Q. How does Divide secure data-at-rest?
All application data is encrypted inside the Divide container via FIPS 140-2 validated 256 bit encryption. Divide’s default configuration ensures that data in the workspace container is not accessible at any time from the personal side and is protected in the event of a security attack or if a device is lost or stolen. Business data can be wiped if the device is rooted or jailbroken. When Divide is running, all sensitive data is obfuscated in memory to prevent memory scan attacks on a compromised device. The encryption used in the Divide suite of applications ensures that even in a rooted environment, sensitive corporate data is not accessible without the user’s individual passcode. Removing the storage card for forensic analysis will also not reveal any data stored by the Divide applications.
Q. What does Divide do to enhance email security?
Divide offers the ability to send and receive secure, encrypted email messages using S/MIME (Secure/Multipurpose Internet Mail Extensions). S/MIME messages are cryptographically processed to ensure they have not been tampered with in transit or read by unintended recipients. By using a public/private certificate/key pair, users can authenticate for intended recipients. Divide S/MIME works with certificates from any Certificate Authority (CA).
Q. How does Divide handle certificates?
Divide has built its own keystore to handle certificates and private keys for S/MIME and SSL authentication. All SSL connections for Exchange ActiveSync, Browser traffic, Divide Manager and Divide Connect from Divide use Keystore root Certificate Authorities. Customers have the option to securely send certificates over email, host certificates on a website, or push them to user devices via Divide Manager. Large enterprises with in house Public Key Infrastructure (PKI) can use Divide Keystore to control large numbers of Digital Certificates for SSL authentication and S/MIME.
Q. How does Divide protect data-in-transit?
Divide Connect creates a dedicated, secure tunnel for business apps on a mobile device. Data traveling between the Divide workspace container and corporate servers flows safely through the Divide Connect partner gateway while personal traffic is routed to the Internet. This allows Divide to access resources such as ActiveSync if it’s not publicly exposed, corporate intranet, corporate proxies and filtering rules. Divide Connect protects core Divide apps as well as wrapped business apps deployed to the Divide container.
Q. What control does IT have over the Divide container and policy enforcement?
IT administrators use the Divide Manager console or an MDM partner console to deploy and enforce enterprise-wide policies for Divide users. The console provides IT with a tool to see all connected mobile devices, set policies by group, remotely wipe corporate data, lock the corporate workspace, and administer password resets. IT is able to set password rules for the Divide container from the console. Examples include:
PIN or password is required to access corporate data inside the container
All corporate data and apps are destroyed by a penalty wipe if incorrect passcode attempts exceed a configured threshold; a specified time elapses between connections ie “time bomb”; or by a wipe command remotely issued by the IT admin or user
Inactivity lock period for the container
Ability to remotely wipe container while preserving all the other personal data on the device
Divide Manager also provides app management capabilities including the secure use of any enterprise app without the application code having to be modified. Divide supports a suite of policies that govern data protection, data leakage, network access, email attachments and app distribution. All policies are distributed over-the-air and can be applied by group.
Q. How does Divide handle root and jailbreak detection?
Divide employs a number of approaches including file system searches, signature checking of system files and checks for elevated permissions to detect rooted and jailbroken device. Divide’s root detection methods are based on industry best practices and are regularly reviewed and updated to reflect the latest detection approaches. No aspect of Divide security is reliant on running on non-rooted or non-jailbroken devices.
Q. How does Divide test and validate its security?
Divide proactively engages in regular penetration testing of the Divide platform by leading firms, who have certified the product for enterprise use. The tests are often prompted by customers and partners, who hire independent professional security teams to target the Divide platform. Divide also pays for tests and sponsors regular third party security testing to ensure that Divide is being audited on a regular basis