movianCrypt: A tighter grip on handheld data
As mobile workers rely more and more on handheld devices for access to the corporate back end, the fear among IS managers of losing control over corporate data should be shifting to panic. If the handheld device of a sales representative or executive was lost or stolen, who knows where sensitive company information could end up?
The simplest way to secure traveling corporate data is to encrypt it. For data on Palm Inc. and Handspring Inc. devices running Palm OS 3.0 or higher, Certicom Corp.'s movianCrypt could be the answer to the handheld security problem of companies that are heavily invested in Palm OS devices.
Most encryption products currently available for handheld devices require users to manually encrypt the data or follow a scripted procedure when shutting down the device. The problem with these methods is that hurried users often forget or neglect to take these extra steps, and the data ends up being stored unencrypted.
Certicom's movianCrypt solves this problem by decrypting and re-encrypting data automatically as individual files are opened and closed. IS managers can rest easy knowing that the security of corporate data doesn't depend on handheld users remembering to take steps to protect it.
movianCrypt goes beyond solutions such as LockMe, which provides only enhanced password protection of files but does not encrypt them. It also surpasses many competing encryption products, such as Secret, PointSec, and PointSafe, which encrypt only their own proprietary applications, such as their address book, leaving the data in other applications on the handheld unsecured.
Using 128-bit AES (Advanced Encryption Standard) encryption, movianCrypt protects the data in all third-party Palm applications that follow the Palm programming convention, as well as data in the built-in Address Book and Memo Pad applets. The software also encrypts application preferences and contents in the clipboard.
The biggest potential weakness in the movianCrypt approach is that users can opt to disable encryption for specific applications. But as long as users play by the rules, data on handhelds will be protected.
Companies interested in movianCrypt can purchase and download the product from Certicom's Web site. You can use either a Windows or Macintosh machine to install the software on a Palm device and to synchronize Palm data with HotSync-enabled products such as Microsoft Outlook, AvantGo Desktop, and Cutting Edge Software's Quickoffice. movianCrypt also works with Certicom's movianVPN, which enables enterprises to provide mobile workers with secure access to the corporate Internet from their wireless devices.
We downloaded movianCrypt onto a Windows 2000 Professional system and installed the software in a matter of minutes. The Windows installer created a directory to store the movianCrypt application files and invoked the Palm application installer to place the application on our handheld the next time we HotSynced the handheld and the PC.
Once installed on our Palm device, protecting data was a snap. We simply enabled movianCrypt, created a password, and generated some random data (by scribbling the stylus in a designated area of the screen) to create an encryption key. When enough random data had been supplied, the software thoughtfully alerted us.
After it is enabled, movianCrypt replaces the standard Palm OS Security application. As with the Palm OS Security application, users can gain additional privacy by masking the names of records with the label "private." In addition, movianCrypt supports the Palm feature that allows users to display owner information. In the event that your device is lost, another person can click on the Owner Info button and view the information. Hopefully they will contact you to return the device.
Using idle CPU time to encrypt data after a file is closed, movianCrypt doesn't interfere with the user's workflow. The software requires 98KB of disk storage and 8KB of dynamic memory when running. As an added precaution, movianCrypt doesn't store a user's password on the device, so the password can't be compromised if the device is lost or stolen.
Currently movianCrypt supports only the Palm OS, but Certicom plans to release a version later this year that will support Windows CE.
Companies are struggling to find ways to protect the increasing amount of sensitive information finding its way onto handheld devices. In many cases, the organization restricts users from storing company data on their handhelds. These restrictions are not only difficult to enforce but can also render workers less productive. Certicom's movianCrypt can help companies keep Palm handheld users productive without putting corporate information at risk.
|THE BOTTOM LINE: DEPLOY|
|movianCrypt Version 1.0|
|Business Case: This Palm OS encryption software prevents a lost or stolen Palm device from compromising sensitive corporate data. If you are looking to protect corporate information and personal data on handhelds running the Palm OS, movianCrypt is a good option.|
|Technology Case: movianCrypt protects Palm application data with 128-bit AES encryption and is compatible with nearly all third-party Palm applications. Because it encrypts and decrypts data automatically, data security doesn't depend on users remembering to encrypt files manually.|
+ Encrypts and decrypts data automatically on the fly
+ Uses strong, 128-bit AES encryption
+ Encryption is not restricted to specific proprietary applications
+ Automatic lockout feature
- Supports only Palm OS devices
- Not compatible with all third-party Palm applications
|Cost: Pricing starts at $39.95 per seat; site licenses available|
|Platform(s): Palm and Handspring Visor series devices running Palm OS 3.0 or later; installation requires Windows or Macintosh system|
|Company: Certicom Corp.; www.certicom.com|