FAQYour questions – Our answers
FAQYour questions – Our answers
Von der Gemeindeverwaltung über Landkreise und in Städten bis hin zu Bundesbehörden.
What is SecurePIM?
SecurePIM is a container app for secure mobile working. SecurePIM sets up a secure mobile workstation on a smartphone or tablet (iOS or Android), where all important information and data is stored and used within an encrypted container. All data is encryted at rest, as well as in transit. This prevents unauthorized access from outside. E-mails are encrypted according to the S/MIME standard. The app consists of several modules, including the Outlook functions (email, calendar, contacts, tasks, notes), as well as a module for creating, editing and storing documents, a secure browser for accessing intranet pages, for example, a messenger and a secure camera. Easy to use and implement, SecurePIM is the easiest and most secure solution for mobile working.
For whom has SecurePIM been made?
SecurePIM is a solution for government and businesses with a high data security need, who want to provide workers with the same productivity they are used to on mobile and desktop meanwhile being assured that corporate data is safe and under control. Thanks to strict separation of private and business data on the device, SecurePIM is suitable for different enterprise mobility models like “bring your own device” (BYOD) or “corporately owned, personally enabled” (COPE) models. The solution offers different security levels and integrates seamlessly into existing infrastructures. The system solution SecurePIM Government SDS for iOS devices caters to especially high security needs. SecurePIM Government SDS is the only security solution approved by the German Federal Office for Information Security (BSI) to allow the processing and transfer of information classified as “restricted“ (“Verschlusssache – nur für den Dienstgebrauch” – VS NfD) on iOS (approval) and Android (pre-approval) devices. In addition, the iOS version has received approval for NATO RESTRICTED.
Which functions does SecurePIM offer?
SecurePIM offers the following functions: email, calendar, contacts, messenger including audio and video calls as well as conferences, document storing, creating and editing, access to fileshare, tasks, notes, encrypted browser for Internet and Intranet and a secure camera.
Depending on your operating system, the SecurePIM version your are using, and your company-specific settings the set of functions available may vary.
Which product variants of SecurePIM are available?
The SecurePIM solution is available in many variations, developed for different infrastructures, devices, mobility strategies, and security levels. In this, the SecurePIM App is available for iOS and Android and is compatible with both HCL Domino and Microsoft Exchange. The solution can also be integrated with an MDM solution (Mobile Device Management solution) or is configured and managed through the SecurePIM Management Portal. Thanks to our unique container-only approach, SecurePIM is flexible to adapt to diverse mobility strategies. Scenarios range from corporate owned devices like COPE (Corporately Owned, Personally Enabled) to BYOD (Bring Your Own Device) as well as mixed models, which combine several approaches.
Virtual Solution has developed solutions with specific security features for businesses with high security needs and for the government sector, SecurePIM Enterprise and SecurePIM Government. The system solution SecurePIM Government SDS includes additional security features to fulfill the highest security standards, for example a smartcard integration, enabling two-factor-authentication, as well as an integration into specific networks. Since Germany’s Federal Office for Information Security (BSI) has granted its final approval for iOS and a pre-approval for Android, the solution now allows processing and transferring information that is classified as “For official use only – VS-NfD”. SecurePIM Government SDS is the only security solution approved by the BSI on iOS and Android devices. Since July 2021, the iOS version has also been approved for NATO RESTRICTED.
What is so innovative about SecurePIM?
SecurePIM uses the Container technology to protect sensitive information and data on mobile devices. It compiles multiple functionalities in just one application. With the intuitive app, complex encryption processes become one-click-operations. Additionally, SecurePIM Government SDS is the only BSI-certified solution to work mobile with classified data (VS-NfD as well as NATO RESTRICTED) on iPhone and iPad in the government sector. For Android, there is a pre-approval for VS-NfD. SecurePIM is compatible with Microsoft Exchange as well as HCL Domino. SecurePIM is the core of every mobile strategy since it adapts to different infrastructures and conditions, while providing highest security.
On which operating systems does SecurePIM run?
SecurePIM is available for iOS and Android. Mobile devices with OS versions from iOS 14 and Android 8.0 are supported.
