Senforce Ships Mobile Security Manager
September 30, 2003
The company's new centrally managed security policy enforcement tool is also location aware, so mobile clients get different degrees of access depending upon where they are.
Senforce Technologies of Orem, Utah, has begun shipping its Enterprise Mobility Security Manager 2.0 (EMSM), a location-aware, centrally-managed, policy-enforcing system it first alluded to in May of this year.
Kip Meacham, director of Technical Marketing and Communications at Senforce, says what his company does is what research firm IDC calls policy enforced client security (PECS). "We allow the enterprise the tools to centrally manage these mobile computing assets as they move from place to place or adapter to adapter, so the IT manager can control behaviors on the machine.
The EMSM system is a client and server (Windows 2000/2003) solution, with laptops recognized not only for who's logged in as well as where they are located physically so EMSM can apply different security policies as needed.
EMSM has three patent-pending technologies built in: WhereAware for detecting clients and applying security policies; AdapterAware to allow only certain models of wireless network interface cards (NICs) on the network; and AccessAware, to limit areas of the network to certain NICs. This last will work with Windows XP systems using the Microsoft Wireless Zero Configuration service that allows easy access to a wireless network. Meacham says this lets the IT folks support and control use of XP on a client, rather than be thwarted by its very existence.As an additional quality test, Senforce also had EMSM's NDIS drivers submitted and certified by the Microsoft Windows Hardware Quality Labs (WHQL) to ensure interoperability.
Meacham spelled out the services that would rest with the server which underpin the EMSM architecture: The authority service is how EMSM interfaces to the existing group and user management tools, with no separate management database required. This provides updates to the policy service, which lets IT manage security policy for clients inside the corporate firewall and outside. The reporting service monitors policy compliance, and gathers and stores that information to check with canned reports. Third party tools like Crystal Reports can be used as well.
The client side policy editor provides help and tips to IT people as they create security policies; the Mobile Security Client tool receives the policies and enforces the specified security on the client as it roams. PCs that connect via networks completely unknown to the Mobile Security Client will take on a defensive position, and keep all data from going outbound. The client software can only run on 600MHz Pentium III systems or higher running Windows 2000 or XP.
"Our approach is to protect the client in a policy enforced fashion," says Meacham. "We want an organization that is leveraging mobility to still enjoy the productivity gains [of mobility] while enforcing policy on users connecting from the home, or the coffee shop, or the hotel.
The company plans to offer training and a variety of maintence options for customers, based on the size of the enterprise. Pricing for the Enterprise Mobile Security Manager will vary a little, with a base price per-seat of $89.99.
Senforce also makes Senforce Shield, a firewall-type product for protecting all laptops on the road from intrusion.