Trend Micro, Credant, PGP, and Trust Digital take different approaches to protecting mobile data and provide a solid overview of what's available. During tests, we saw impressive implementations of at-rest encryption, anti-malware, central policy management, firewalls, access controls, remote wiping, and other protection mechanisms. The bottom line? There's no single, best smartphone security product that will address everyone's needs, so we didn't pick an Editor's Choice or Best Value in the assessment below. Ask these simple but essential questions:
- Do we need encryption?
- What brands of phones must we support?
- Do we want single-vendor or best-of-breed gear?
Price wasn't much of a differentiator in this Rolling Review--all product suites came in close to the $10,000 to $14,000 range for a 200-seat implementation. (Volume discounts, custom pricing, features, and incentives could affect that.) All the products that we reviewed have their own relative strengths and weaknesses. Some broadly cover a wide range of security controls; others provide a richer set of options by focusing on a few core areas. Want a single-vendor comprehensive system? Consider Trend Micro's Mobile Security 5.0. Need strong, role-based encryption compliant with Federal Information Processing Standards (FIPS)? Look at Credant Mobile Guardian. Interested in protecting data in transit as well as data at rest? Give PGP Mobile a try. Are you trying to deal with a diverse and expanding fleet of iPhones, Windows Mobile, and other platforms? Trust Digital Enterprise Mobility Management may be the way to go.
Those are broad strokes, and as always, the devil is how the details apply to your company's needs. Focus on the right combination of controls that adequately protect your data and reduce risk to acceptable levels.
Of the products we reviewed, the Trend Micro Mobile Security 5.0 suite probably had the most comprehensive set of security controls for the supported smartphones. The suite can provide at-rest encryption, user-to-device authentication, anti-malware protection, firewalls, spam protection for SMS messages, and intrusion detection--all controlled from a centralized interface to allow for enterprise-wide policy enforcement. The downside is that, to really leverage this product, your organization should have deployed a fairly homogeneous set of Windows Mobile or Symbian devices.
Credant Mobile Guardian's major strength is its encryption engine, which is FIPS 140-2 validated, a feature that appeals to government customers in particular. The system provides direct control of communication ports such as Bluetooth, Wi-Fi, and infrared. On the downside, it relies on other products to provide firewalls and anti-malware functions. It also has no provisions for securing data in transit.
Trust Digital's Enterprise Mobility Management takes a somewhat different course from the others, using a three-tiered approach that includes the phone, a compliance filter, and the back-end EMM server. The suite provides flexible, centralized management of diverse smartphone platforms, including Apple's iPhone. The big upside to this product is its flexible approach to managing mobile phone security. Unfortunately, not all security controls are supported on all phone platforms.
While these four smartphone security platforms present a good cross section of what's available, there are perhaps dozens of others out there. One or more will probably get you where you need to be. Just don't forget to approve the supporting security policies.
(click image for larger view)
Richard Dreger and Grant Moerschel are co-founders of WaveGard, a security consulting firm.