Stratapult.
Expertise. Clients. Case Studies. Partners. Publications. News & Events. Careers. About Stratapult.
Overview      White Papers      Articles     
Articles .
 

The Problem with PDAs—and Why You Should Be Worried About It

April 2004

Biz Life Magazine

by Chad Cheek
 
There's a problem—and it is not the problem you think.  When personal digital assistants (PDAs) first emerged, the largest problem seemed to be which device to choose.  It was simply a choice based on personal preference and which device allowed better communication with constituents. 

Enter Smartphones, Blackberrys, wireless handheld computers…and the choices quickly became endless.

Then came the issue of support.  With so many new and affordable devices available, folks have a wider array of handheld hardware.  But when a device stops working, many users rely on their company's internal PC support staff.  The help desk may not be prepared for the management of such a varied selection of devices. 

While this remains a problem, there's a bigger problem that should concern not only PC Support and help desk professionals but also the head of IT, the CIO, the CEO and users themselves…Security.

Because handheld devices are much less secure than desktop or laptop computers, managing the security of information that can be found on these devices (and the networks they connect to), should be addressed in any enterprise that deploys or allows handheld devices by local, mobile or remote associates.  

The crux of the problem:  often employees select the device, sync information and then have corporate data exposed to many and varied security threats.

Because PDAs are small and portable, they're at greater risk of being stolen or lost.  Since it can easily fall into strange hands, any private, competitive or sensitive corporate data it contains is also at a greater risk of being lost or stolen.  These risks cause companies to restrict employees from connecting their devices to the corporate network.

There's no question about the need that handheld devices fill.  Many workers are mobile or work from satellite offices and, wireless and mobile technology allows this new class of associates to work efficiently and effectively.

Research confirms that more than two-thirds of all U.S. employees will be classified as mobile by 2006.  These folks will seek wired and wireless data network access over often unreliable, unsecured and bandwidth-constrained connections to maintain mobile productivity.  The challenge is keeping corporate, client and consumer data and networks safe from accidental and deliberate threats.

If you think corporate financial information is at risk, ponder what the health care industry has to consider.

More and more medical personnel and doctors use handheld devices to retrieve, record, store and update patient health information.  If these devices are not properly and securely managed, the information stored on them may be carelessly exposed or lost.  Why is this a problem?

The Health Insurance Portability and Accountability Act (HIPAA) which has been federally mandated to enforce the security protection of patients' medical information, will impact many healthcare service providers and their ability to provide managed and secured mobile and wireless services.

So how should the problem be addressed?  Planning the right level of security is critical. 

Companies must find a way to secure important and private data while it is being communicated over public networks.  Devices should be secure to allow access only by authorized users.  Devices and applications must also be made secure against malicious code. 

Malicious code?  That's right…viruses.  Seemingly every couple of weeks there's a new virus wreaking havoc on corporate networks.  Soon, hackers and malicious coders will target those vulnerabilities present in organizations that are proliferated with handheld devices. 

Network Week (January, 2003) reports, "IT managers should develop mobile security policies now to protect their companies and their employees from future viruses, worms, Trojans and hacker attacks launched via mobile networks…The proliferation of mobile devices, including PDAs, Smartphones and other devices transmitting data over wireless LAN, GSM, GPRS and Bluetooth connections, is set to create a gaping hole in the corporate data security over the next few years…"

While panic is not a good option, a strong sense of urgency is appropriate to ensure your corporate network is not at risk of exploitation.

The Solution

Effective management solutions provide the ability to manage mobile devices securely.  Included in many solutions are:

  • Access Control: The ability to prevent unauthorized users from accessing the device, potentially with a power-on password login screen. 
  • Device Protection: The ability to lock down a device from being tampered with.  Also, measures can be taken to limit what the user of the device is permitted to do (such as install or uninstall applications or change the device settings). 
  • Data Protection: Includes data encryption and the ability to purge data from a device so that critical data is safeguarded.
  • Remote Security: The ability to effectively manage many aspects of a device from a central console.  If a device becomes lost or stolen or if an employee is terminated, remote security can lock down, hard reset or permanently disable a device from use.

"How can we get there?"

There are more than twenty companies that offer available software to help with mobile and remote management security solutions.  Among them: Altiris, Novell, Sybase, Synchrologic and XcelleNet.

The first step, however, is to create some basic business and information management rules regarding how security measures should be taken enterprise-wide.  From the simple ones—such as requiring that all handheld devices must be equipped with a startup login password—to partnering with a software vendor or a technology solutions firm to develop a management model that makes sense for data sharing or making it available across an organization.

Everyone Must Take Action!

If you are the CEO, march down to head of IT's office, look him in the eye and ask these questions:

  • How do you plan to protect our company's critical data?
  • Do we have a plan in place to detect network intruders and viruses that may seek to exploit vulnerabilities that exist due to wireless and mobile device usage?
  • Do we have a plan to recover lost data?

If you are head of IT, heads up, your CEO is on the way down.  If you want to be preemptive, quickly pull together a PowerPoint presentation and title it: "Wireless and Mobile Security" and lay out a plan that you want immediately approved.  It should include the following components:

  • Mobile and Remote Device Management 
  • Implementation, Procurement and Standardization 
  • Data Management and Security

It may take some time to make the plan comprehensive, but the contemplation of these issues will be a step in the right direction.

If you are thinking of purchasing a new device, go see the IT guy and ask for advice, letting him know that network security is of great concern to you.  It will put a smile on his face.  Just be prepared to wait in line outside his office.

For more information on Stratapult's mobile and remote device management services click here or email us at info@remoterelief.com.

Courtesy of BizLife Magazine.
 
  Terms of Use. Privacy Policy. Contact Us.