The Way Business Is Moving published by
Issue Date: April 2002

Lost your company secrets?

1 April 2002
Magnus Ahlberg: managing director, Pointsec Mobile Technologies

Since Apple invented the PDA market with the Newton back in August 1993, manufacturers and buyers have been struggling to work out quite how this niche hardware area fits in with the general scheme of things. And, as laptops have become ever smaller, more powerful and more extensive, market confusion about the role of PDAs has intensified.
Are PDAs simply trendy electronic filofaxes for macho gadget-freaks who would not be seen dead writing a lady's phone number on a handy coaster with a dead match? Or, are they detachable but integral parts of a corporate desktop-based environment, preventing staff from having to leave important data behind when they leave the office for a meeting?
PDAs are corporate tools, and not for use by home users or hobbyists. Psion finally accepted this last year, when it announced plans to stop developing and marketing devices for the home market. Other leading PDA makers such as Compaq and Palm, have always been happy to sell one-off machines to end-users but have concentrated their sales efforts mostly in the corporate arena, where bulk deals reduce the cost of sales.
Without a PDA to slip into your shirt pocket or handbag before you leave the office, access to your diary, contact database or to-do list while in a meeting or at a social event is simply impossible.
Data security and confidentiality
IT security managers, who pride themselves on implementing strict rules to protect company data when it is somewhere on the corporate network, are powerless to act once the data is copied to that shiny black or silver device and taken off site.
Unauthorised possession of a PDA also poses another important risk. Companies are moving away from reliance on passwords for network logins, in favour of biometrics and hardware tokens. In some cases the PDA becomes the hardware token, and this is a growth area. After all, why buy additional hardware tokens and go to the expense of managing their distribution to staff when each employee already has a PDA capable of running an application allowing it to act as a login token too?
A thief who steals a PDA and manages to gain access to its data will typically find spreadsheets, lots of e-mail, important notes, and hundreds of contact details of clients and staff. If the thief is on the ball, this information might well find its way to commercial competitors of the PDA owner's employer. The PDA's owner, and the directors of the company, may well be liable under the Data Protection Act for failing to take reasonable steps to protect the personal information.
The BBC, for example, has recently started an 18-month programme to standardise on one single PDA platform for all staff. This will assist IT security personnel in rolling out a single, controllable, secure platform to ensure that data on staff PDAs remains confidential. As, no doubt, are the country's senior politicians and other public figures.
PDAs are not going to go away. Companies like Palm are spending millions developing the next generation of pocket-sized hardware and software. Microsoft, too, with its Windows CE and Pocket PC platform, is keen on enlarging its slice of the market. The third-generation mobile phones, known as 3G, will see further merging of the phone and PDA hardware, and Microsoft's new .NET software development platform will allow even more companies to develop portable versions of existing applications. PDAs are sexy. They look great, they feel great and they are very easy to use. But if you are looking to acquire some for your company, or to replace the ones you already have, remember that beauty is not just skin-deep. Look deeper under the hood and find out about the security features of the machine. All PDAs have password-protection of their data, but just how secure is it?
The next version of Palm's PDA operating system will feature biometric voice security, so users can simply speak their password into the device in order to wake it up. But does this count as improved security, or admission by Palm that security on PDAs is nothing more than fun and a novelty? If your PDA of choice does not have enough security out of the box, all is not lost. Many companies sell bolt-on products, which provide major PDAs such as Palm and PocketPC with industrial-strength access control and encryption on a par with the products available for desktop PCs and laptops. These include features such as 128-bit encryption and an automatic lockout after three incorrect passwords. So if you are equipping staff with portable extensions of their office PC, you have to build in security. A hacker who gains physical access to a desktop PC only has a couple of minutes to attack its contents before being discovered. Someone trying to crack a stolen PDA has all the time in the world to discover your corporate crown jewels - but at what cost to you and your company?

Others who read this also read these articles

Search Site


Previous Issues