CWSI

Mobile Device Management and Security

MobileIron from CWSI is an MDM/EMM solution that secures and manages devices, applications and data for public sector customers. MobileIron is a multi-platform solution available on hybrid or private cloud. Users experience seamless, secure, fully protected access to business resources, corporate data, applications and content.

Features

  • Forced encryption of mobile devices
  • Secure remote wipe, locate and lock down of all devices
  • Over the air configuration for application delivery.
  • Data loss protection and prevention controls
  • Securely access remote internal repositories including SharePoint, WebDAV, CIFS
  • In application and document editing functionality
  • Per app vpn compatible
  • Apple VPP and DEP compatible
  • Automatically provision enterprise settings such as WI-FI and VPN.
  • Define and enforce remediation actions if devices fail compliance

Benefits

  • Enables IT to Secure and manage all mobile devices securely.
  • Enables remote and new ways of working.
  • Enables customers to use mobility to improve citizen engagement.
  • Delivers a secure, positive, intuitive end-user experience.
  • End-users can securely access e-mail, internet and file repositories.
  • Enforce PSN compliant policies to the workforce.
  • Deliver, secure and retire mobile applications as required.
  • Manage application lifecycles from ‘making apps available’ to containerising.
  • Enables customers to successfully manage BYOD, CYOD and COPE.
  • Reduces corporate risk, reputational damage caused by data loss.

Pricing

£1.95 to £3.70 per device per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9

111019523869621

CWSI

Richard Wheatley

+44 (0) 203 6515392

info@cwsi.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • MobileIron requires an agent on the device.
  • Customer system integration may require some on-premise components e.g.Exchange.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The response times for Monday to Friday are P1 15 minutes P2 15 minutes P3 30 minutes P4 60 minutes. Information relating to weekend support is available on request. 24/7 support is available upon request.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Target Resolution Time: P1 6 hours, P2, 8 hours, P3 24 hours, P4 3 days
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started CWSI have an established reputation for delivering projects of this nature on time and within budget. CWSI can provide numerous government references on request.
On-boarding users to MobileIron is a very simple process for the administrative team and the user. Typically the administrator will initiate the process by adding the user to the MobileIron web-based admin console along with their user details and phone number. The user will download the MobileIron app to their phone, in which they will be prompted to enter their email address, enterprise password and registration PIN. If their credentials are correct, they will be taken through two or three quick steps to complete enrolment. Device registration is now complete.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Word
  • Powerpoint
End-of-contract data extraction It is possible to export logs, inventory reports (including device and location information), audit information and user lists from the solution.
End-of-contract process At the end of the contract customers have the option to renew or terminate. If choosing to terminate and the solution is hosted with CWSI, the customer will be able to export data before the solution is decomissioned.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The desktop service is only available for Mac OS and Windows 10. There are a number of differences between desktop and mobile but basic features are supported in both.
Accessibility standards None or don’t know
Description of accessibility Many things users can do can be permitted or restricted by administrators. If a self-service portal is used, users can enroll and locate their own devices, and also view installed apps. If administrators permit users to enroll devices using credentials, then they can add devices up to a specified limit without administrator intervention. This can be restricted by requiring a one-time PIN. users never have access to the administrative portal, and so cannot change policies, remove devices, or see information relating to devices other than their own.
Accessibility testing Service Interface Testing
API Yes
What users can and can't do using the API API usage is available, allowing a range of actions depending on permissions granted to the specified API user. These may include, but are not limited to, device actions, user actions, service status, etc.
API documentation Yes
API documentation formats Other
API sandbox or test environment No
Customisation available Yes
Description of customisation App storefront can have a customised logo, and the icon on the user endpoint can also be customised.

Scaling

Scaling
Independence of resources The minimum specifications change for the amount of users to be enrolled onto the solution. This ensures there is enough resource for the requested number of users at all times. In the datacentre, the solution is provided guaranteed resources in order to ensure one deployed solution cannot use the resources of another.

