Mobile Security Definition and Solutions

Mobile Security topics covering definition, objectives, systems and solutions.

1 2 3 4 Page 3
Page 3 of 4

ABCs of Mobile Security (Page 3)

By Galen Gruman

So how do I secure the data itself?

For data that must be stored on a mobile device, use whole-disk encryption secured by a password so that if the devices are lost or stolen, the data on their drives can’t be used. (Do the same for PCs in publicly accessible locations—they can be stolen, too.)

Although the current versions of Windows, Mac OS X and Linux include folder-based encryption, all it takes is a user not storing files in the protected folders for them to become accessible to a data thief. By contrast, whole-disk encryption protects everything on the drive, so you don’t have to worry whether users are putting company data in the right folder or if they have turned on file-by-file.

And there’s a bonus: Encryption provides you an automatic pass from having to publicly disclose the loss of devices that contain consumer information in the 33 states that require such disclosure (as of this writing).

Keep in mind that while modern laptops can run whole-disk encryption with minimal impact on performance, most handheld devices don’t have the horsepower to effectively run encryption. (The BlackBerry is an exception.) Some phone-based devices let you lock them out or zap their contents if they are lost or stolen, using their cellular connections to transmit a lockdown or kill. For other devices, a strong password may be your only real protection. Therefore, you may need to limit these devices to storing data you can afford to lose. But that decision can be tricky: Is an executive’s address book or schedule business-critical information that shouldn’t be risked, or is the convenience of mobile access worth the risk of loss or theft?

How do I manage passwords and encryption across the devices?

Usually you can manage laptops using the same network, asset and client management tools that you should already be using to manage and secure your PCs. The key is to ensure these tools support disconnected users, keeping the last set of protections and policies in place on the device when it is not connected to the network, then updating any policies, malware signatures and required password updates before a mobile user can connect to enterprise systems such as e-mail and file servers.

It’s harder to manage other mobile devices, since their wide variety has made it difficult for security and management vendors to cover all the possible bases. Some management products come with add-ons for select mobile devices, while in other cases you will need to have separate management tools in place. It’s best to see if you can extend your current management suite to cover your mobile devices, perhaps through custom extensions, rather than introduce new management tools that increase training, support and management complexity.

Research in Motion’s BlackBerry offers a complete set of handheld security features: full-disk encryption, e-mail encryption, and remote management features such as the ability for IT to wipe out the contents of a stolen or lost device. Devices using Microsoft’s Windows Mobile operating system have an array of products available to enforce passwords and synchronization control from vendors such as Bluefire Security Technologies, Hewlett-Packard and Symbol Technologies. Note that Windows-based smart phones sometimes can’t run these tools because they don’t have sufficient hardware resources. Newer Palm devices, such as the Tungsten C, support whole-disk encryption and strong passwords, but older models typically have little to no security. Credant Systems, Palm and Trust Digital are among the providers of Palm-oriented device security tools.

1 2 3 4 Page 3
Page 3 of 4
7 secrets of successful remote IT teams