Bridgeway Security Solutions

Mobile Device Security / Enterprise Mobility Management / UEM (MobileIron)

The MobileIron solution secures and manages devices, apps and data. A PSN-compliant, multi-platform mobile management solution offering mobile device security, mobile app management, remote access control and more, while maintaining the native experience. Hybrid or private cloud available. Bridgeway provides MobileIron EMM support and optionally, a fully managed service.

Features

  • Mobile device encryption
  • Secure remote wipe, locate and lock of mobile devices
  • Remote mobile application management including delivery and lifecycle
  • Strong and remotely managed Data Loss Prevention (DLP) controls
  • Remote access to corporate file repositories (inc. CIFS, SharePoint)
  • In-app office document editing and saving back to source repository
  • Remote access to corporate intranet services
  • Per-app-VPN compatible
  • Apple Volume Purchase Programme (VPP) compatible
  • Apple Device Enrolment Programme (DEP) compatible

Benefits

  • Secure your fleet of mobile devices with innovative MDM/EMM/UEM solution
  • Enforce PSN CoCo security policies for mobile security policy compliance
  • Simplify and secure remote intranet access across managed mobile estate
  • Secure remote access to file repositories (including CIFS, SharePoint, OneDrive)
  • Save money on VPN licences by leveraging MobileIron's secure connectivity
  • Deploy IT services securely to your mobile users
  • Save money on apps by leveraging Apple VPP automatically
  • Easy deployment and management of Windows 10 laptops and desktops
  • Deliver enterprise managed mobility through Unified Endpoint Management (UEM)
  • Simplify and secure remote email access across your mobile fleet

Pricing

£1.84 per device per month

Service documents

G-Cloud 10

614182853604393

Bridgeway Security Solutions

Jason Holloway

01223 979 090

g-cloud@bridgeway.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to MobileIron may securely extend access to existing on-premise and/or cloud email services, file repositories, intranet services, directory services and many more. Depending on use case and OS, may require a MobileIron client to be installed on the device.
Cloud deployment model Hybrid cloud
Service constraints MobileIron may require an agent on the device (depends on device OS).
Customer system integration may require other components, e.g. integration with existing authentication services. Integration also required for secured mobile access to Exchange, Office365 and G-Mail email services, on-premise or cloud file repositories, intranet services, directory services, etc.
System requirements
  • May require an agent on the device (depends on OS)
  • Sentry (gateway server) required for remote access to network services
  • Sentry usually installed as VM in DMZ (VMware or Hyper-V)
  • May require lightweight VM agent to connect to local AD
  • On-premise AD integration requires a local Connector agent
  • Best results obtained with Google Android Enterprise integration
  • Best results obtained with Apple iOS DEP and VPP integration

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Our SLAs guarantee a first considered response within 1 hour from initial ticket being logged, and progress updates start from within 3 hours from receipt of all relevant information. Different SLAs apply according to mutually-agreed priority levels. Both office-hours and 24x7 support services are available, as well as fully-managed mobility services (Bridge Manage).
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing No testing directly performed, but we can (optionally) integrate into customer's existing service support tools, so presume usability testing has been carried out by customer organisation.
Onsite support Yes, at extra cost
Support levels Our Bridge Support services are flexible: we can augment your existing support arrangements, or provide a complete outsourced support function. Standard support is available during UK office hours and can be extended to include full 24x7 and/or onsite consultancy visits.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started On-site and/or Bridgeway-hosted MobileIron training courses are available, specifically aimed at either administrators, help-desk engineers and/or end-users. Bridgeway also provides installation and configuration consultancy services, as well as end-to-end project management to ensure overall project success. Documentation services, whether from high-level design (HLD) to low-level design (LLD), as well as project management and end-user training material can also be provided, subject to scope and cost.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • MobileIron administration guides are provided as PDFs by default.
  • Admin guides are accessible by HTML Support Portal interface too.
  • End-user self-enrolment videos are also available for e.g. e-Learning platforms.
  • On-boarding how-tos are supplied as Word documents (.doc, .docx, .odf)
  • User on-boarding can be supplied as HTML, PowerPoint or PDFs.
End-of-contract data extraction Backups of the live servers can be extracted through the GUI. Full device fleet details can be obtained via API and/or CSV export. Devices can be backed up (if policy allows).
End-of-contract process At the end of the term, the customer is welcome to renew their licence and the service would continue. Alternatively, if the customer verifies in writing their preference not to continue, their account and associated data are deleted.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service This is an enterprise mobility management solution designed to manage mobile devices but also supports Windows 10 and macOS for management of laptop and desktop devices too. It is therefore more correctly referred to as a Unified Endpoint Management (UEM) solution, as defined by Gartner, Inc.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing JAWS and MobileIron integration testing.
API Yes
What users can and can't do using the API API provides programmatic access to a whole host of device control and reporting APIs for integration with other solutions. For organisations looking for augmented operational dashboards, historical trend reporting, management reports and/or compliance reporting, we recommend Bridgeway's IronWorks add-on solution. More details available upon request.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation MobileIron can be customer branded, policies, restrictions and services aligned with customer security and IT service settings, and integrated into existing IT network and infrastructure servers, e.g. AD/LDAP, CIFS/DFS/SharePoint servers, and many more.
In addition, a fully managed and branded mobile managed service can be provided as part of Bridgeway's Bridge Manage service. See this listing for further information.

