When planning the security of the devices that will be using Lotus Notes Traveler, you should consider the following areas:
- Company owned devices versus employee Bring Your Own Device:
You must consider whether to limit the mobile devices to only company purchased devices or to allow employee purchased devices, which is commonly referenced as "bring your own device" (BYOD). This is a business decision and should adhere to the company's security policy. The security policies you can apply to a device may have to vary depending on who owns the device.
- Ownership of the data on the mobile device
The company owns all the corporate related data that resides on the mobile device via Lotus Notes Traveler, but what about all the rest of the data, personal photos, contact lists, and so on? Your company should have business conduct guideline that clear define the data ownership and employee should follow the guidelines.
- Company rights if the device is lost, misplaced, or stolen.
You must understand your company's policy about how to handle the data of a lost, misplaced, or stolen device and how this may vary depending on who owns the device. Lotus Notes Traveler has several security features that can help a company to protect their data.
- Required version of OS on Mobile Devices
Earlier mobile device Operating Systems (OS) do not support many of the security features that are now standard requirements for many companies. For example, Android devices must be at level 2.2 or higher to support the Remote Wipe options. If an installed version OS does not support a companies security requirements you may wish to consider not allowing them to connect to your Lotus Notes Traveler environment.
The following table lists the device security options, at a high level, available in Lotus Notes Traveler at the time this wiki is written. You should check the current security options for mobile operating system to ensure they meet your companies requirements before allowing devices based on that OS version to connect to your environment. Note: if you are using a Mobile Device Management (MDM) solution in addition to Lotus Notes Traveler, the security options from that may override the options listed in this table:
Consideration should be given to the control of the Lotus Notes Traveler data on the mobile device, who owns it and how to protect it. Especially in the context as to how in the event that a mobile device is lost, or worse, stolen, how you can protect the data stored on the device. You also need to consider what happens to the data when a user leaves the company. Having some kind of legal agreement that users must agree to before using the Lotus Notes Traveler service can help with. This agreement can then specify that the company can, at its discretion, take any and all steps that are deemed appropriate to protect the data. Options can include deny access to the device which prevents the synching of data, or wiping the device of just Lotus Notes Traveler data or completely wiping all data and settings from a device and returning it to its factory default settings.
Lotus Notes Traveler has the ability to apply certain security settings on the end user mobile devices. Applying security settings to these devices can be used to help protect the enterprise data that Lotus Notes Traveler synchronizes to them from unauthorized access, if the device is lost or stolen.
As an administrator, you can either have a single default policy that applies to all users or use multiple policies and apply them to different groups of users, allowing different security settings to be applied to different users.
The settings that can be applied vary between the different mobile device platforms that Lotus Notes Traveler supports (Windows Mobile, Nokia, Apple iOS and Android), but all include the ability to require a password be enabled on the device. The following figures show the security settings that are available on each of the different platforms, each of these individual settings is described in more detail of 8.2.2 Device settings
Windows Mobile Device Security Settings
Nokia (Symbian) Device Security Settings
Apple (iOS) Device Security Settings
Android Device Security Settings
Although the exact security settings vary between the different device platforms, they generally all provide some capability in the following areas:
- Enabling a device password - This turns on a password on the mobile device, and defines rules regarding the length and strength of that password.
- Enabling encryption of storage cards - This encrypts the contents of any plug-in storage media cards inserted into the device.
- Prohibiting devices incapable of security enablement - This prevents devices that do not support the ability for security settings to be automatically enforced from being used.
- The latest Android devices (running Android version 3.x and 4.x) also provide the capability to disable certain functions, such a copying data from Lotus Notes Traveler to the clipboard or saving attachments to the device operating system.
What device security settings should you use?
Applying any of the available device security settings is entirely optional, but using them will help protect the data that Lotus Notes Traveler synchronizes to the devices. Therefore, if you want to increase the security of the data on the device, you should consider using them.
If you do chose to use them, the security settings should be as per your company’s own IT security standards, but following options are suggested as good practice:
- Enforce a device password with an automatic lockup after an elapsed time of inactivity.
Without it, anyone who picks up the device has immediate access to the Lotus Notes Traveler data. Also, some devices do not enable their native encryption capabilities without a device password being set. The device password should be a minimum of four characters, but for optimal protection, a password of at least eight characters, using a mix of alpha, numeric and special characters should be considered. Enforcing a regular password change and preventing the re-use of the same password will further increase the security offered by the device password.