What makes SecurePIM Government SDS particularly secure?
The solution certified by the BSI is a system solution with several components. In addition to the app a smartcard is integrated. Highly sensitive operations within the SecurePIM app are relocated to the smartcard from the mobile device and are stored encrypted there. All data is securely synchronized with local network servers via a central access to Information Network Berlin-Bonn (IVBB) or other similar networks. The solution also uses an approved MDM system for configuration and administration. The BSI has granted their approval for the SecurePIM Government SDS system solution for iOS-based mobile devices and has given a pre-approval for Android. It can thus as of now be used for the security level “For official use only – VS-NfD”. The iOS version is also now approved for NATO RESTRICTED. The BSI guarantees that sensitive information and data are indeed protected.
Can I use SecurePIM with a smartcard?
SecurePIM Government SDS uses a smartcard for authentication. The TCOS 3.0 Signature Card Version 2.0 smartcard is supported, as well as the AirID 1, AirID 2 and AirID 2 mini smartcard readers.
What is the SecurePIM Gateway?
The SecurePIM Gateway secures the connection of the SecurePIM App to the infrastructure of the company or authority. The security is based on authentication by certificates and requires neither a VPN infrastructure nor VPN profiles for the mobile devices. The Gateway software appliance is installed in the DMZ of the company or authority. A specific interface in the firewall must be opened to allow the SecurePIM App to be accessed from outside. The gateway performs an identity check on the user and only allows access to verified users to access the Exchange Server via the secured SecurePIM App. At the same time, many other applications in the corporate network can also be secured with it. Direct access to the Exchange Server from the Internet is not necessary.
What is SecureCOM?
SecureCOM is a versatile application for secure business and corporate instant messaging. The messenger enables employees to exchange information and documents quickly and securely, as well as encrypted audio and video calls and conferences. SecureCOM can be operated just as intuitively as users of messengers are used to from their private environment. All important, business-critical functions are available. In addition, there are specific functions for public authorities, such as extended location functions for task forces. Users communicate via their preferred end device, as SecureCOM is available for all common mobile and desktop operating systems.
For whom has SecureCOM been made?
SecureCOM is for authorities and companies that want to enable instant messaging for their employees without taking security risks. Third parties have no access at all to the shared data. All data is encryted at rest, as well as in transit. SecureCOM fully complies with the GDPR.
Which functions does SecureCOM offer?
With SecureCOM encrypted messages (text, voice, video, multimedia, files) can be exchanged and voice and video calls can be made. Group chats and channels are available, in which conferences can also be held. There are various options for location sharing for task forces and field staff. All functions are fully end-to-end encrypted.
Which product variants of SecureCOM are available?
SecureCOM is available mobile for Android and iOS as well as a desktop version for Windows, MacOS and Linux.
In addition, SecureCOM is also available as a variant integrated into the SecurePIM communications application: Users have secure access to mail, calendars, photos, documents within a protected container and can share these contents directly in the chat without having to leave the application. This not only increases data security, but is also convenient for users.
On which operating systems does SecureCOM run?
All mobile phones and tablets with OS versions starting with iOS 14 or Android 8.0 are supported. The desktop version supports Windows 10, macOS 10.x and Ubuntu Linux 18.04 and higher.
What is the SecureCOM Server?
The SecureCOM server is responsible for provision, administration and secure communication setup and data forwarding. It enables the provision and administration of users, device management, connection setup and message and data exchange for encrypted end-to-end communication between clients.
The SecureCOM Server acts as the core component that connects the clients and, if required, also caches the data on the server for them. The SecureCOM Server is also the source of the location and mapping data. All services of the SecureCOM platform are securely enclosed within its boundaries and function without connection to any public service. The system design is completely designed to ensure that no data is passed on to external or public services.
What information does the SecureCOM Server store?
SecureCOM Server’s job is to connect and send messages between devices. It enforces privacy rules and it helps with establishing secure channels between devices. It acts as a conduit for communication, but it is unable to decrypt any of it. For every user SecureCOM Server stores:
- Address book of connected contacts (SecureCOM ID’s).
- Hashed and salted password with a unique salt for every user.
