ABC: An Introduction to Mobile Security

PAGE 3

ABCs of Mobile Security (Page 3)

By Galen Gruman

So how do I secure the data itself?

For data that must be stored on a mobile device, use whole-disk encryption secured by a password so that if the devices are lost or stolen, the data on their drives can’t be used. (Do the same for PCs in publicly accessible locations—they can be stolen, too.)

Although the current versions of Windows, Mac OS X and Linux include folder-based encryption, all it takes is a user not storing files in the protected folders for them to become accessible to a data thief. By contrast, whole-disk encryption protects everything on the drive, so you don’t have to worry whether users are putting company data in the right folder or if they have turned on file-by-file.

And there’s a bonus: Encryption provides you an automatic pass from having to publicly disclose the loss of devices that contain consumer information in the 33 states that require such disclosure (as of this writing).

Keep in mind that while modern laptops can run whole-disk encryption with minimal impact on performance, most handheld devices don’t have the horsepower to effectively run encryption. (The BlackBerry is an exception.) Some phone-based devices let you lock them out or zap their contents if they are lost or stolen, using their cellular connections to transmit a lockdown or kill. For other devices, a strong password may be your only real protection. Therefore, you may need to limit these devices to storing data you can afford to lose. But that decision can be tricky: Is an executive’s address book or schedule business-critical information that shouldn’t be risked, or is the convenience of mobile access worth the risk of loss or theft?

How do I manage passwords and encryption across the devices?

Usually you can manage laptops using the same network, asset and client management tools that you should already be using to manage and secure your PCs. The key is to ensure these tools support disconnected users, keeping the last set of protections and policies in place on the device when it is not connected to the network, then updating any policies, malware signatures and required password updates before a mobile user can connect to enterprise systems such as e-mail and file servers.

It’s harder to manage other mobile devices, since their wide variety has made it difficult for security and management vendors to cover all the possible bases. Some management products come with add-ons for select mobile devices, while in other cases you will need to have separate management tools in place. It’s best to see if you can extend your current management suite to cover your mobile devices, perhaps through custom extensions, rather than introduce new management tools that increase training, support and management complexity.

Research in Motion’s BlackBerry offers a complete set of handheld security features: full-disk encryption, e-mail encryption, and remote management features such as the ability for IT to wipe out the contents of a stolen or lost device. Devices using Microsoft’s Windows Mobile operating system have an array of products available to enforce passwords and synchronization control from vendors such as Bluefire Security Technologies, Hewlett-Packard and Symbol Technologies. Note that Windows-based smart phones sometimes can’t run these tools because they don’t have sufficient hardware resources. Newer Palm devices, such as the Tungsten C, support whole-disk encryption and strong passwords, but older models typically have little to no security. Credant Systems, Palm and Trust Digital are among the providers of Palm-oriented device security tools.
Loading...
Mobile MarketSpace
White Papers
The CIO's Guide to Wireless in the Enterprise
 This guide provides a basic overview and worksheet of mobile computing for those who are interested in evaluating a wireless enterprise solution. Read This White Paper »
The CIO's Guide to Mobile Applications
 A primary strength of a wireless application is to ideally offer users a stable connection, regardless of location and enable users to access their information while on the go. Read This White Paper »
The CIO's Guide to Mobile Security: Executive Overview and Checklist
 This document examines six key mobile computing security concerns that an IT department should consider when evaluating a wireless solution. Read This White Paper »
Business Drivers for Mobile Unified Communications
 See results from a recent survey to learn the common barriers of implementation and find out how you can implement mobile unified communications without replacing your existing infrastructure. Read this White Paper »
The Business Value of Mobile Social Networks
 Learn about the evolving technologies in the social networkign market and how the next generation of location-aware handheld devices will change the way business is conducted. Read this White Paper »
Automating Field Technicians with Smartphones
 Find out why a large telecommunications organization chose smartphones over laptops. The result was a cost savings of $1.6 million, improved customer service and more. Read this White Paper »
 
SPONSORED LINKS
 

White Paper: Take your Call Center to the Next Level

Is Your WLAN Helping You Comply with Security Guidelines of the PCI Standard?

White Paper: Improve Employee Efficiency and Reduce Telecom Costs

Dramatically boost network capacity and speed-up to 600 Mbps

Mobility is Growing: Survey Shows Why CIOs are Concerned

Virtualization Benchmark and TCO Analysis-Read Now

White Paper: Scaling Down HPC for Smaller Organizations

White Paper: Never Enough Compute Power?

Microsoft Windows Vista Cost and Benefit Estimator

White Paper: Efficient Desktop Application Management

White Paper: Green Issues for Networking

White Paper: The Roadmap to Data Center Automation

Learn how companies are changing how they reach out to their most profitable customers.

Get help navigating the management challenges of virtualization.

Narrow the gap between virtualization's benefits and the management risks.

Cash in on the promise of virtualization

Complementary BI: The New Approach to Business Intelligence

The ECM Paradox: Extending Local Flexibility to Strengthen Central Control

Customer Insight Yields Sales, Marketing Gains

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

File Integrity Monitoring: Prove compliance and secure your IT environments

Affordable technology-no compromise. HP server solutions

SOA Educational Library at the TIBCO SOA Resource Center

CIO Viewpoints: Migrating to Exchange 2007

White Paper: Enabling Next Generation IP Communications

White Paper: A Cohesive Network Security Approach

Why Your Firewall, VPN, and IEEE Aren't Enough to Protect Your Network

Webcast - "Into the Wild: Managing Laptops Outside the Office"

Unified Communications & Collaboration: Game-Changing Business Results

Server Virtualization Benchmark Results

Learn to Leverage Maximum Computing Power

Windows Vista: Essential Benefits and Deployment Strategies

Best Practices: Safe and Secure Hardware Asset Recovery

White Paper: Migrating to Windows Vista and Microsoft Office 2007 Together

New IDG Survey Results on Data Center Automation

Operational Excellence Is Key to Maximizing IT Investments

The Right and Wrong Master Data Management Strategies to Start Small and Grow Big

Find out how to manage virtualization's risks and reap the rewards.

Conquer the realities of managing virtualization

Remote Infrastructure Management - What Your Peers are Thinking

Learn what it takes to build a holistic digital collaboration platform

Make Hidden Trends, Inter-Relationships and Influences Visible.

Improve delivery of product information to customers.

Renowned Engineering Institution Chooses AMD Processor-Based Servers

Corral, configure and control all your mischievous machinery with a Lantronix device server

Spend less. Get hosted UC. Get cash back. It's easy under a Cypress

Predict the future with HP Insight Power Manager

Log onto Hitachi True Stories, films inspired by the next great achievement

Earn PROFESSIONAL DOCTORATE Part-Time, Online at Syracuse University's iSchool

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords