In this tip, session speakers Bill Wimer and Paul miller detail the out-of-the-box security features for IBM Notes Traveler around connecting devices, restricting access, remote data wipes, device security policies (iOS, Android, Windows Phone, BlackBerry 10, etc.), and attachment security for iOS and Android.
2. 22
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole
discretion.
Information regarding potential future products is intended to outline our general product direction and it should not be relied
on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver
any material, code or functionality. Information about potential future products may not be incorporated into any contract.
The development, release, and timing of any future features or functionality described for our products remains at our sole
discretion
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The
actual throughput or performance that any user will experience will vary depending upon many factors, including
considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage
configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve
results similar to those stated here.
Please Note
4. 7
Notes Traveler – Connecting Devices
Data in motion is encrypted
− All device clients support SSL
connections
− Notes Traveler server can enforce that
and SSL connection is required
Administrator can block devices of a
specific type or class (
https://ibm.biz/BdRZSi )
Administrator can require that devices must
be pre-approved before they can sync
data
5. 8
Notes Traveler – Restricting Access
Only users that are authorized to use this server can
connect devices to the server
6. 9
Notes Traveler – Restricting Access
Require devices to connect
from a specific IP address or
range of addresses
7. 10
Notes Traveler – Restricting Access
Administrator can explicitly deny access to specific
devices
8. 11
Notes Traveler – Remote data wipe
Performed by administrator
(admin console) or device owner
(self service user page)
Option to erase just Notes
Traveler data or reset the
device to factory settings
Once wiped, administrator (or
user) must clear wipe command
9. 12
Notes Traveler - Device security policies
Notes Traveler Administrator can define basic device security policies using the Notes
Traveler administration console (https://traveler_host/LotusTraveler.nsf)
− If policies change, they are pushed to the devices
− Device enforces policies, locks out the application if device is not compliant
Security capabilities vary slightly by device type
10. 13
Notes Traveler – Apple iOS security policies
Most settings
enforced using
Apple EAS account
Settings apply to
entire device, not
just PIM account
11. 14
Notes Traveler – Windows Phone/RT/Pro security policies
Most settings
enforced using EAS
account
Settings apply to
entire device, not
just PIM account
12. 15
Notes Traveler – BB10 security policies
Most settings enforced
using EAS account
Settings only apply if
device is not managed
via BES 10
Use BES 10 policies to
separate work and
personal data
13. 16
Notes Traveler – Android security policies
Notes Traveler client
installs Android Device
Administrator account
Supports both device
wide policies and Notes
Traveler application only
policies
14. 17
Notes Traveler – Attachment security policies
Problem
− Attachment file data can be “opened in” untrusted or unapproved 3rd party
applications
− Business no longer able to control access to the file data
− Could be uploaded to Dropbox or other cloud based service
− Shared with editors that allow “save as” to the SD Card
Solution
− Notes Traveler Attachment Security Policies
− IBM Notes Traveler Clients and Administration updated for 9.0.0.1
− Policy is administered via Notes Traveler web based administration
− Clients Supported
Apple iOS using Traveler Companion
Notes Traveler for Android (9.0.0.1+ version)
15. 18
Notes Traveler – Attachment security policies
Administrator defines attachment handling policies
− View only option for files where the platform supports embedded viewing (iOS)
− Define which applications are allowed to consume attachments (Approved
Applications)
Notes Traveler clients modified to recognize attachment policies and limit attachment
sharing
Advantages
− Can be used out of the box with a small amount of definition needed by the
administrator
− No additional software or hardware requirements (no separate MDM solution needed)
− No application wrapping, app vendor integration or testing of wrapped applications
required
− Able to leverage built-in viewer technology on iOS
16. 19
Traveler administrator enables a policy to only
allow built-in viewers or approved applications to
access attachments
Notes Traveler – Attachment security policies
Android
Apple iOS
17. 20
Notes Traveler clients
enforce that attachments
can only be shared with
applications in this list
Changes to Approved
Application list are
pushed to clients
Notes Traveler administrator defines list of Approved Applications for attachment handling
If no applications are defined, only built-in viewers are allowed (where supported)
Notes Traveler – Attachment security policies
18. 21
User clicks on attachment in email. If Approved Applications are installed, user selects
which application to use to view the file.
Only viewers defined by the administrator as an Approved Application are considered for file
handling.
Allows for disconnected viewing/handling of attachments
3rd party viewer unless open document format (Lotus Symphony)
Notes Traveler – Attachment security for Android
19. 22
No file attachments are present in the Apple
iOS mailbox
Built-in viewing scenario
File data never leaves Companion
Traveler Companion AppApple iOS Email App
Supported document types
Microsoft Office documents
Rich Text Format (RTF)
documents
PDF files
Images
Attachment security for iOS iWork documents
Text files
Comma-separated
value (csv) files
20. 23
Traveler Companion using Approved Applications
− Open In menu will display all possible apps, as there is no way to suppress
individual apps from the list
− If user selects an app that is not approved, Open In operation fails with message
− Apps defined using Approved Applications use Open In normally
Long
Press
Attachment security for iOS