What are the security benefits of BizzTrust for Android?

BizzTrust is an intuitive solution to separate data, Apps and information flows on the Android operating system. In particular, BizzTrust allows secure usage of one Smartphone for both private and corporate use. Hence, in case malware compromises the private domain on the phone, the enterprise domain remains unaffected. In addition, BizzTrust network isolation ensures that only corporate resources are accessible from the enterprise domain. Furthermore, the BizzTrust VPN solution integrates flexible network admission control and application life-cycle management into the Android OS. This way, BizzTrust for Android protects your assets and provides reliable policy enforcement and access control throughout your network infrastructure.

What kind of isolation technology is used in BizzTrust?

To assure high performance and compatibility with the variety of available Smartphones, BizzTrust employs a form of container-based isolation and mandatory access control at all system layers of Android. Security labels are attached to Apps, data and network interfaces to enable the Android OS to distinguish private and business affiliation. The user can always find out the current label of a particular App based on the indicator in the status bar.

What is the performance impact of BizzTrust Compartmentalization?

The performance impact of BizzTrust is negligible when compared to regular Android installations. Instead of often advertised full virtualization solutions, our approach enhances the isolation of programs, networks and data in the Android OS itself. As a result, BizzTrust does not require duplicating OS kernel and middleware software on the phone, resulting in a highly efficient and flexible solution.

What VPN technology is supported by BizzTrust?

BizzTrust currently supports IPsec VPNs, using Strongswan. Split tunneling is also supported for IPsec based VPNs

How does BizzTrust integrate into network management infrastructures?

The BizzTrust VPN solution implements the Trusted Network Connect (TNC) protocol and IF-MAP interface for the exchange and of information and commands. TNC is specified for the EAP and TLS protocols, and, together with IF-MAP, provides a flexible communication link between monitoring and policy enforcement agents on client and server side. Finally, IF-MAP allows for the integration of BizzTrust into complex event processing systems of large enterprise networks.

How is access to sensitive resources on the network filtered?

BizzTrust employs network filtering on server and client side. On the smartphone, network access of the user's private applications can be restricted in a fine-grained way. For instance, one can forbid non-enterprise apps to access to company’sresources that would normally be accessible via VPN. On the server side, BizzTrust can use the meta-data collected via TNC (Trusted Network Connect) to restrict access for smartphones that do not comply with the enterprise network security policy. Based on information on installed Apps and versions, access to individual servers can be denied.

What kind of remote client monitoring and management is available?

We provide TNC agents on client-side to report the device identity and installed application versions of the Android smartphone to an enterprise's VPN policy enforcement authority. On the server-side, we implement verification of software versions and provisioning of software updates. Authorized devices in unsafe or unclear state are isolated into a quarantine and remediation environment. The TNC framework can be extended by custom plugins to gather more specific information about the smartphones requesting access.

How is BizzTrust deployed?

We currently support a number of smartphones running the Android OS. For these Smartphones we provide a modified Android firmware image. The installation process for most devices is straightforward and can be performed in minutes. After the initial configuration by the customer's IT department has taken place, the device can be handed out to the employees and will be managed through an over-the-air interface.

Which Android versions are supported by BizzTrust?

We support the most widely used Android version 2.2.3, 2.3 and 4.0.4.

Which smartphones are supported by BizzTrust?

BizzTrust is not restricted to special smartphones or manufacturers.. Many other recent Android smartphones can be supported as long as the manufacturer allows firmware updates by the user, such as for recent phones by Google, HTC and Samsung.