September 14, 2009, 4:45 PM — Today's portable devices, notably smartphones powered by the Windows Mobile, Symbian, Apple and Blackberry operating systems, are microcomputers in their own right.
But their processing power capabilities are significantly behind the curve of their desktop cousins. Our best estimates here at Credant are that the modern smartphone in your pocket or purse probably has the processing power of a PC of about a decade ago.
And therein lies the problem. Encrypting data on the fly on most smartphones if done in the wrong way can take a lot of processing power, with the result that users get frustrated with it and may just switch it off or ignore it.
But what happens if you don't encrypt the data on your portable device such as your smartphone or your laptop? What can possibly go wrong?
Quite a lot, when you consider the requirements of most industry specific compliance regulations, the growing number of state data security laws and statutes, as well as, the American Recovery & Reinvestment Act (ARRA) of 2009 that now mandates additional data breach notification requirements for certain types of companies.
These regulations, laws, statutes and mandates move the issue of data protection out of the good-to-have realm and firmly into the must-have category mainly because of the responsibilities they engender.
Those responsibilities are compounded by the fact that many company employees often use their own portable devices for business - and vice versa - meaning that security safeguards applied to company PDAs, smartphones and laptops are often not applied to personal devices.
Smartphones are minicomputers
As mentioned above, the latest generation of smartphones and PDAs are as powerful as the computers of the late 1990s - and their data storage capabilities are even more powerful.
The latest crop of Palm mobile computers/smartphones, for example, have a data capacity of at least 2 gigabytes if not much more, meaning that they can easily store 2,000 emails and/or 3,000 medium-sized documents, at the very least.
And not just can - they frequently do store thousands of emails and documents for ease of reference and replies out of office.
The only solution to all of these potential threats is encryption.
Encryption is clearly the way to protect communications. It won't stop eavesdroppers (whether government-sponsored, profit-driven industrial spies, or good old hackers) from intercepting your messages - but it will stop them gaining anything useful from them.
But encrypting communications is no longer enough - you also need to encrypt the data stored on the mobiles devices, and all endpoints, to stay on the right side of the law.
And the number of high profile laptop thefts is frightening, and growing.