July 02, 2003, 2:15 PM — As vast amounts of enterprise data find their way onto handhelds (PDAs, smartphones, and related products), more than a few IT managers are beginning to voice the same concern: how do we protect the integrity of our information on these devices, how do we management them, and how do we secure them?
At first glance, the problem really isn't all that different from what's required on notebooks, except for one little problem: the operating environments on PDAs are completely different. Almost everything we know and love (OK, use) on notebooks is unavailable in its native form on handhelds. So, given the way handhelds evolved as a personal and not an enterprise resource, it shouldn't be a surprise that a whole new set of tools is required. Still, there's some overlap between the two worlds.
Briefly, here are the core considerations you must be aware of:
Physical security: We must begin with the most obvious but also most often overlooked aspect of mobile device management. What happens if the device is lost, stolen, or otherwise misplaced? Information thieves know this really is the best way to accomplish their nefarious mission. Which leads us to...
Encryption: I urge you to encrypt any confidential information you put on your PDA. Again, if it's lost or stolen, you'll quickly realize that the value of the data far exceeds the value of the device that holds it. Products such as PDA Defense go far beyond simple encryption and passwords. For example, they can erase your local data files in the event someone is clearly trying to break into your device. There are lots of choices here. See also Sentry 2020 for PocketPC from SoftWinter and Trusted Mobility Suite from Trust Digital just for starters.
Network security: There's really no substitute for a good virtual private network (VPN), and PDAs can be clients in this form of network protection. Any good remote access strategy is going to have end-to-end security at its core. While there are many clients and approaches possible here, see VPN-1 SecureClient from Check Point Technologies Ltd. for an example.
Device integrity: Managing a PDA is not different in principle from that activity for PCs and other platforms, but the tools are very different. Of particular interest are all-in-one solutions that can manage application and data configuration as well as provide security. For an example, see Afaria from ExcelleNet for an example.