Scaling

Scaling
Independence of resources Customers can choose between a public cloud, private cloud or on-premises deployment, according to risk appetite, server integration and service management preferences.
Services are covered by availability guarantees, which vary from option to option. Contact us for further details.

Analytics

Analytics
Service usage metrics Yes
Metrics types Bridgeway and MobileIron can provide the most comprehensive usage and compliance reporting on the market, including a variety of system, administration and management reporting. examples include number of devices enrolled, non-compliant, out-of-contact; applications and versions deployed, device OS types and versions, etc. Further information can be exclusively obtained through the use of Bridgeway's IronWorks solution for operational and senior management reporting and actionable insights. Details available on request.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold MobileIron

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Security vetting of consultancy personnel (SC and NPPV3 by default, other vetting options available upon request). ISO27001 approved datacentre. Documented processes and internal policies. Physical and electronic security systems and controls. Encryption of data at rest (AES-256). Role-based access controls of personnel data access. GDPR-ready data handling processes, policies and user training.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Administrators can export the relevant detail via API, CSV export or through a GUI-initiated backup process.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks Our private-cloud solution (Bridge Host) is available through PSN, N3 and HSCN networks. Alternatively, or as well, Bridgeway supports a dedicated IPsec VPN connection between customer and datacentre, to ensure a secure link between the two. Alternatively, the public cloud offering (pure MobileIron Cloud), is secured by TLS 1.2 connections. Another option is for an on-premises (or chosen cloud service provider) deployment of the MobileIron Core and Sentry servers. Further information and assistance in choosing the correct solution is available upon request and part of the overall Bridgeway service.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Security vetting of consultancy personnel (SC and NPPV3 by default, other vetting options available upon request). IPSec VPNs, SSH and TLS1.2 connections only by default. ISO27001 approved datacentre. Documented processes and internal policies. Physical and electronic security systems and controls. Encryption of data at rest. Role-based access controls of personnel data access. GDPR-ready data handling processes, policies and user training.

Availability and resilience

Availability and resilience
Guaranteed availability Service part-refund for non-performance. SLAs determined by chosen option, customer need and mutual agreement. Current MobileIron technical support SLAs are covered here: https://www.mobileiron.com/en/legal/support-maintenance-SaaS-products - Most recent MobileIron Cloud uptime service statistics are listed here: https://www.mobileiron.com/en/products/certifications-uptime - Bridgeway's support SLAs for Bridge Support are listed here: https://www.bridgeway.co.uk/services/support-services - Service part-refund for non-performance. SLAs determined by chosen option, customer need and mutual agreement. Current MobileIron technical support SLAs are covered here: https://www.mobileiron.com/en/legal/support-maintenance-SaaS-products - Most recent MobileIron Cloud uptime service statistics are listed here: https://www.mobileiron.com/en/products/certifications-uptime - Bridgeway's support SLAs for Bridge Support are listed here: https://www.bridgeway.co.uk/services/support-services
Approach to resilience Available on request.
Outage reporting Reported in the MobileIron support forum and on their status web page here: https://trust.mobileiron.com/ - This page also includes subscription options for email, SMS, API webhook and Atom/RSS feeds.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access restricted by Role Based Access Control (RBAC). Devices authenticate with centrally managed (and issued) digital certificates. 2FA and SAML SSO available.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY Certify Point
ISO/IEC 27001 accreditation date 18/11/2010, with latest re-issue on 15/12/2017
What the ISO/IEC 27001 doesn’t cover Scope covers specified services and facilities, does not cover on-premises installations or customer's own processes/implementations.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 14/12/2016
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover None known
PCI certification No
Other security certifications Yes
Any other security certifications
  • SOC I & II
  • Cyber Security Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Contact details and reporting structure available on request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Security and risk teams assess potential impact before implementation. Peer and security team code review, automated testing and audited code tracking allow for the services to be tracked throughout their lifetime.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Available on request
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Available on request
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Available on request

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • New NHS Network (N3)
  • Other

Pricing

Pricing
Price £1.84 per device per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Time-limited trials available. Whole solution can be provided on a try-and-buy basis to ensure suitability for purpose against agreed and documented success criteria. Bridgeway recommend end-user involvement in evaluations to ensure feedback from all appropriate departments within the organisation. An independent, tried-and-tested, documented testing and evaluation plan can be provided.
Link to free trial https://www.bridgeway.co.uk/mobileiron-trial

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