CIS Mobile secure mode for Android phones altOS

Secure Mode

CIS Mobile’s altOS provides security functionality that is missing from consumer mobile operating systems. The dominant posture in government today is to limit the use of mobile technology and generally ban smartphones from all sensitive facilities. This has the unfortunate side effect of alienating employees who want the convenience and productivity advantages mobile has to offer.

Our Secure Mode capability strikes a balance between security and usability with a geofenced policy-controlled setting that locks down all radios, cameras, and microphones in the device – preventing their use anywhere near or inside designated facilities. Rather than excluding smartphones from the facility, a device in Secure Mode can be allowed into designated buildings where it can connect to the internal wired network and still function as a useful computing device.

Secure Containers

The altOS customer can deploy distinct secure containers to the same phone. Each container operates as an isolated Android phone instance, yet the user can quickly switch between them with a fingerprint, PIN or passcode.

Each container follows unique policy rules defined by the administrator, and each can be managed as a separate device by your preferred mobile device management system. The altOS platform allows a user to carry a single phone that allows for personal use as well as strictly controlled government use.

New containers can be pushed on-demand to a phone to enable mission-specific tasks. Containers can be backed up (encrypted) to cloud storage, deleted from the device and restored later, allowing anonymity and safety for individuals traveling while conducting government business.

CIS Mobile multiple encrypted containers one phone altOS
CIS Mobile centralized policy management and provisioning controls altOS

Device Management

Control your organization’s devices with centralized policy management. The browser-based altOS management console puts device management and provisioning under your control with a dashboard, policy editor, and QR-code based provisioning.

New devices are provisioned in a matter of seconds with a QR code that defines the containers and security policies. Deployments for thousands of devices are managed with a few clicks to define and distribute policy updates. The management server lets you control and monitor all your devices – providing real-time visibility on device status, location, security posture, and policy compliance.

Add, modify, and remove containers on-demand. altOS lets you keep up with changing operational requirements from the server, without recalling user devices or requiring awkward procedures in the field.

Secure Supply Chain

Mobile devices are highly complex computing platforms containing components and software packages from hundreds of sources. Security managers must think about how foreign adversaries could subvert their smartphones. The problem is intensified by software updates made over the air.

CIS Mobile breaks the typical supply chain attack sequence by replacing the smartphone operating system with altOS. altOS is developed from the original Android Open Source Project, then flashed to the phone in a CIS Mobile secure facility. Replacing the original OEM operating system with a custom-built and secure alternative significantly increases the difficulty for foreign adversaries to control the platform. CIS Mobile makes the source code available to our customers for review.

Customers using altOS control most aspects of the operating system from the management server. Operating system updates are managed and distributed by the customer. This control is a significant improvement over traditional updates pushed by the OEMs without advance customer approval.

CIS Mobile mobile threat defense against supply chain attacks with altOS