Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

Secure Docs - Tiger Optics

Secure Docs
Technical Whitepaper
Contents
Introduction
Overview
4
Technical Details
4
Conclusion
Good Technology
3
866-7-BE-GOOD
7
www.good.com
Secure Docs Technical Whitepaper
2
Introduction
As of Q1 2012, Good introduced Secure Docs, a new Good for Enterprise capability that for the first time ever
allows users to securely view, edit, save and send files leveraging popular third-party document editors. Secure
Docs is a new set of functionality that allows users to securely view, edit, save and send files leveraging popular
third-party document editors supported by Good for Enterprise.
With Good’s new solution, mobile workers can install and utilize secure third-party editing applications that
were developed on the Good Dynamics security platform for mobile applications, ensuring that they all contain
enterprise-grade security and the flexibility to be deployed across multiple platforms with the same set of policies.
This whitepaper provides a technical overview of this solution, including its complete, secure workflow with Good
for Enterprise.
The Need for Secure Docs
The penetration of smart devices into consumer markets has made connectivity relatively easy and inexpensive,
especially outside of the workplace. Connectivity, accompanied by the right apps and tools, increases collaboration
and productivity in nearly any organization. While access to corporate email, calendar and contacts is often the
starting point, industry-leading companies recognize that employees need more than email to fully participate in
business processes.
With the rapid emergence of iPads, the ability to edit documents on-the-go and manage transmitted files is more
important than ever.
Currently, editing documents on a mobile device requires the use of a third-party application, which is generally not
secure and puts corporate information at risk. With Secure Docs, workers can now securely edit, save and send
files using their iPad (support on more platforms is expected in 2012) without the worry of potentially corrupting
corporate data or inadvertently sharing it with cloud-based applications.
Good Technology
866-7-BE-GOOD
www.good.com
Secure Docs Technical Whitepaper
3
Secure Docs: An Overview
The Secure Docs capability delivers enterprise-grade security through a complete mobile content editing workflow—
from viewing and editing to saving and sending. Mobile workers can edit a document using one of the new, secure
third-party editors, and then save it in the Good File Repository, a secure environment for document saving and
archiving. Files are stored and secured with FIPS certified AES encryption. Additionally, because Secure Docs
works solely with Good for Enterprise (GFE), IT can rest assured that security policies for disabling cloud-based
sync, “Open In” and “Share” capabilities, and “Cut/Copy/Paste” functions are applied to the corporate data
being accessed by the secured editor, and that corresponding application-level security policies for password
requirements and Jailbreak detection are enforced on the secured editor prior to data access.
Technical Details
Secure Docs is a means of exchanging data between two applications running on the same device. One of the
applications must be the GFE e-mail and PIM application; the other must be a Good Dynamics-secured application.
The security of data is not compromised during exchange. The data remains in Good secure storage throughout.
The method of moving data from one application to another is the Good Dynamics API. This API includes the
functions and structures required to send and receive data using Good Secure Docs. To utilize this API, the
application must authorize by “pairing” with Good for Enterprise.
Good for Enterprise
(GFE)
SECURE PIPE
Secure
Storage
Lotus Domino
Good
NOC
Firewall
Good Mobile Control (GMC)
Secure Docs Editor
(3rd Party)
• Policies
Good Dynamics
Libraries
Mobile Device
Good Mobile Messaging
Server (GMMS)
Secure Inter-Container
Communication of Files
and Policies
• Email/Files
An IT administrator uses the Good Mobile Control console to enable users to use the third-party secure editors. The
IT admin may specify the specific third-party editor to individual devices or groups of devices. End-users, on the
other hand, need to install a third-party editor for free from the Apple App Store.
Good Technology
866-7-BE-GOOD
www.good.com
Secure Docs Technical Whitepaper
4
Single Sign-On
Secure Docs has a single sign-on method that is synced with the user’s GFE password. The password policy protection is identical to GFE and the secure third-party editors. After authentication, every time a secure third-party editor
is opened, it will ‘flip’ to the GFE login page:
1. If GFE is logged in, user will automatically ‘flip’ back to the secure editor
2. If GFE is not logged in, user will enter GFE’s password that will take him/her back to the secure editor
After authentication has been established, and on each and every user access or other application launch event, the
Secure Docs editor invokes the Good Dynamics Libraries in order to perform compliance checks and authenticate
the user—as necessary, based on customer-specified policies for password entry, password timeouts, etc. It is
not possible for the user to access documents or perform other application functions unless and until compliance
checks and user authentication have been completed. The Good Dynamics library will determine if inactivity timeout
has expired and will handle interaction with GFE to authenticate the user when timeout occurs.
MDM and Security: Compliance Policies
Secure Docs editors take advantage of the GFE MDM commands through the use of the Good Dynamics Libraries.
When an MDM command is sent from GMC to the GFE application, not only will it trigger an action on the GFE side,
all connected Secure Docs editors will be triggered. The following MDM features are supported:
• “Lock” – Remotely lock GFE and Secure Docs editors
• “Wipe” – Remotely wipe all container data, GFE and Secure Docs editors
In addition to MDM functionality, the following Security Policies are supported:
• “Password Timeout” – Maximum timeout before password is required for client unlock
• “Lock on Background” – Always lock the UI when entering background mode
• “Enable Lock Notifications” – Show notification alerts on lock screen for this user
• “Cut / Copy / Paste” – Disable container data to be cut, copied, and pasted outside of the container.
The following Compliance Policies from GMC are also enforced upon the launch of a Secure Docs editor:
• “OS Version” – Compliance requires that the device is running one of a set of supported OS versions
• “Model” – Compliance requires that the device hardware is in a set of supported hardware
• “Rooted” – Compliance requires that the device not be Jailbroken
• “Good Dynamics Library” – Compliance requires that the device is running one of a set of supported Good
Dynamics library versions.
