Bitzer Enterprise Application Mobility v2.4
Strengths: Secure container approach; built-in support for custom apps; native application access to existing network shares
Weaknesses: Possible data leakage in some rare cases; however, the workaround proves adequate
Verdict: An excellent product worthy of consideration in almost any environment
Providing complete isolation of corporate data within an end-user-owned mobile device, Bitzer Enterprise Application Mobility (BEAM) allows IT departments to enforce data leakage protection policies while offering secure access to internal applications - without the use of VPN.
The tool was provided via access to a preconfigured server, so our experience with the nuances of actual server configuration is limited. It consists of a gateway server, administration control panel, mobile file manager, notification server and database, all of which can be deployed on separate servers or consolidated to reduce server footprint. At minimum, the product requires Windows Server 2008 and either MySQL 6.1 or Microsoft SQL 2003. Bitzer does recommend that the gateway server be installed separately from the other components in a production environment. The client application runs on iOS and Android mobile platforms.
The feature set is impressive. Oriented around the concept of a container, BEAM sets up a secure sandbox on the end-user devices. In-house or other third-party applications can be trusted by the product, and are considered at that point to be 'containerised', and secured the same way, as are the native Bitzer apps. These apps can be added to the Bitzer home screen via the 'add vApp' option, which functions like a private app store, or can be force-installed via policy. Sites accessed through the included secure web browser are tunnelled through the BEAM gateway, providing access to internal-only sites.
There is a slick secure file manager that provides access to existing internal file shares, such as Windows CIFS shares. Policies can be configured, which provide data leakage protection, and the containers themselves can be configured to auto-lock or wipe themselves when jailbreaking or rooting is detected. Administrators can also manually issue a lock or wipe command in the event of device theft or employment termination. We did find that it is possible, in some cases, for a device that has been locked to still display whatever data was last being viewed before the container was locked.
Documentation is thorough, providing enough detail to walk administrators through the setup. The construction of the installation and troubleshooting PDFs is a little basic however, providing screenshots where appropriate, but no bookmarking or internal document hyperlinking.
Three different support levels are available. Basic is included in the licence fee, which provides eight-hours-a-day/five-days-a-week email and level two phone support. For an additional fee, administrators can upgrade to one of Bitzer's 24/7 support options, which provide email and phone access to level two or one help services.
BEAM starts at a cost of £60 per user per year. Perpetual licences are available, starting at approximately two times the normal annual subscription price, plus a yearly maintenance fee that covers bug fixes and upgrades. Basic support is included in the licence fee, with the 24/7 support upgrades available at an additional cost.