Mobile // Mobile Devices
01:15 PM

Smartphone Security: Credant Mobile Guardian

Agent-based software provides a range of options to secure at-rest data.

For this smartphone security Rolling Review installment, we logged some hands-on time with Credant Mobile Guardian, which uses agents to secure information stored on smartphones and other mobile devices.

Credant's software is worth a look if you're concerned about information disclosure in an environment that includes many types of portable devices. Credant Mobile Guardian, or CMG, agents can be deployed on a variety of portable devices (laptops and multiple smartphone OS types) and controlled by the CMG Enterprise Server management system.

CMG Enterprise Server integrates data control policies and existing user directories, and can limit access to potentially sensitive information stored on a mobile device. If a smartphone is lost or stolen and someone other than the owner tries to access it, the Credant agent software can "brick" the phone and make its contents unusable, even if it's disconnected from all networks. The device can be easily "unbricked" remotely: Support staff simply dispatch new keys to the device's key ring.

Centrally generated keys and function policies are fed to portable devices in a variety of flexible ways. Agents implement centralized policies in four categories called "shields"--access control, encryption, permissions, and usability with multiple settings within each. As shield policies change, updates are pushed. Policies can control the availability of a device's ports, including Bluetooth, Wi-Fi, and infrared. Administrators might also choose to kill the IP stack entirely, so a phone can be used for voice calls but can't move data.

Rolling Review
Smartphone Security
Business value
Data stored on smartphones is vulnerable to loss or theft. This Rolling Review tests the vendors' ability to lock down data on a variety of devices and platforms.
Reviewed so far
> Trend Micro Mobile Security 5.0: Suite delivers strong, flexible options for locking down mobile devices.
> Credant Mobile Guardian: Provides sophisticated, centrally managed protection for data on smartphones, PCs, and portable media.
Still to come
PGP, Trust Digital, and additional entries to be named in the future
>> More about this Rolling Review <<
Credant encrypts files individually using keys unique to the user and his or her device. Authentication to a CMG-protected device is policy-based, and the policy can be linked back to your organization's central LDAP directory (Active Directory, Novell, or Open LDAP).

Credant policies can be built in many ways. If a user forgets his PIN, he's asked for a passphrase. Failing the passphrase can lead to a list of questions asking for information only he'd know, like his favorite music group. Failing that, he's prompted to call a configurable phone number for a challenge-response session with a help desk technician, and the keys that unlock the data are suspended until unlocked by the help desk.

Because Credant only secures data at rest, other safeguards are needed to protect data in transit. Also, Credant doesn't include malware detection and firewall capabilities. The incidence of smartphone malware is limited now, but it probably won't stay that way. Credant has developed some of these controls for clients, but they don't appear to be part of the core product.

A 200-device installation costs around $80 per seat with volume discounts available. This seems comparable to similar systems, none of which is exactly cheap. But if your data is valuable, then the price is probably worth the peace of mind that only authorized people are accessing it.

Richard Dreger and Grant Moerschel writers are co-founders of WaveGard, a vendor-neutral security consulting firm.

Photo illustration by Sek Leung

Our Take
Credant's CMG secures at-rest data on several smartphone platforms from a single management workstation.  
  Mobile device security policies can be mapped to existing LDAP groups. You needn't create yet another list of users.  
  Tight control of device "ports" gives organizations central management of devices.  
  Strong policies help ensure data is only re-enabled when it's in the right hands.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.