Data security and enterprise mobility: a reality check

Sumeet Gugnani

Over the last decade, a new generation of digital technology has transformed expectations for how we will conduct business, communicate, access entertainment, and much more. Today we communicate instantly with people we care about, without worrying about the traditional limitations of time or location. At work, we collaborate with colleagues in distant cities.

Global supply chains enable businesses to manufacture products and move them to market with incredible speed and efficiency. Increasingly, people envision a world of anywhere access - a world in which the information, the communities, and the content they value is available instantly and easily, no matter where they are.

Next only to the impact of the PC and internet, the advent of smart-handheld devices has changed, probably irreversibly, the way people communicate with each other and connect with their work. Hence, the stellar growth in the smart phone market, which added over 3 million users last year, and the expected growth of 80 per cent this year (Source: IDC) comes as no surprise.

Is all this decentralisation not adding data security risks? For example, PDA users are known to keep highly sensitive information like e-mails, SMS, contacts, GPS tracks, etc. on their devices. A survey shows that nearly 40 per cent of handheld and smart phones carry credit card numbers, thereby increasing the risk of this information falling into the wrong hands if the device were to be stolen.

So yes, there is a risk, and it is part of the package. But to be restricted by this is like saying one wont'' use a car because it is riskier than walking. We can ill-afford today to not be productive, but neither is data security to be taken lightly. Well, the good news is that it is a very manageable risk, and a combination of enterprise level awareness and consumer care can plug over 99 per cent of the holes.

Before that, it is important for IT vendors to undertake proper measures for data protection. It is imperative that they posses a long term security vision and well chalked out security technology roadmap. Windows Mobile 6, Microsoft''s latest mobile operating software, has both in built security features like PIN authentication, password protection and storage card encryption at the device level, as well as those that offers users additional control over data. The latter includes features that enable users to immediately erase data from a remote location, if the device is misplaced/ or stolen

Another major vulnerability for data security is the messaging server. Direct synchronisation between the messaging server and the mobile device increases the need for data security, specially in presence of a middleware server through which data travels before it can reach the mobile device. A direct syncronisation of the mobile device with the mail server that allows data to stay within the company''s firewall makes it secure.

Enterprises that do not use devices with in-built security features must make additional security investments like
a) Appropriate firewalls for the middleware server to protect handhelds from hackers while they are connected to public wireless networks (Bluefire mobile firewall is one such example)
b) Security applications which can encrypt al the data on the handhelds, for greater data protection (For eg. applications like Movian Crypt)
c) In addition, built-in features like information rights management (IRM) support for office documents also allows administrators to specify access permission to documents, workbooks, and presentations.

Equally important is the user''s understanding of what security features are built into the device, and the right measures to protect confidential data. According to a recent survey, 74.6 per cent of handheld or smart phone users either do not have, or do not know about security protection on their devices.

The product manual is a mine of information in this regard, and the enterprise can help by crafting FAQs that incorporate details of customisation of security and other features to make it easy for the user. Further, being more careful with the device can prevent loss. No doubt the small size makes mobile devices easy to misplace but quite honestly how often have we misplaced our wallets?

Evidently, addressing security concerns across multiple layers can help address the top three major areas for data protection, which are
1. Leaks of confidential data during mail exchange,
2. Loss of data with loss of device, and
3. Unauthorised access of the device.

It is thus imperative for both the smart phone user and the enterprise to carefully study the risk exposures, and accordingly invest in an OS and add on features that minimise data security threats.

Reassured on this front, mobile workers will be able to concentrate on being more productive without worrying about the security provided by their smart phones.