Bitzer’s Secure Container, equipped with an AppTunnel™, and mobile container management, not only allows secure access to Intranet sites and corporate documents but also preserves the compelling user experience of smart mobile devices. It offers the most integrated solution with Windows® authentication infrastructure for secure Single Sign-On (SSO) to corporate applications.

Key Capabilities ● Secure Container

- Clear isolation between personal and corporate information - Secure browser for accessing Intranet, SharePoint and other document stores - Encrypted off-line storage (if your security policy allows it) - Secure and easy Microsoft® Office document viewing, editing and storage

● AppTunnel - App level SSL tunnel ONLY from Secure Container - Eliminates need for device level VPN and risk of rogue apps

● Integrated Windows Authentication - Simple, SSO access to Windows enabled sites and applications with Kerberos or NTLM

- Strong 2-factor authentication supported (virtual smart card)

● Mobile container management (MCM) - Enforces policy on Secure Container, not user’s device - Remote lock/wipe, geo-fence or time-restricted access - Integrated with Active Directory to manage users/groups - Detailed usage statistics and management reports

● Cross-platform - Supports iOS, Android®, BlackBerry®, and Windows Phone devices

Bitzer Enterprise Application Mobility (BEAM)Organizations have restricted employee’s access to corporate network and data from mobile devices due to concerns of authentication, usability, policy control and data leakage. This problem is exacerbated by the avalanche of new mobile-device types and BYOD (Bring Your Own Device) programs. BEAM overcomes the mobile security risk by isolating corporate access and data from employee’s personal apps on mobile devices and by extending the trust gained within an internal network out to an employee’s mobile device while ensuring a rich, seamless user experience.

BITZER VALUE

•BYODwithoutcompromiseonITsecurity,standardsandpolicies

•Richuserexperiencebyusingemployee’sexistingcredentialsandSingleSign-On(SSO)

•ComparedtomobileVPN,asimplerandmoresecuresolutionwithlowertotalcostofownership(TCO)

•ZeroincrementalITinvestmenttosupportmultiplemobileOS’s;loweroverheadcostandhigherROI

BEAM Solution Components ● Secure Container

Ensures security by isolating personal from corporate data and apps. Provides authentication, secure browser and secure document viewing, editing, and storage. Supports iOS, Android, BlackBerry, and Windows Phone devices. Can be deployed through consumer or enterprise app stores.

● Admin Control Panel (ACP) Provides remote management of containers, logging, policy enforcement, and remote lock/wipe. Deployment on-premises or in the cloud.

● BMAX Gateway Offers secure Intranet access from mobile devices or smartphones with zero programming, simple deployment and low overhead cost. Supports SSO authentication via Kerberos or NTLM protocols utilizing username/password or PIN protected, PKI certificates.

Competitive ComparisonBMAX StAndAlone MoBile VPn

Certificate protection PIN-protected inside secure container None

Rogue App security AppTunnel not accessible by personal apps None. All apps on device have access to device-level VPN

Kerberos security Device trust with PKINIT Risky gateway trust with constrained delegation

Kerberos Maintenance No duplicate list of target servers Must maintain duplicate list of all internal servers

DLP (Data-leakage protection) Secure container and browser None

Deployment simplicity Install and use in minutes Requires specialized network engineer

Secure contAiner MdM

Device PIN No device PIN, users have direct access to personal apps

Requires cumbersome device level PIN to access any app on device

Data at rest encryption Provided for all data inside secure container. Protected by AES 256 keys derived from user credentials that are never stored on the client

None, depends on device manufacturer to provide

Data in transit encryption AppTunnel via SSL None, depends on device level VPN that is vulnerable to rogue apps

Application authentication Windows SSO None

Remote lock/wipe Only lock/wipe data inside container Lock/wipe user’s entire device

Compromised platform detection Yes Some vendors, yes

Rogue App security AppTunnel ONLY allows access from secure container

Basically none. Can blacklist apps, but only ones that are known bad and that’s usually too late

Security perspective Lock down container and only corporate access and apps

Lock down the device and manage ALL apps and access

Bitzer Mobile, Inc. | 440 N. Wolfe Rd. | Sunnyvale, CA 94085 (866) 603-8392 | sales@bitzermobile.com | www.bitzermobile.com

©2012 Bitzer Mobile, Inc. All rights reserved. Bitzer Mobile, logo, and the “simplifying enterprise mobility” tagline are trademarks of Bitzer Mobile, Inc. in the United States. All other trademarks are the property of their respective owners.

AppTunnel

IntranetApplications

Bitzer Secure Container“secure browser”

Bitzer AdminControl Panel

Bitzer Mobile Access

Xcelerator(BMAX)

90% will have a BYOD program by 2014 (Gartner)

81% of users would be “very frustrated” if they had to enter password

every time they wanted to

access Facebook. (Bitzer)

Competitive Comparison BMAX-SA STANDALONE MOBILE VPNCertificateprotection PIN protected inside secure container None. No PIN protection

Rogue App security App Tunnel not accessible by personal apps None. All apps on device have access to device level VPN

Kerberos security Device trust with PKINIT Risky gateway trust with constrained delegation

Maintainability No duplicate list of target servers Maintain duplicate list of all internal servers

DLP (Data Leakage Protection) Secure container, secure browser None

Deployment simplicity Install and use in minutes Requires specialized network engineer

BMAX Solution ComponentsSecureContainer—Enforces virtual smart card authentication, contains secure browser and secure document storage. Supports iOS, Android, Blackberry and Windows Phone devices.

AdminControlPanel(ACP)—Provides remote management of containers, logging, policy enforcement, and remote lock/wipe. Can be in the cloud or on-premises.

BMAX-SAGateway—Offers secure intranet access from mobile devices or smartphones with zero programming and simple deployment. Pluggable authentication connector supports Kerberos/X.509 authentication.

Bitzer Secure Container

Bitzer Admin Control Panel

BMAX Gateway Server

Enterprise Applications