Good Technology
866-7-BE-GOOD
www.good.com
Secure Docs Technical Whitepaper
5
Data Storage and Encryption
Secure Docs editors use the Good-provided Good Dynamics Libraries to store and retrieve data and perform related
encryption and decryption functions, in combination with a user-provided password, where that password’s length,
complexity, etc. shall be defined by policy parameters passed from the GFE application to the Secure Docs editors, as
further described below. The Good Dynamics Libraries handle all aspects of password selection, password updates,
and related key generation and management, data encryption and storage, and data decryption and retrieval.
The Secure Docs capability disables the ability for a user to store data unencrypted, outside the storage provided,
through the Good Dynamics Libraries.
Data Leakage Controls
Secure Docs carries the same set of flexible policies as GFE that helps manage the mobile fleet and keeps corporate
data secure. Secure Docs includes an extra set of secure policy features: Prevent data loss and data exposure by
disabling cloud-based sync and sharing options. Easily set security levels and which approved third party editors
your employees can use for viewing and editing documents.
In addition to the use of the Good Dynamics Libraries to provide for secure and encrypted data storage, Secure
Docs editors implement the following application-level controls to prevent data loss/leakage to other native and/or
third party applications and cloud services:
• “Cut/Copy/Paste” – If an application allows a user to cut/copy text, and paste it outside of the application,
you must first implement cut/copy/paste policy controls that prevent the end user from copying data either
“into” or “out of” the application. The Good Dynamics library will provide current policy at startup and invoke
a callback if the policy changes. The Good Dynamics library will also clear the clipboard automatically when
the third-party editor enters background mode. This policy is controlled by the GMC and mirrors the policy
set for GFE.
• “Open With/Open In” – Secure Docs editors prevent the user from opening documents “with” or “in” other
native and/or 3rd party applications, other than within the Good for Enterprise application itself.
• “Connect To/Upload” – Secure Docs editors disable the ability of the user to upload documents to 3rd party
document storage/sharing services, FTP servers, etc.
• “Send/Save” – Secure Docs editors do not allow the user to “Save” or “Send” documents using any 3rd party
or native applications.
• “URL-Based Invocation” – Secure Docs editors do not allow for URL-based invocation or provide any
URL-based or other similar external interfaces that would allow the application to be launched or application
functions to be used by any native or 3rd party application.
• “Save”1 –Secure Docs editors allow the user to “Save” selected documents, both in their own file store and
in the GFE application. Secure Docs editors do not allow saving to any other apps or storage areas on the
device, other than the storage provided through the Good Dynamics Libraries, or in the GFE application. The
Good Dynamics Libraries will provide an Application Programming Interface to enable this “Save” function.
• “Send” – Similarly to “Save”, Secure Docs editors allow the user to “Send” selected document(s) using
the GFE application. They do not allow sending via native email or any 3rd party application. The Good
Dynamics Libraries will provide an Application Programming Interface to enable this “Send” function.
The first Good for Enterprise – iOS client version to include support for Secure Docs is v1.9.6.
Both the “Save” and “Send” features are executed using the “Open With” API. To either save or send a document to GFE, a use selects a button that
securely pushes the document to GFE. The user is then asked via a dialogue box whether they would like to Email or Save the document. Selecting Email
will launch Good Compose. Selecting Save will save the document in the Good File Repository.
1
Good Technology
866-7-BE-GOOD
www.good.com
Secure Docs Technical Whitepaper
6
Conclusion
In today’s dynamic business environment, enterprises must keep pace with technological innovation while
maintaining corporate security.
With Secure Docs, employees can increase productivity on-the-go. And IT can rest assured that all enterprise data
is secure.
To learn more about Good solutions, visit good.com or call 866-7-BE-GOOD.
Good Technology
For more information,
please call 866 7 BE GOOD
or visit www.good.com.
Global Headquarters
+1 408 212 7500 (main)
+1 866 7 BE GOOD (sales)
EMEA Headquarters
+44 (0) 20 7845 5300
©2012 VISTO Corporation and Good Technology, Inc. All rights reserved. Good, Good Technology, the Good logo, Good for Enterprise, Good
for Government, Good for You, Good Mobile Messaging, Good Mobile Intranet, and Powered by Good are trademarks of Good Technology, Inc.
ConstantSync, Constant Synchronization, Good Mobile Client, Good Mobile Portal, Good Mobile Exchange Access, Good Mobile Platform, Good Easy
Setup, Good Social Networking and Good Smarticon are either trademarks or registered trademarks of VISTO Corporation. All third-party trademarks,
trade names, or service marks may be claimed as the property of their respective owners. Good and Visto technology are protected by U.S. patents
and various other foreign patents. Other patents pending.
WP_Secure Docs_Jan2012_US
Good Technology
866-7-BE-GOOD
www.good.com
Secure Docs Technical Whitepaper
7
Related documents
february 23-april 2 calendar 2009
february 23-april 2 calendar 2009
Directions to create a Google Docs account
Directions to create a Google Docs account
OFFICE OF DIVERSITY AND MINORITY AFFAIRS
OFFICE OF DIVERSITY AND MINORITY AFFAIRS
Sept - JvR (RAA) - iConnect
Sept - JvR (RAA) - iConnect
Click Share & Save
Click Share & Save
File - Survival SOS
File - Survival SOS
DBQ Checklist
DBQ Checklist
Docs
Docs
Converting Office to Google Docs
Converting Office to Google Docs
Attendance will be taken at each meeting and will be factored into
Attendance will be taken at each meeting and will be factored into
Download