Sophos Takes on Enterprise Mobile-Device-Security Management

Sophos enhanced its security portfolio by expanding endpoint protection to mobile devices.

Sophos has enhanced its security portfolio to provide "complete protection" for all endpoints, including mobile devices, desktops and laptops, regardless of where the user is.

Sophos unveiled the Sophos Mobile Control, a new mobile-device-management platform that will allow IT departments to securely protect all employee devices, on May 17. The company also updated its SafeGuard Enterprise software and Sophos Endpoint Security and Data Protection platform to provide better support for data encryption.

Enterprises face two major security challenges, a mobile workforce and the consumerization of IT, Rainer Gawlick, the chief marketing officer at Sophos, told eWEEK. Employees are using their personal mobile devices to get onto the company network and access corporate data. IT departments have to somehow manage devices the company doesn't own to ensure corporate data remains protected, according to Gawlick.

The day the iPad came out, the CEO of a Sophos customer told his IT department, "I expect to be able to use it. Make it happen." Gawlick said this was a "core use case," and in many cases, IT managers have to balance these requests with compliance regulations that require strict data controls.

IT administrators are looking for an "uncomplicated" platform that "just works," Gawlick said.

With Sophos Mobile Control, IT administrators can configure security settings for all devices and lock down unwanted features, such as disabling the camera. They can also enforce policies, such as making sure that sites that employees can't browse on the desktop are also blocked on their mobile browsers. The policies can also control what kind of applications can be installed on the devices.

Unlike "vanilla PCs," there's generally only one way to be compromised on a mobile device, and that's via the "front door" when an application is being installed, Gawlick said. The application policy would apply whether the user is trying to download an application or if a rogue site is trying to stealthily install malware.

Sophos Mobile Control will allow IT managers to encrypt all data stored on iPhones, iPads, and Android and Windows Mobile devices to ensure the data is protected even when the devices are lost. This will be very important for organizations that must meet compliance requirements, according to Gawlick. The system also offers other data-protection capabilities, including over-the-air remote wipes, the ability to remotely lock devices, and blocking specific applications and features.

Organizations can control access to corporate email using a secure "gate" which allows only properly secured and registered devices to access the servers, according to Sophos. This way, employees can't get on the mail server without registering the device with the IT department.

Employees don't have to wait for the IT administrator to remotely lock or wipe phones if they are stolen as they will have access to a self-service portal to perform those tasks themselves.

As for other improvements, Sophos enhanced the SafeGuard Enterprise software to support encryption of USB removable devices. Sophos improved performance so that there is no "perceptible" impact to having encryption on the drive, according to Gawlick. "Performance issues are no longer an excuse for not using encryption," Gawlick said.

The Sophos Endpoint Security and Data Protection has been updated with automatic policy-based location-aware updates for mobile networks and more granular tools to define data-loss-prevention policies. This ensures that employees are protected regardless of whether they are inside or outside the office, according to Gawlick.

Sophos Mobile Control will be available at $65 per user and Sophos SafeGuard Enterprise 5.60 (SGN) at $70 per user, the company said. Sophos Endpoint Security and Data Protection will be available at $51.50 per user per year. All pricing is based on a 100-user license.