Wandera Secure Mobile Gateway

The Wandera Service provides customers with a Secure Mobile Gateway (SMG) which compresses mobile data, enforces acceptable usage policies, provides multi-level mobile threat detection by scanning on device and in the cloud, and provides data usage reporting to business organisations to help protect business data and avoid mobile bill shock


  • Data Visibility & Control (mobile & tablet)
  • Data Management (mobile & tablet)
  • Data Compliance (mobile & tablet)
  • Security & Threat Defence (mobile & tablet)
  • Anti-Spam, Phishing, Man-in-the-middle protection (mobile & tablet)
  • Data Usage/SIEM Reporting (mobile & tablet)
  • Cost Control & Bill-shock Prevention (mobile & tablet)
  • Content Control & Filtering (mobile & tablet)
  • Enterprise Integration into Mobile Device Management (MDMs)
  • Data Controls via Celular & WiFi


  • Realtime management reporting and controls/compliance
  • Zero-day security threat detection
  • Enhanced mobile threat detection capabilities (machine learning)
  • Reduction of corporate mobile data costs
  • Extension of AUP/Compliance to corporate mobile estate
  • Control and management on celular and wifi
  • Integration with Enterprise Mobility Management (EMM) Providers
  • Detection of man-in-the-middle & mobile phishing attacks
  • Limitation of personally identifiable information via exfiltration
  • GDPR Compliance Advisory Reporting with Controls


£3.20 to £7.75 per device per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10



Wandera Sales Operations



Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Mobile Data Management Software
Enterprise Mobility Management Software
Cloud deployment model Public cloud
Service constraints We do not support Blackberry devices
System requirements Service is for mobiles and tablets only

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is via email/phone/online.
Response SLAs to Service Requests are within one hour.
24x7x365 support.
Online Self-Accessed Resolution.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our RADAR portal is designed to provide intuitive device administration, incorporating a self-contained Support Center that is accessible via the Help button. This contains information on frequently-used functionality, troubleshooting and tutorials to get the most from the service. From here requests can also be raised and tracked with Wandera Support should further assistance be required.
In addition to the Support Center, Email support is available. Phone support is available 24x7 for Severity 1 incidents, and customers with more than 250 device licenses are entitled to phone support for all request types. Support services can be geographically restricted on request.
Our global support teams are ready to assist with service requests, incidents or general queries you may have while using the service. Emails are categorised by Impact and Urgency and our Incident and Problem Management processes are ITIL-aligned to ensure agreed Service Level Targets (SLT) are met.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Customer Implementation Programme including:
Statement of Work
Project Planning and Management
Training and on-boarding
Device Management Configuration
EMM Integration Training and Set-Up
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data is stored with Wandera and deleted according to a Data Deletion Policy. Customers can request data deletion upon termination.
End-of-contract process Secure Mobile Gateway and on-going support with initial implementation is all included in the pricing. Additional Technical Account Management time can be purchased where necessary.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our service is a solution for mobile devices.
Accessibility standards None or don’t know
Description of accessibility Wandera installs an app on the mobile device alongside a modified APN profile. This redirects http(s) traffic to our Secure Mobile Gateway.
Accessibility testing Testing will be done if required
Customisation available Yes
Description of customisation Via our RADAR Administration Portal, IT Administrators can configure and control a broad range of settings including:
Service Configuration
Policy Settings
Blocking and content control
Business and non-business data
Roaming data controls


Independence of resources All systems are resourced monitored by an internal Operations Team. Architecture is built for resilience-by-design with multiple virtual nodes both at the Application and Database layer.


Service usage metrics Yes
Metrics types Mobile Data Analytics
Mobile Security Reports
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Excel and csv export from our RADAR Administration Portal. S3 AWS Repository Data Vault with secure login access.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Wandera is a SaaS service so buyers connect to the service via https (SSL) web interface. There is no direct link to a buyer network
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99.99 availability on core Gateway services.
Approach to resilience Available on request
Outage reporting Public Dashboard
Email Alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Geographical controls
Superuser accounts with controls
Internal management interface controls
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are due to be ISO 27001 Certified by end 2018
Information security policies and processes Information Security Manual with AUP for all information assets
Risk Management Process
Security-by-Design Principles in Software Development
Segregation of Environments
User Access Control and Policy
Audit Logging
Security Incident Process
Information Protection Team & Data Protection Officer
Internal Security Auditing
GDPR Compliance
Open Standards Software Development
Yearly Information Security Training & Awareness Programme for all staff

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Software has a defined development pathway with iterative capture. Operational environments have formal RFC invocation (request for change process). All software release goes through a formal CAB (Change Advisory Board).
Vulnerability management type Supplier-defined controls
Vulnerability management approach We run a formal Risk Management Process which defines threats and vulnerabilities.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Redash Monitoring, Scout/Graphite with Grafana alerting. External access monitor. Status Cake Monitoring system for DDoS. AWS Cloudwatch and Cloudtrail. Secure and Reliable Networks Monitor. Response within 30 mins.
Incident management type Supplier-defined controls
Incident management approach Two Incident Management Processes:
Security Incident Management
Operations Incident Management
Incidents are reported by Monitoring or Form Submission
Reports available on request

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3.20 to £7.75 per device per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial All services and support.
30 day limit.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