Forward Thinking IT Solutions

SecurePIM - Security in BYOD Scenarios

Secure Container Solution for mobile Devices

iPhone/iPad and Android in the Enterprise?

Company policy may dictate differently, but users will always find ways to access company data on mobile devices, e.g. via external mail accounts or online services, such as Dropbox. In most cases, the users are not even aware of the potential security risks. SecurePIM offers a manageable solution that allows controlled and secure access to sensitive company data.

Separation of Business and Personal Data with a Secure Container

SecurePIM is a separate app on the mobile device. This app manages and stores all business data in an encrypted area. Business data is clearly separated from personal data.

SecurePIM includes the following modules:

  • SecureMailer – Secure e-mails. Receive and send e-mails encrypted, based on the S/MIME standard.
  • SecureContacts - Business contacts are stored and managed securely in SecurePIM.
  • SecureCalendar – Security for your calendar and schedule.
  • SecureDocs – Protection for your documents. SecurePIM accesses the company's document management system (SharePoint, OpenText) via a secure channel. Support for on- and offline docs.
  • Secure Browser – Protected web browser. Access to sensitive internal web application, e.g. a CRM system is protected. Web access can be managed with white and black lists.

Full Support of Existing PKI Environments

Secure PIM can easily be integrated into an existing PKI infrastructure. The existing PKI cards can be read directly with a Feitian chip card reader.

There are three different security levels available for authentication and encryption.

  • Encryption with personal certificate in the container – High security. The smart card is not required for users with lower security requirements. The private key, securely stored in the SecurePIM container, will be used for all asymmetric crypto functions.
  • Card connected at the start of the app – Chip card security. This configuration requires the card only at the start of the SecurePIM app. After the card is enabled for crypto operations with the PIN, the private key in the container is decrypted and can be accessed.
  • Card always connected – Highest smart card security. SecurePIM works only after the smart card was enabled with its PIN for the crypto operations. If the card is removed, the app terminates and can no longer be accessed.

Integration in an Existing IT Infrastructure

The SecurePIM administration is handled by the Mobile Application Management (MAM) portal. With this portal, the company's SecurePIM containers can be configured and managed centrally.

All company data that is stored in a SecurePIM container can be disabled at once in an emergency situation. All the personal apps or data on the device remain unaffected.

To set-up SecurePIM in an organization, you only need an existing MS Exchange Server (2007, 2010) with certificate services enabled and a platform for the MAM portal. Since the app configuration is managed centrally, the rollout becomes straight forward. The app can be installed from an Intranet server or the app store.

Supported Chip Card Readers

SecurePIM works with connected readers from Feitan and Precise (Tactivo), as well as with Bluetooth readers from Feitian.