- Enable the option to prohibit devices that don’t support security enablement.
Doing so blocks all devices that do not allow Lotus Notes Traveler to apply security settings or support the ability to perform a remote wipe. Enabling this will limit what devices are able to use your Lotus Notes Traveler service, however most modern devices now support security enablement so it will typically be older or less functional devices that would be blocked. If you do chose not to enable this option you should be aware that you may allow some devices bypass your security settings because Lotus Notes Traveler can not enforce them on devices that do not support security enablement.
Limitations of device security settings
There are two key limitations regarding the device security settings that you can apply in Lotus Notes Traveler:
- Nearly all of the settings apply to the entire device, not just Lotus Notes Traveler.
For example, if you chose to enforce a 10 digit password, the user would have to enter that password every time they wanted to do anything on the device, not just use Lotus Notes Traveler itself. This might have a negative impact on the overall user experience on the device, especially for performing common tasks such as making a call or sending a text message. This can be especially significant if you are using Lotus Notes Traveler in a “Bring Your Own Device” implementation because the security settings you apply will affect the user even when they are using the device for personal use.
- The security settings that you are able to enforce using Lotus Notes Traveler are limited and do not necessarily provide complete protection against “data leakage”.
Preventing data leakage goes beyond just controlling access to the mobile device itself (through enforcing a password) to actually restricting what the user can do with the data after it is on the device to ensure that the device never goes outside of your control. Examples include preventing the user from saving email attachments locally to the device (where they can then subsequently be copied anywhere), controlling the ability to copy and paste the content of emails to another app and preventing email data being backed up to cloud services where the content might not be encrypted.
Remote device security
In addition to being able to apply security settings to the mobile devices, you can also use Lotus Notes Traveler to perform the following management functions that can help you manage the security of the user devices remotely:
- Deny access:
An administrator can block individual devices from being able to access the Lotus Notes Traveler server. Once this is applied, the device no longer can connect and synchronize new data with the server. However, any existing Lotus Notes Traveler data remains on the device. As such, this option is only useful for temporarily disabling users for whom it is acceptable for them to still have access to any data they have previously synchronized.
- Wipe device:
An administrator can initiate a remote wipe of the user device, which will delete the Lotus Notes Traveler data from the device and prevent it from being able to connect to server again. You can use this feature to remotely remove your enterprise data from devices that are lost or stolen, or if an employee leaves the company. There are actually three different types of wipe that can be performed:
- Hard wipe:
This resets the device back to factory defaults and delete all data (for example photos, music, and so on), not just the Lotus Notes Traveler data. Although this is the most secure option, you should only use it for devices where you are legally entitled to be able to delete all the data on the device. This is not normally an issue for corporately owned devices, however, it might not be the case if the device is the user’s personal property (for example, if you are using Lotus Notes Traveler in a "Bring Your Own Device" implementation).
- Lotus Traveler application and data:
This deletes just the Lotus Notes Traveler data from the device and does not delete anything else. This wipe method makes is more suited for use with devices that are personally owned by the user because it gives you the ability to delete your enterprise data from the device without affecting any of the user’s own data or settings.
- Storage card:
This option deletes all data from the storage card in the device (if there is one present). It does not actually delete any of the Lotus Notes Traveler data though, so it is only useful if you want to ensure the contents of any storage cards is also deleted, which you could do in conjunction with issuing a "hard wipe" to ensure both the device and any storage card inserted into are wiped of any corporate data. Just as with the hard wipe option though, be sure that you are legally entitled to delete the data from the storage card.
A limitation of all of the wipe features is that the wipe is sent to the device to action the next time the device synchronizes with the server, so for the device to receive and action the wipe command the device must actually connect to the Lotus Notes Traveler server. This might not necessarily occur in all circumstances, for example, if the device is lost whilst powered off.
What does IBM do internally?
The IBM internal implementation of Lotus Notes Traveler applies a security policy that enforces a strong alpha numeric password on all devices regardless of them being corporate issued or personally owned. Users are also forced to change their password on a regular basis. Devices that do not support security enablement are prohibited. IBM also uses an additional MDM solution (IBM Endpoint Manger for Mobile Devices
) to apply further security settings and controls on the mobile devices.
Further reading on device security
The following article provides more information on device security: