Subscribe via RSS

Mobile Certificate Management System (mCMS)

The traditional boundaries between the workplace and home continue to blur as employees are increasingly pushing to use personal devices for work related activities. Organizations can no longer avoid taking a strategic approach to Consumerization and provide IT support for non-standard operating systems, such as Apple iOS. The primary concern as employees bring their personal devices into the workplace is security.

Resources
View mCMS data sheet PDF »

Mobile Certificate Management System (mCMS)

Addressing the “Consumerization” of IT

The integration of personal devices into the workplace poses a security threat as existing enterprise mobile security settings often operate with insecure enrollment and certificate management features. CSS’ Mobile Certificate Management System (mCMS) gives IT departments an automated and scalable way to securely configure and enroll iOS devices through a user friendly web interface. This unique customizable certificate management system fills crucial security holes often left by Mobile Device Management Systems (MDMs).

How mCMS works:

The process begins with an IT administrator giving selected users permission to authenticate their iOS devices in the corporate network through Active Directory. Developed with ease-of-use in mind, the system directs end-users or IT administrators to a user friendly web interface to begin the enrollment process. A comprehensive mobile configuration file will download to the device and begin to configure corporate settings and initiate the certificate creation process. CSS’ certificate creation process allows for a non-exportable private key to be generated and always remain on the device. Certificates created for iOS devices will be stored in the Certificate Authority and will later receive notifications to renew certificates before they expire from CSS’ Certificate Reporting Tool.

 

Key Features:

  • Generates customized certificates for each user
    • Populated from Active Directory (user ID, UPN, Email address)
    • Fully identifies each user to AD during authentication
  • Maintain secure SCEP server settings by providing unique end-device certificate’s Common Name and SCEP one-time passwords
  • One-step enrollment and security configuration process
  • Automated handling of certificate expiration
  • Private Keys are generated on the device and are non-exportable

Email Encryption Features:

  • S/MIME requires the recipient’s certificate to send encrypted email
  • Each PKI user needs exactly one email encryption certificate
    • Installed everywhere they read encrypted email
  • mCMS can automatically install S/MIME encryption certificates archived by Microsoft FIM onto iOS devices

Key Benefits:

  • Eliminate the use of shared passwords
  • Maintains the ability to claim non-repudiation
  • Automates and scales the configuration and enrollment of iOS devices while maintaining the integrity security posture
  • Secure on-device private key generation
  • Enables the use of encryption
  • Light-weight mobile management solution
  • Enable iOS devices to easily and securely authenticate and enroll for certs over wireless or VPN connections within an Active Directory environment
  • Secure end users
  • Achieve “smart card like” functionality

Product Requirements:

  • Certification Authorities
  • Windows Server 2008 R2
  • Active Directory
    • -Windows 2000, Server 2003, Server 2008
  • SMTP Server
  • -Microsoft Exchange 2007, 2010
  • -Lotus Notes

For licensing information, please contact us.