Planning for device security

This section provides information about each IBM Traveler security option and how they can be applied by device type. You can use this information to plan your security configuration for IBM Traveler on your devices.

Table 1. Supported security options in IBM Traveler
IBM Traveler Support Security Option

Encrypted data in transit (through HTTPS) 1

Domino® encrypted mail

Remote wipe

Encrypted data at rest

Password monitoring to allow or deny access

Application level password

Apple

Supported

Supported

With IBM Traveler companion application available from the Apple iTunes store

Supported

Device wipe and IBM Traveler wipe options

Supported with Domino® policies or IBM Traveler device preferences and security settings.

Whole devices can be encrypted, and enabled and enforced with the security policies in IBM Traveler. iPhones that do not support hardware encryption can be blocked. iPhone 3GS, iPhone 4 and the iPad support hardware encryption. First-generation iPhone and iPhone 3G do not.

Supported with Domino® policies or IBM Traveler device preferences and security settings.

Not supported

Android

Supported

Supported

Supported (Device wipe requires Android 2.2 or higher)

Supported

The mail body and all attachments are encrypted using AES 256 bit encryption. This is the case if stored on an SD card or internal phone storage. The rest of the data is stored unencrypted in phone storage. This is implemented based on the Android application security model.

Supported with Domino® policies or IBM Traveler device preferences and security settings. Requires an Android 2.2 or higher device.

Supported. Enforceable from IBM Traveler device preferences and security settings

BlackBerry 10

Supported

Supported

Requires a BES to send encrypted mail from the device.

Supported

Device wipe; or when issued to a device managed by BES 10, it wipes only the work perimeter.

Supported

Supported with IBM Traveler device preferences and security settings

Not supported

Windows Phone

Supported

Not Supported

Supported

Device wipe and IBM Traveler Wipe options

Supported with Windows Phone 8 or higher versions.

Supported with IBM Traveler device preferences and security settings

Not supported

Windows Surface RT and Pro

Supported

Not Supported

Supported

Device wipe and IBM Traveler Wipe options

Supported

Supported with IBM Traveler device preferences and security settings

Not supported

Nokia Series 60/Symbian^3

Supported

Supported

Supported

Device wipe and IBM Traveler wipe options

Only supported on Symbian^3 devices.

Enforceable using Domino® policies or IBM Traveler device preferences and security settings.

Storage cards can be encrypted.

Supported with Domino® policies or IBM Traveler device preferences and security settings

Not supported

Windows Mobile

Supported

Supported

Supported

Device wipe and IBM Traveler wipe options

Storage cards can be encrypted. Data in native PIM and mail applications is not encrypted, except for Domino® encrypted mail.

Supported with Domino® policies or IBM Traveler device preferences and security settings

Not supported

For additional information on defining security polices, refer to Assigning preferences and security settings to devices. For additional information on remotely wiping a device, refer to Remote wipe.

1 It is strongly recommended that the connection used by mobile IBM Traveler clients is secured. This is most commonly done using an SSL connection but can also be accomplished by using a secure Virtual Private Network that is compatible with the mobile device. If the connection is not secured by one of these methods that provides encryption, then the data exchanged between the mobile client and the connection end point, including user ID and password data, could be susceptible to eavesdropping.