user has not accessed the system for a given period, or if there have been a (system-definable) number of unauthorised or incorrect access attempts, or if access to a given device has not been made for a certain period. A device’s data can be set to be wiped upon these conditions.

A device wipe will remove key system files and registry entries, rendering the device unusable without a clean reboot; data on storage cards can be requested to be deleted or kept when a device wipe takes place.

Device Footprint

Current users of Secure Mobile include a major police force that uses 27 different applications which populate in excess of 300 different forms, directly integrated into government databases. This allows officers to do virtually all ‘paperwork’ by direct electronic means.    The same  force  has  made  savings  of  around ¾ million pounds, by reducing secured voice traffic and moving to a mobility-centric environment.

Secure Mobile is the only global Enterprise Mobility Validated security solution running WEH and all security policies can be either set centrally or locally on the device protected by an administrator password. System overheads are around only 2% - ensuring there is no perceivable impact, on application or response speed, when data is being encrypted or decrypted in real time. Single sign-on means that, upon authentication, all files are ready to be decrypted; and a centralised management console ensures mass deployment of all corporate security policies on mobile computers.

Application Developer SDK

The encryption technology implemented in Secure Mobile can be accessed by third-party developers by linking into the Secure Mobile Encryption SDK. This is a programming tool to allow application developers to easily encrypt files and data using simple familiar Win32 APIs. This allows an application developer to create, read, and write customised encrypted files and encrypted data which can be used and accessed across multiple endpoints.

Use-case Justification

Any modern-day, distributed workforce requires a mobile security solution that seamlessly integrates with IT initiatives to maintain compliance. Working with police forces, we have developed a solution that protects all of the selected data on end point devices and ensure that you are able to remotely deploy security policies that limit access to encrypted folders from Applications, Connections and Ports. Flexible user authentication is achieved either by using password, biometric fingerprint authentication or a combination of both.

Due to its unique architecture, our solution is completely invisible to the end user and also does not drain the battery or reduce device performance when data is encrypted at bit level in real time. Our solution is compliant with all requirements set out in the MoPI guidelines and is FIPS compliant.

A Premium technology that takes care of your mobile data security issues at every level.

“The Secure Mobile solution is effective but also simple and straightforward to use. In particular, the facilities provided to remotely deploy the software and to support users remotely simplified the logistics of supporting a large population of highly mobile users.” Russell Lawson, Mobile Data Technical Team Leader, Staffordshire Police.

Support is readily available as required – Digital Defence has a solid reputation in this area, and the company, specialists in the field of file and folder encryption, is fully committed to customer-driven development.