Planning for device security

This section provides information about each IBM Traveler security option and how they can be applied by device type. You can use this information to plan your security configuration for IBM Traveler on your devices.

Table 1. Supported security options in IBM Traveler
IBM Traveler Support	Security Option
	Encrypted data in transit (through HTTPS) ¹	Domino® encrypted mail	Remote wipe	Encrypted data at rest	Password monitoring to allow or deny access	Application level password
Apple	Supported	Supported With IBM Traveler companion application available from the Apple iTunes store	Supported Device wipe and IBM Traveler wipe options	Supported with Domino® policies or IBM Traveler device preferences and security settings. Whole devices can be encrypted, and enabled and enforced with the security policies in IBM Traveler. iPhones that do not support hardware encryption can be blocked. iPhone 3GS, iPhone 4 and the iPad support hardware encryption. First-generation iPhone and iPhone 3G do not.	Supported with Domino® policies or IBM Traveler device preferences and security settings.	Not supported
Android	Supported	Supported	Supported (Device wipe requires Android 2.2 or higher)	Supported The mail body and all attachments are encrypted using AES 256 bit encryption. This is the case if stored on an SD card or internal phone storage. The rest of the data is stored unencrypted in phone storage. This is implemented based on the Android application security model.	Supported with Domino® policies or IBM Traveler device preferences and security settings. Requires an Android 2.2 or higher device.	Supported. Enforceable from IBM Traveler device preferences and security settings
BlackBerry 10	Supported	Supported Requires a BES to send encrypted mail from the device.	Supported Device wipe; or when issued to a device managed by BES 10, it wipes only the work perimeter.	Supported	Supported with IBM Traveler device preferences and security settings	Not supported
Windows Phone	Supported	Not Supported	Supported Device wipe and IBM Traveler Wipe options	Supported with Windows Phone 8 or higher versions.	Supported with IBM Traveler device preferences and security settings	Not supported
Windows Surface RT and Pro	Supported	Not Supported	Supported Device wipe and IBM Traveler Wipe options	Supported	Supported with IBM Traveler device preferences and security settings	Not supported
Nokia Series 60/Symbian^3	Supported	Supported	Supported Device wipe and IBM Traveler wipe options	Only supported on Symbian^3 devices. Enforceable using Domino® policies or IBM Traveler device preferences and security settings. Storage cards can be encrypted.	Supported with Domino® policies or IBM Traveler device preferences and security settings	Not supported
Windows Mobile	Supported	Supported	Supported Device wipe and IBM Traveler wipe options	Storage cards can be encrypted. Data in native PIM and mail applications is not encrypted, except for Domino® encrypted mail.	Supported with Domino® policies or IBM Traveler device preferences and security settings	Not supported

For additional information on defining security polices, refer to Assigning preferences and security settings to devices. For additional information on remotely wiping a device, refer to Remote wipe.

¹ It is strongly recommended that the connection used by mobile IBM Traveler clients is secured. This is most commonly done using an SSL connection but can also be accomplished by using a secure Virtual Private Network that is compatible with the mobile device. If the connection is not secured by one of these methods that provides encryption, then the data exchanged between the mobile client and the connection end point, including user ID and password data, could be susceptible to eavesdropping.