- SecureCOM ID.
- Privacy mode setting.
- All connected phone numbers and email addresses.
- Queue of messages that have to be delivered.
- Per device session identifier.
- Per device signature public key.
- Per device server side public and private keys for signatures.
- Per device signaling data (stun/turn).
- Per device name.
- Per device last seen time.
- Per device type.
- Per device token for push messaging.
What is VS IAT?
The Virtual Solution Infrastructure Analysis Tool (VS IAT) is a test application that can be used to test the infrastructure and setup for SecurePIM for possible misconfigurations. It helps to easily detect problems by automatically performing a wide range of configuration tests, and provides detailed information about problems that prevent SecurePIM from working as intended.
For whom has VS IAT been made?
VS IAT is designed for technical support, IT administrators and security engineers.
On which operating systems does VS IAT run?
VS IAT can be used with the operating systems iOS and Android. All mobile phones and tablets with OS versions from iOS 14 or Android 8.0 are supported.
Which functions does VS IAT offer?
VS IAT offers the possibility to perform setup tests on devices with the help of a series of predefined test runs. In this way, administrators can see, for example, whether the user has the correct network configurations, whether the certificates are correctly installed, valid and trustworthy, or whether the smartcard support is configured correctly.
The following test runs are available:
- Test for access to EST (Enrollment over secure transport) service and SDS Gateway with SDS-Trusted Root-CA list including smartcard support
- Test for access to EST Service and SDS Gateway with own Trusted-Root-CA-List incl. smartcard support
- ActiveSync test (incl. SecurePIM Gateway)
- Exchange Web Services (EWS) test (incl. SecurePIM Gateway)
What is SecureVPN?
SecureVPN is a companion app for SecurePIM (Android), which enables the establishment of a VPN connection without user interaction via an interface. In case of a mass rollout of Android devices, SecureVPN facilitates the setup of an IPsec IKEv2 VPN. This automates the installation as far as possible.
How does SecureVPN work?
SecureVPN can either be used together with an MDM or with SecurePIM Government SDS in combination with a smartcard. Each time SecurePIM is used, SecureVPN automatically establishes the VPN connection and disconnects it when it is no longer needed.
For use with MDM, SecureVPN must be provided as an Android Enterprise App in MDM. During installation, the VPN key is obtained via MDM. When using SecurePIM Government SDS, the key must be on the smart card so that SecureVPN can obtain it from there.
What is SecureVPN based on?
SecurePIM Management Portal (SMP)
What is SMP?
The application is managed and configured via the SecurePIM Management Portal (SMP), an integrated part of the SecurePIM solution. The SMP allows administrators to define security policies for the SecurePIM app and enforce them on mobile devices.
User management and maintenance is also easy. Administrators can add users for both SecurePIM and SecureCOM either manually or through LDAP import, assign different security standards to user groups or departments, and more.
The SMP also offers a self-service portal that can be optionally activated. The self-service portal allows users to manage their own mobile devices and easily transfer S/MIME certificates to the mobile devices.
How is the SMP operated?
The SMP is a Java web application. It runs in an Apache Tomcat with an Apache webserver as frontend. It can be provided as a server component (On-premises) for installation or managed on a server hosted by Virtual Solution AG with administrator rights (Cloud).
What is SecurePIM Gateway?
The SecurePIM Gateway secures the connection from the app to the IT infrastructure. It checks the identities of the users and only allows pre-verified access via the secure SecurePIM app. Hacker attacks can be avoided in this way, as Exchange servers, for example, are no longer directly connected to the Internet.
This gives users of the SecurePIM app secure and high-performance access to mail and calendar servers, file sharing and web apps. SecurePIM’s hardened browser secures mobile access to internal web-based applications such as knowledge and collaboration tools, support and ticket systems and CRM.
How is the SecurePIM Gateway operated?
The SecurePIM Gateway is installed as an application installed in the demilitarised zone on the server of a company or a government authority.
Do you have furhter questions?
If you have questions or need more information, please use our contact form. our experts will get in touch with you as soon as possible.
You would like to test SecurePIM at your company or authority? You can try it for 30 days for free.