As vast amounts of enterprise data find their way onto handhelds (PDAs, smartphones, and related products), more than a few IT managers are beginning to voice the same concern: how do we protect the integrity of our information on these devices, how do we management them, and how do we secure them?
At first glance, the problem really isn't all that different from what's required on notebooks, except for one little problem: the operating environments on PDAs are completely different. Almost everything we know and love (OK, use) on notebooks is unavailable in its native form on handhelds. So, given the way handhelds evolved as a personal and not an enterprise resource, it shouldn't be a surprise that a whole new set of tools is required. Still, there's some overlap between the two worlds.
Briefly, here are the core considerations you must be aware of:
Physical security: We must begin with the most obvious but also most often overlooked aspect of mobile device management. What happens if the device is lost, stolen, or otherwise misplaced? Information thieves know this really is the best way to accomplish their nefarious mission. Which leads us to...
Encryption: I urge you to encrypt any confidential information you put on your PDA. Again, if it's lost or stolen, you'll quickly realize that the value of the data far exceeds the value of the device that holds it. Products such as PDA Defense go far beyond simple encryption and passwords. For example, they can erase your local data files in the event someone is clearly trying to break into your device. There are lots of choices here. See also Sentry 2020 for PocketPC from SoftWinter and Trusted Mobility Suite from Trust Digital just for starters.
Network security: There's really no substitute for a good virtual private network (VPN), and PDAs can be clients in this form of network protection. Any good remote access strategy is going to have end-to-end security at its core. While there are many clients and approaches possible here, see VPN-1 SecureClient from Check Point Technologies Ltd. for an example.
Device integrity: Managing a PDA is not different in principle from that activity for PCs and other platforms, but the tools are very different. Of particular interest are all-in-one solutions that can manage application and data configuration as well as provide security. For an example, see Afaria from ExcelleNet for an example.
Firewalls: If you're connected to the Internet (and who isn't), your PDA, just like your PC may be vulnerable. Consider a firewall product. See BlueFire Mobile Firewall from BlueFire Security Technologies for an example.
Virus protection: It pains me deeply to think that some yoyo out there has enough time on his hands to write viruses for PDAs, but, yes, they're doing it. You need to be prepared, and antivirus software for PDAs is now quite common. See eTrust Antivirus from Computer Associates International, Inc. and PC-cillin for Wireless from Trend Micro, Inc. to get an idea of what's available.
And finally, moving enterprise data to a PDA is an excellent opportunity to review your corporate security policy. This document defines what needs to be protected and how, and is based on an analysis of costs related to what happens if data is not properly protected. For example, who should be able to put enterprise data on a PDA? Should users mix business and personal use of the PDA? If you don't have a security policy, now's a good time to put one in place. After all, if you don't fully understand your security and other operational requirements, most other steps you take to protect your mobile data will be, at the very least, less than optimal.
Copyright 2003 by Farpoint Group. All rights reserved.