Architecture

A Modern Compliance Platform

Built from the ground up for the cloud, Ensure’s unique architecture delivers the performance, scale, elasticity, and concurrency today’s organizations require.

Ensure is a single, integrated compliance platform delivered as-a-service. Ensure eliminates the administration and management demands of traditional compliance data systems, making it an ideal solution for modern third-party security.

 

No Device Enrollment

No enrollment of users: The U.S. patented Ensure technology is able to check the status of devices without having to onboard them into a mobile device management system (MDM). There is no need to enroll any of the devices that you would like to check for compliance.

Targeted Soft Roll-Out

Gradual roll-out: It’s possible to target specific IP-numbers and later, gradually, open up for more IP-numbers to go through the device compliance check.

Customers can start the compliance process with self-attestation and educational pop-up messages. The tailored messages describe the importance of endpoint security as a cornerstone for compliance.

Later, you can turn on the enforcement mode.

Enforcement Override

Your administrator may override a check for a specific device, if needed. This can also be delegated to Ensure’s 24/7 helpdesk.

Encryption Detection

Ensure verifies disk encryption with a minimum key length of 128 bits. The agent will check for disk encryption regardless of if it is OS-native (BitLocker or FileVault2) or any other vendor encryption software. File or folder encryption is not approved.

For smartphones running iOS and Android, Ensure verifies that the passcode is activated and that the device is encrypted, before access to your network is granted. It also checks that Android devices are not rooted.

 

If a device fails the encryption check, there is a self-remediation service to have the device encrypted.

Cross Portals

Once the agent is downloaded and installed on a device, the agent can be re-used for device checks on other websites/portals running the Ensure platform. There is no speed degradation on the device due to the check. After the agent has performed the check it remains inactive until next time a verification is prompted.

False Negatives

A case number is generated for blocked devices. Your support helpdesk is able to manually verify if the device is compliant and remotely allow the user to continue the login. This capability can also be delegated to Ensure’s 24/7 technical support helpdesk team.

Ensure Endpoint Tech Servers

Each time a new device requests to log in to a website/portal, it connects to the Ensure server. This triggers a download of a verification agent. The Ensure servers are based in the U.S., using mirroring and redundant back-ups for high availability. The U.S. patented Ensure technology has been developed by the same team that developed PointSec – a world leading full disk encryption software. All communication between the Ensure agent and the Ensure servers is secured by TLSv1.2.