The most secure company probably has a gaping hole in its corporate pocket, which allows crucial data to slip out. Sure, the network is protected by a firewall, intrusion detection system and virus scanner. The PCs on that network are locked down. The wireless network is encrypted and secured. Data
is properly backed up. All is mellow.
Then, the senior vice-president tucks her personal digital assistant (PDA) into her jacket pocket and heads out to the fitness club, where that jacket will be left unattended while she works out. What’s protecting the data in those devices?
In a study conducted earlier this year by the Graziadio School of Business and Management at Pepperdine University in Los Angeles, 81 percent of respondents said they carry “”somewhat valuable”” or “”extremely valuable”” information on their PDAs. Sixty per cent of executive-level respondents said their business would be “”somewhat”” or “”extremely”” affected if the data on company-issued PDAs were lost. And 24 per cent have experienced loss or theft of at least one PDA. Despite this, half of the respondents did not have any security on their PDAs, beyond a power-on password.
That blood-curdling scream you just heard is your security officer, who until now thought he had a handle on vulnerabilities.
With any “”personal”” device, whether it’s company issued or employee owned, management is a major headache. It’s as much a social problem as a technological one. Users treat their PDAs and cellphones as life repositories, storing business and non-business data cheek by jowl, and considering attempts to manage the devices as affronts to their privacy.
Yet as long as there’s a scrap of business data on the device — a phone number, a password, even a meeting reminder — the “”private”” device is very much the company’s concern. Managing it, however, is easier said than done.
It’s easy to back up data on a PDA if it synchs to a company computer. The trick is in protecting it while it’s out and about in the handheld. That mainly entails preventing the user from turning off any security on the unit.
That’s not all there is to management of mobile devices, however.
There’s asset management: Controlling who has which device, operating system and so forth. There’s configuration management: Making sure that all applications are installed that should be. There’s encryption: If the machine has communications capabilities, there’s network and virtual private networking configuration and security to worry about.
Fortunately, there are both standalone products and modules for enterprise management suites that can handle the job. They can even program the handheld to erase all of its data after a predefined number of bad login attempts; a thief may get a free PDA, but company information will be protected.
Unfortunately, these products are not cheap. They can cost several hundred dollars per protected unit (for small licence counts).
Despite this heavy hit on the corporate wallet, IDC says that the market for mobile management products is expected to achieve a compound annual growth rate of almost 45 per cent through 2008, when it will be a whopping $US911 million.
Finders, keepers
Before you manage mobile devices, though, you have to find them. And if users have local administrator privileges on their PCs, it may be easier said than done. In that case, when users acquire mobile toys, they can quietly install the synchronization software and merrily start pulling corporate financial spreadsheets onto their devices without anyone’s knowledge. The first IT will hear about it is when the handheld hiccups and its owner comes for help.
The user will howl when told that he or she shouldn’t be loading company information onto a personal device. You might have better luck persuading them to enable power-on passwords, insisting they use encryption software for business information and insisting the device be locked when idle.
Chances are, the boss is one of the culprits, so convince him or her of the risk to the company, and guilt will do the rest.