New enterprise mobile security tools strengthen EMM, IAM

New mobility tools beef up security options for IT around secure VPN, Android devices and IAM.

IT administrators have new enterprise mobile security options thanks to recent technology updates from three software vendors.

Pulse Secure of San Jose, Calif., launched a new interface this month to manage security policies for its virtual private networks (VPN), network access control and enterprise mobility management (EMM) services. The unified console, Pulse One, manages policies for secure data access for all endpoints to applications located either on-premises or in the cloud. It brings together services often deployed across different locations within an organization.

Pulse Secure first launched the core functionalities of its platform last fall, when Junos Pulse acquired MobileSpaces to create the new company.

"This is the next step in the evolution [for Pulse Secure] in putting all these things under one umbrella," said Jack Gold, analyst and principal with J. Gold Associates LLC in Northborough, Mass.

The Pulse One software as a service console gives IT a dashboard view that assesses system health and security alerts. It also provides unified compliance reporting for apps, devices and users.

While the new console isn't a major breakthrough for Pulse Secure, it will give its users more control of its offerings, Gold said.

One pixelMobile security issues force IT to rethink its role

Pulse Secure should expand the Pulse One platform by offering APIs to build more connections and capabilities, Gold said.

"[Pulse Secure] wants to be the client security company and that makes a lot of sense," he said. "Most mobile clients aren't good at VPN today."

Pulse One is expected to launch in July. It will be offered to customers deploying the Pulse Workspace, which combines VPN and EMM capabilities. While Pulse One doesn't have a standaloneprice yet, the Pulse Workspace list price is $60 per user per year.

Other vendors in the EMM space offer VPN connectivity products, like VMware and Citrix, with their Mobile Access Gateway and Citrix NetScaler offerings.

Good TEEs up new Android security option

Good Technology Inc. also added an enterprise mobile security offering this month with a new capability specifically for Google Android devices and applications.

The Good Dynamics Secure Mobility Platform will feature Trusted Execution Environment (TEE) and secure key storage for EMM customers who use selected Android devices. TrustZone, an exclusive security capability from processor provider ARM, enables the TEE on many new Android handsets. TrustZone technology, which is also a part of Samsung's KNOX product, can be set to form the TEE around specific trusted applications.

Only devices that run Android Lollipop 5.0 or later will support Good TEE, said Nicko van Someren, Good's CTO.

If you load arbitrary code onto a device, then you don't know what it's going to do.
Craig Mathiasanalyst, Farpoint Group

Good TEE acts as a container that is secured and separated away from everything else on a device. Keys for Android apps secured by Good Dynamics can be stored in the TEE. Because of this, IT can eliminate long passcodes for users.

Companies with BYOD policies could benefit from such a security capability.

"If you live in the Wild West environment where a user can load any code they want onto a device, this can be important," said Craig Mathias, founder of the Farpoint Group, a wireless advisory firm in Ashland, Mass. "If you load arbitrary code onto a device, then you don't know what it's going to do."

While shorter passcodes may be enticing to end users and IT, other security measures can be considered or added, including two-factor authentication, Mathias said.

Similar Good TEE capabilities aren't available on Apple iOS devices because Apple hasn't pulled back the curtain on its operating system the way Google has, van Someren said.

Good will offer trials of TEE starting in May, with general availability planned in Q3 2015. Pricing is not yet available.

Other EMM vendors include VMware's AirWatch, Citrix's XenMobile, IBM's Fiberlink, MobileIron Inc. and many others.

Centrify beefs up privileged user IAM

Identity access management (IAM) vendor Centrify Corp. of Santa Clara, Calif., also introduced a new product this month, the Centrify Privilege Service (CPS). The cloud-based service aims to address issues with visibility, control and access for companies that manage privileged accounts.

CPS extends the capabilities of the Centrify Server Suite with shared account password management for servers, network devices and infrastructure as a service within organizations. CPS aids in security and audit requirements for cloud or on-premises network access.

As companies look to implement enterprise mobile security, IAM services such as CPS will grow in importance when done effectively and tied into directory services, Mathias said. That directory integration can make IAM a challenge.

"[IAM] is not a slam dunk at this point but once IT managers get exposed to it, they will get excited about it," Mathias said. "It puts everything in one place and limits the ability to get things wrong."

Other IAM vendors include Okta Inc., Ping Identity Corp., Dell, IBM and Oracle.

CPS will be available in May and cost $50 per privileged user per month, with discounts available for volume and education.

Jake O'Donnell is the news writer for and Search He can be reached at [email protected]. Follow him on Twitter @JakeODonnell_TT.

Dig Deeper on EMM tools | Enterprise mobility management technology