Whether you work with High Risk Data or simply want more protection, Cardinal Protect provides an all-in-one managed secure desktop that includes modern endpoint management, enhanced threat detection, and automatic backups for optimal data protection.
Cardinal Protect eliminates the need to use a separate Privileged Access Workstation (PAW) device to access administrative accounts and manage high-risk systems.
Features
You can expect a comprehensive set of security features, including:
- Modern endpoint management. Automated device management for more convenient software deployments.
- Advanced endpoint protection. Endpoint security platform delivered by Crowdstrike EDR to guard against breaches, data theft, and cyber-attacks.
- Automated backup. Automated backups with version control performed via CrashPlan to help fend off ransomware attacks that could make your data inaccessible.
- Anytime, anywhere, any device access. The virtual desktop (VDI) version allows you to access highly sensitive data from your Stanford-issued laptop/desktop or mobile device via web browser, Horizon client on macOS, Windows OS, iOS and Android.
- For Windows systems
-
- Hardware reporting (model, serial, BIOS/TPM status)
- Automated OS build version tracking/updates
- Alerts issued for changes in System Integrity Protection and secure configurations
- BigFix/Intune
- CrowdStrike
- BitLocker
- Enforcement of local firewall, with default deny and reporting of open ports
- Auto-install of core applications
- Firefox/Chrome/Opera/Brave
- uBlock Origin
- Microsoft 365
- Jabber
- Slack
- Zoom
- Cisco AnyConnect VPN
- Automated system backup (Crashplan)
- Local log monitoring
- Remote wipe capability (under Intune)
- For macOS systems
-
- Hardware reporting (model, serial, etc.)
- Automated OS version tracking/updates (n-1 supported)
- Alerts issued for changes in System Integrity Protection and secure configurations
- BigFix/Jamf
- CrowdStrike
- FileVault2
- Alerting for changes to Apple File Sharing and Remote Desktop. SMB sharing disabled
- Enforcement of local firewall, with default deny and reporting of open ports
- Auto-install of core applications
- Firefox/Chrome/Opera
- Microsoft 365
- Jabber
- Slack
- Zoom
- Cisco Secure Client VPN
- Automated system backup (Crashplan)
- Local log monitoring
- Remote wipe capability
Designed for
- Departments that want to provide a higher level of endpoint security for their users
- Stanford University faculty and staff, including university directors and deans, who work with sensitive information or simply want more protection
- System Administrators and other PAW users who want to simplify to one device for all their work
Requirements
- Windows Service
-
- An existing CrashPlan Backup service subscription
- Requires Windows 11 capable system, either new (out of the box) or eligible for restoring.
- Windows 10 compatibility coming soon
- Users may need to back up their Windows device before converting to Cardinal Protect
- Windows OS must be within Microsoft’s support window.
- macOS Service
-
- An existing CrashPlan Backup service subscription
- New or existing macOS devices with an Apple T2 or newer security chip
- Devices must be purchased through Stanford procurement or the University bookstore and registered in Apple School Manager (ASM)
- Users may need to back up their macOS device before converting to Cardinal Protect
- Supported devices must be within the two most recent macOS versions.
- Virtual Desktop Service
-
- An existing CrashPlan Backup service subscription
- Windows 10+, macOS 10.14+, Linux, iOS 12+, and Android OS
- Laptop, desktop, or mobile device that runs any of the previously mentioned operating systems
- Browser access requires HTML 5
Data security
This service meets the Information Security Office requirements.
Rates
See the Cardinal Protect rates page.
Get started
Get help
For questions or support
- Submit a Help request to your local IT department for general troubleshooting
- Escalate Help requests to the UIT EUX Product Support Team (PST) for Cardinal Protect specific troubleshooting
- Escalate Help requests to the UIT Client Infrastructure Solutions Group for Cardinal Protect VDI specific troubleshooting
- Cardinal Protect FAQ for IT admins
Learn more
- Why must my device be registered in Apple School Management (ASM) for macOS Cardinal Protect?
- ASM, which is Apple’s device management portal for educational institutions, enables the installation of Cardinal Protect. You can learn more about ASM by navigating to the Apple School User Guide.
- How do I know if my device is registered in Apple School Management (ASM) for macOS Cardinal Protect?
- If you have a Stanford device that was purchased through Smartmart or from the university bookstore, your device is registered in ASM upon purchase.
- How do I back up and restore my macOS device?
- Refer to Apple's Back up your Mac webpage for instructions on how to backup or restore your Mac. If you need additional technical assistance, contact your department IT support.
- What are the benefits of Cardinal Protect for those who currently use Privileged Access Workstation (PAW)?
- Cardinal protect simplifies your day-to-day work experience by providing the protection that you need on one single device, eliminating the need to use a separate PAW device to access administrative accounts.
- Does Cardinal Key work with Cardinal Protect?
- Yes. Cardinal Key works on a Cardinal Protect device just like any other supported device.
- Do I have to wipe my device before converting to Cardinal Protect?
- Yes, in order for a macOS device to enroll with Cardinal Protect, it must be completely wiped.
- What firewall limitations will be imposed?
- The firewall is enabled to block unauthorized applications, programs, and services from receiving incoming connections, except for essential Internet services like DHCP, IPSec, and authenticated/signed applications.
