This article contains information on common practices for Mimecast Mobile, including authentication methods, feature control, device security, software updates, cached data management, and best practices for maintaining application security.
Authentication
Mimecast Mobile applications support a number of user authentication methods. These can be used in isolation or combined to provide optimum benefit. The following articles provide further information in relation to authentication with Mimecast Mobile:
- Configure Authentication Profiles
- Secure Authentication
- Revoking Application Authentication Sessions
Feature Control
Application Settings are used to determine which users have access to which applications, and the features available to them in those applications. By default, all user applications are enabled for all internal domain users. These settings can be customized or restricted for selected user groups. Careful consideration should be given to enable only the features that are required during a Continuity event or during day-to-day access. Application Settings are for feature control and should not be relied upon to control general security.
If you disable Online Inbox functionality within Application Settings, the default viewer will be blank when an end user launches the Mimecast Mobile application.
Securing Mimecast Mobile Applications
Mimecast allows for comprehensive security settings to be applied as appropriate, based on the requirements of your users and organization. It is recommended that these be as restrictive as possible whilst still allowing users to work efficiently. The following are recommended best practice policy settings:
-
Application Settings:
- Mandatory application PIN lock:
- Prevents opportunistic interaction with the application interface.
- Set PIN lock timeout as short as possible.
- Authentication TTL to be set appropriately.
- Use Active Directory Groups to manage Application Settings membership.
- Mandatory application PIN lock:
- Mandate strong, complex Mimecast cloud password rules in Account Settings.
- Do not use shared accounts; each user should enter their own credentials.
- Where access to email in shared mailboxes is a requirement (e.g., delegated mailboxes), this can be enabled through the use of Smart Tags. The use of an Enterprise Mobility Management (EMM) platform is recommended:
- Mimecast Mobile v4 onwards can be deployed and managed via any EMM platform that supports the AppConfig standards.
General Device Security
Mimecast strongly recommends that all mobile devices be configured using current industry-standard security best practices. Devices must be secured at the operating system level to ensure base-level encryption of stored data. The following are recommended security actions for supporting mobile device use in general:
- Mandate strong, complex device passwords and not the standard 4-digit numeric PIN.
- Conduct regular security audits of the mobile estate.
Additional security enhancements (e.g., use of VPN tunnels and dedicated mobile gateways) will reduce the attack surface of the mobile estate. When mobile devices are communicating in a secure network, IP restrictions may be added in order to prevent access outside of this secure network.
Software Updates
Mimecast includes security updates as required in its Mobile application releases. As such, it is important to actively maintain the versions of Mimecast Mobile applications deployed to the mobile device estate to ensure the latest security enhancements are installed. To remain informed on the latest releases, Mimecast recommends subscribing to the service release updates or visiting our Service Updates page.
Only key updates will receive an RSS Feed or Service Update, as it is not always scalable for Mimecast to alert on every update we make due to our SaaS based continual deployment methodology. Additionally, we will not always disclose various technical updates in the public domain (i.e. via an 'app' store) for security reasons, but instead will notify our customer base directly if deemed relevant.
To view all devices that have ever been connected to your Mimecast instance using Mimecast Mobile apps, navigate to Users & Groups | Applications | Registered Applications within the Mimecast Administration Console. Using the Last Registered date, you'll see whether a particular device has recently accessed a Mimecast Mobile application. All devices are listed alongside the following information:
- User email address
- Device type
- Operating system
- Application name & version
Cached Data
In order to improve user experience, performance, and reduce unnecessary API calls, Mimecast Mobile apps utilize an on-device cache. Local caching also enables essential functionality (e.g. previewing files and embedded images).
| Platform | Cached Data | Cache Cleared | Cache Size |
|---|---|---|---|
| iOS |
|
|
|
| Android |
|
|
|
If you have any further queries, contact the Mimecast Support Team. See the Raising a Mimecast Support Case for full details.
Important Information
This document is a general guide to best practice when using the Mimecast Mobile application. It is not intended as advice and should not be treated as such. The information is provided without any condition, guarantee, promise, representation, or warranty as to the accuracy, completeness, or adequacy of the content. This document does not form part of any contractual documentation. Nor should it be relied upon in entering into any contract with Mimecast. Mimecast will have no liability of any kind, including direct, indirect, special, or consequential loss or damage, arising out of or in connection with this guide. and such liability is expressly disclaimed to the maximum extent permitted by law.
Comments
Please sign in to leave a comment.