Risk Management with Fixmo Sentinel

mobile devices

These days we hear a lot of terms thrown about like the “Consumerization of IT” and “Bring your own device” (BYOD), and “Network health”.  This is because corporations are starting to warm up to the idea that maybe if they let you bring in your personal computing devices such as smartphones and tablets, they won’t have to pay to give you one.

The flip-side of letting employees bring their consumer devices into the corporate fold is that there are much fewer mechanisms on these devices to allow them to be administered by a corporate IT policy, which can cause more than a few security and compatibility headaches, not to mention auditing and compliance nightmares. The idea of complete and total control over the corporate IT landscape is dying, and here to replace it is a feeling of unease in corporate IT departments even as executives push for more BYOD models.

Why the unease in IT?  When email isn’t working on your new Android or iPhone, you or your employees will call the IT department. The department, which typically supported a population of devices that were all very similar and very manageable from one point, now moves to support hundreds of different devices across multiple platforms which require different services to be managed. They are not only expected to support the new phones and tablets — they are also expected to ensure the continued security integrity of corporate networks and data while doing so. In an environment with such a rapidly-growing malicious software base and uneducated users, the task quickly becomes daunting.

Enter Fixmo, the creators of the commercial versions of the AutoBerry and AutoBES software. These software packages were designed to automate the secure setup of corporate BlackBerry phones and to ensure their security. This is what Fixmo cut their teeth on before moving into Mobile Device Management software (MDM) and solutions for mobile security.

Mobile Device Management/Mobile Risk Management

Mobile device management and mobile risk management are oriented around reducing and managing risk associated with connecting highly mobile devices which “roam” networks to enterprise technology structures. While the act of connecting them to a network may be simple, ensuring that enterprise policy is translated to these devices appropriately is a challenge. Many consumer devices require software and servers which may not be in use, or which can’t be implemented. Furthermore, policies are difficult to set and more difficult to manage. It is for this reason that many corporations choose to issue devices which they have complete control over (BlackBerries).

Fixmo’s MDM solution, Sentinel, changes this with an approach that provides management and auditing to both phones and framework servers. This approach differs slightly between phones due to differences in the architectures of the phone operating systems it supports, but they all share a few features. The main component of the phone MDM is the agent. The agent monitors changes made to the phone and analyzes activities and installed applications. It relays this information to the Sentinel Server via automatic push or timed updates, and the server stores this information.
The agent can be made to monitor for any type of system event, and is responsible for enforcing policies on the phone and communicating with the server. The Sentinel server can be used to view things such as current phone status (on, off, out of service, last reported in date) and information about the phone such as recent policy violations, installed programs, set policies, group membership, and more. The interface is easy to use (it’s a web application interface) and provides plenty of information with a presentation which doesn’t confuse users.

Perhaps one of the greatest features of the Sentinel agent is in its Android incarnation. One of the great roadblocks to major corporate adoption of Android has been its reliance on Google apps and the Google “cloud”. By using the Sentinel agent on Android, Android phones can be taught to use corporate networks through the Sentinel server. This allows corporate information technology departments to provide their own app store of supported applications or company-specific Android apps. Fixmo will provide app-store services through their App47 product, which is still in development.

Making it Easy All The Way Up

Autoberry and AutoBES are two mature Blackberry management software packages from Fixmo that manage both the phone and the server. Fixmo has taken what they learned with those platforms and taken it to the next level with Sentinel. Good, Blackberry Enterprise Server, and Microsoft exchange are all integrated into the Sentinel management platform, allowing for the management of both devices and their servers. This means compliance with regulations and audits are much easier when using Sentinel, which can generate reports on these servers and their policies.

Users of the management and auditing application can be integrated from active directory or other LDAP software and from BES groups. These users can be given granular privileges over phones, servers, and management and reporting applications depending on their needs.

SafeZone

Fixmo is rolling out encrypted containers on the iOS and Android platforms which will allow users to work inside of FIPS-compliant environments on mobile devices which may not otherwise meet security requirements. The container, called Safezone, is an encrypted sandbox which has an API with which developers can create proprietary applications which can communicate and operate securely on mobile platforms. The container also has several applications from Fixmo which ship with the product, such as document editing services. This will allow mobile users to work on sensitive data without losing security, and without moving the data beyond the corporate network, since the application communicates via virtual network with devices placed inside of a corporate network.

Solutions currently on the market to perform MDM services are not currently as robust or full-scope as the Fixmo product, largely because they either highly focused or do not address some of the many limitations that the consumerization trend has brought upon corporate IT (namely, the lack of corporate policy enforcement mechanisms). Thus, Fixmo is a good investment for any IT firm looking to control their network and their security.

CTOvision Pro Special Technology Assessments

We produce special technology reviews continuously updated for CTOvision Pro members. Categories we cover include:

  • Analytical Tools - With a special focus on technologies that can make dramatic positive improvements for enterprise analysts.
  • Big Data - We cover the technologies that help organizations deal with massive quantities of data.
  • Cloud Computing - We curate information on the technologies enabling enterprise use of the cloud.
  • Communications - Advances in communications are revolutionizing how data gets moved.
  • GreenIT - A great and virtuous reason to modernize!
  • Infrastructure  - Modernizing Infrastructure can have dramatic benefits on functionality while reducing operating costs.
  • Mobile - This revolution is empowering the workforce in ways few of us ever dreamed of.
  • Security  -  There are real needs for enhancements to security systems.
  • Visualization  - Connecting computers with humans.
  • Hot Technologies - Firms we believe warrant special attention.

 

Recent Research

DoD Public And Private Cloud Mandates: And insights from a deployed communications professional on why it matters

Intel CEO Brian Krzanich and Cloudera CSO Mike Olson on Intel and Cloudera’s Technology Collaboration

Watch For More Product Feature Enhancements for Actifio Following $100M Funding Round

Navy Information Dominance Corps: IT still searching for the right governance model

DISA Provides A milCloud Overview: Looks like progress, but watch for two big risks

Innovators, Integrators and Tech Vendors: Here is what the government hopes they will buy from you in 2015

Navy continues to invest in innovation: Review their S&T efforts here

MSPA Unified Certification Standard For Cloud Service Providers: Is This A Commercial Version of FedRamp?

Watch Ben Fry And His Visualizations: Multiple use-cases come to mind, including national security efforts

Agenda And More Details for 4-5 March NIST Data Science Symposium

Actionable Insights From AFCEA Western Conference and Exposition 2014

US Navy’s Engineering Center Provides Deal Winning Info To Industry

solid
About BryanHalfpap

Bryan Halfpap is a software programmer, technology analyst and writer and a driving force behind the security reporting at CTOvision.com He is a frequent speaker at events and conferences including Defcon. You can find him on twitter: @crypt0s