On The Mobile Client
The AMS mobile client offers network transport security via SSL for connections between the device and the AMS server. If using a BlackBerry device encrypted MDS connections via BES and BIS are available as well as Direct TCP using HTTPS connections.
The AMS client can be remotely locked out from the server at any time by revoking it's device key. A device must be re-authenticated before access can continue.
Depending on the type of device, message data may be encrypted. On iOS and BlackBerry devices message data is encrypted using the built in device options, if enabled. On Android and J2ME devices messages are not encrypted. The Android client may have this option added in the future. For AMS clients on devices that provide encryption, remote wiping a device will also render the AMS message data unreadable.
Where possible, we recommend that devices are administered using Mobile Device Management software.
On The Server
All AMS servers are located in a secure SAS 70 II compliant datacentre. Public network connections run through a managed firewall and only ports 80 and 443 are open. Administration of the AMS client by Kinross staff requires two-factor authentication for access.
External systems such as the helpdesk are run on separate systems from the messaging server. Passwords to access the AMS web application are encrypted using a one-way hash and cannot be seen by staff.
The AMS Web Service provides administration methods for remote management of mobile accounts.
By default AMS is provided as a SaaS product and in the standard AMS service package message data is not encrypted on the server. However separate managed dedicated server installs or internal deployments are also possible to provide greater data protection and connectivity options, such as via VPN. Contact your AMS representative for more information.