Analytics

Analytics
Service usage metrics Yes
Metrics types Metrics include: devices deployed, users on the system, applications, OS versions, device types and more
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold MobileIron

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Never
Protecting data at rest Encryption of all physical media
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users export data using the reporting and exporting functionality built into the solution console. This includes inventory data, report data, log data and audit information
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability MobileIron has successfully completed a SOC 2 Type 2 assessment (formerly known as SAS 70). As part of the SOC 2 assessment, the operational and security processes of MobileIron Cloud was reviewed by an independent certified public accounting firm. The detailed results of this stringent process are available upon request.
Approach to resilience Available on request
Outage reporting Remote monitoring tools regularly check for issues and email alerts are generated when a service becomes unavailable. As this is a proactive service, CWSI make contact with customers when an outage is reported.

CWSI also provide UPtime, an additional service for monitoring health of customer on-premise solutions

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Nominated administrators are granted access via unique credentials and/or roles permitting the audited administration of the solution. Once granted, administrators may extend the administration role to others in the organisation
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY
ISO/IEC 27001 accreditation date December 11th 2013
What the ISO/IEC 27001 doesn’t cover Certificate and scope can be found here: https://d0.awsstatic.com/certifications/iso_27001_global_certification.pdf
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date January 2017
CSA STAR certification level Level 4: CSA C-STAR Assessment
What the CSA STAR doesn’t cover Details of assessment are covered here: https://d0.awsstatic.com/whitepapers/compliance/CSA_Consensus_Assessments_Initiative_Questionnaire.pdf
PCI certification Yes
Who accredited the PCI DSS certification Coal Systems
PCI DSS accreditation date 2010
What the PCI DSS doesn’t cover Included and excluded services can be found here:
https://aws.amazon.com/compliance/services-in-scope/
Other security accreditations Yes
Any other security accreditations
  • SOC 1,2,3
  • FedRAMP High
  • IRAP
  • C5

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach As an IT security company we take the security and privacy of our data and that of our clients data very seriously. We are currently working towards ISO27001 certification and we expect to achieve this by 2018.
Information security policies and processes MobileIron maintains physical access restrictions into its corporate headquarters including its data centers. These restrictions are enforced by several ways, including photo identification, controlled proximity and restricted visitor access badges based on job function, security cameras, and building lobby receptionists. At third-party data centers, access is restricted only to authorized MobileIron employees or contract personnel. MobileIron employees do not have access to the Infrastructure as a Service (IaaS) provider data centers like Amazon Web Services (AWS). The MobileIron Technical Operations team reviews access into the data centers on a quarterly basis.MobileIron has a Product Security Incident Response Team (PSIRT), which is a group of cross-functional team members that monitor, verify, and proactively respond to user-found security issues. Their goal is to resolve or mitigate reported security issues found in any MobileIron product through the release of maintenance or patched software or firmware. The PSIRT Process is documented and published at the MobileIron Support site. The team can be contacted at PSIRT@mobileiron.com.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach 1. A change is submitted by a nominated customer account manager
2. The change is reviewed by T1 for impact and feasibility
3. The change is escalated for approval
4. Once approved, a change is scheduled with the customer
5. In a suitable window, the change is enacted
6. The change is monitored for impact
7. The change request is closed
Vulnerability management type Supplier-defined controls
Vulnerability management approach This is managed by the vendor. For Public Cloud security patches are applied as soon as available. For private/hybrid once patches are available CWSI make contact with customers to schedule patch application
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach MobileIron has a Product Security Incident Response Team (PSIRT), which is a group of cross-functional team members that monitor, verify, and proactively respond to user-found security issues. Their goal is to resolve or mitigate reported security issues found in any MobileIron product through the release of maintenance or patched software or firmware. The PSIRT Process is documented and published at the MobileIron Support site. The team can be contacted at PSIRT@mobileiron.com.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Users may report incidents by email or phone Monday -Friday 9-5. 24/7 support is available upon request. Incidents are regularly updated and notifications are sent to users, SLAs change based on severity of incident.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £1.95 to £3.70 per device per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial We offer a 30 day period of evaluation. More information is available on request.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