Tighter Security For PDAs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hardware & Infrastructure
03:55 PM

Tighter Security For PDAs

The portability of handhelds makes them attractive to business users, but it also makes them more likely to be lost or stolen or for data to be corrupted.

Many PDA users want E-mail access to business networks, but IT security administrators don't want the PDA security risks. Without help from third-party vendors, BlackBerrys and Palms would remain nifty calendars and address books for many users, rather than the laptop substitutes they're meant to be.

"PDA users roam a lot more than laptop users, so their systems are twice as likely to be corrupted, lost, or stolen," says Nick Magliato, CEO at Trust Digital, a provider of PDA security products. "That's why there's a higher need for security on PDAs than there is for laptops and PCs."

The Department of Veterans Affairs' National Cardiovascular Care Improvement Program recognized this risk last year when it moved nurses at its 44 cardiac centers from laptops to Palm PDAs. Before, during, and after surgeries, nurses use the PDAs to gather about 200 pieces of information on each patient's medical history and current medical condition.

The move to PDAs wasn't a huge change since the devices could use the same software as the agency's desktops and laptops. Nurses work at desktop systems when they're not in the operating room and synchronize data between the two systems.

The Health Insurance Portability and Accountability Act and other regulations had forced the cardiovascular care unit to pay attention to security even before the PDAs were deployed. IT managers determined that they needed to block Wi-Fi and Bluetooth access and encrypt 17 data types in order to comply with privacy and security requirements. It went with security software from Trust Digital, which "has features I didn't even know I wanted but found out I needed," says Tamara Box, an independent contractor working as the Internet development manager at the VA's Cardiovascular Outcomes Research unit.

Data can be encrypted on an application basis using Trust Digital and requires app-level passwords, which is useful since multiple nurses may share the same PDA but don't need access to the same information, Box says. Policy-based administration lets Box choose different standards for different apps.

Not every PDA-using organization is securing its handhelds as effectively. In a recent survey conducted by security vendor nCipher Inc., 54% of 237 IT managers and security administrators say they don't know when they'll deploy or have no plans to deploy the 802.1x PDA security standard.

Companies should deploy authentication and encrypt data at the device level, says Ray Wagner, an analyst at Gartner. "Information on the PDA is no different than what's on a laptop," he says. "And people are carrying them around and losing them all the time."

Besides Trust Digital, Credant Technologies and Pointsec provide security products specifically for PDAs. Trust Digital focuses on securing data while it resides on the PDA. It doesn't try to protect PCs and laptops like bigger vendors.

Pointsec provides user-transparent encryption that ensures enforceable, automatic mobile security practices so all data is protected without requiring user intervention. Pointsec supports every major operating system for PCs, PDAs, and smart phones, and secures all information stored on the mobile devices and on removable memory media with full-disk encryption.

Credant provides a comprehensive mobile security platform to secure notebooks, tablet PCs, PDAs, and smart phones from one management interface, while integrating with enterprise directories for centralized management of security. Administrators work from a Web-based console that lets them control all devices. An automated detection and control feature protects all devices accessing a network.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
10 Ways to Prepare Your IT Organization for the Next Crisis
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/20/2020
IT Spending Forecast: Unfortunately, It's Going to Hurt
Jessica Davis, Senior Editor, Enterprise Apps,  5/15/2020
Helping Developers and Enterprises Answer the Skills Dilemma
Joao-Pierre S. Ruth, Senior Writer,  5/19/2020
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll