PDA Defense Enterprise
While its fair to label personal digital assistants as the lightweights of enterprise computing, theres little doubt that heavy-duty corporate data often finds its way into these highly mobileand therefore easily misplaced or stolenbusiness devices. With their heritage so deeply rooted in the home and casual business user community, weve seen convenience too often trump security in handheld device design. While handheld computers are growing more security-focused, businesses that depend on these devicesand on maintaining the security of the data they carrymust investigate third-party device-hardening solutions. (See eWEEK Labs analysis of security improvements on tap for future mobile operating systems.)PDA Defense Enterprise PDA Defense Enterprise provides data encryption and enhanced password protection for Palm OS, Pocket PC and Research In Motion Ltd. devices, and it offers an
effective means for administrators to enforce these settings.
Starting at $30 per seat, with volume discounts that kick in beyond the first 50 licenses purchased, PDA Defense is an affordable way to secure sensitive data stored on mobile devices.
PDA Defense protects data with 128-bit Blowfish encryption, and companies may request 512-bit keys from Asynchrony to boost this protection.
eWeek Labs tested PDA Defense on Palm OS and Pocket PC devices and found it fairly easy to secure the files and databases stored on our test devices. The client software for both platforms enabled us to check off the databases to encrypt, and on a Pocket PC-based device, we could also select individual files to protect.
PDA Defense provides for data encryption on removable media such as CompactFlash and Secure Digital cards by creating encrypted volumes on them.
Adding encryption to a handheld device can affect performance, since encryption and decryption boosts a mobile devices workload. In our tests, the time required to decrypt all the files, programs and databases on a typically data-laden Pocket PC amounted to about 15 seconds; this time can be cut significantly by encrypting only sensitive information.
The performance hit on our Palm OS device was more noticeable but was somewhat mitigated by PDA Defenses optional decrypt-on-demand feature. With this feature enabled, for example, PDA Defense did not decrypt our contacts database until we opened it.
PDA Defense replaces and extends the built-in password protection of the devices it supports and enables users to automatically lock their devices each time they are shut off or after a set period of time has passed. With the Palm OS client, we could also opt to password-protect specific applications.
In addition, PDA Defense enabled us to input passwords more conveniently using the hardware buttons of our devices.
For example, we could assign buttons to stand for specific letters of a password. This worked on both the Palm OS and Pocket PC platforms, but with Pocket PC it could be a bit confusing because buttons arent as consistent across devices as they are on Palm OS-based systems.
The real teeth in PDA Defenses security scheme is the softwares ability to wipe the contents of a lost or otherwise compromised device. With Pocket PC devices, PDA Defense wipes everything in a devices RAM. With Palm OS devices, the software wipes specific databases that a user has slated for erasure.
We could set the data wipe to be triggered either after a set number of incorrect password attempts or after a specific amount of time without synchronization. After a full RAM wipe, our Pocket PC was like a new device, with all its data and applications gone, and our Palm OS device was wiped of the data wed designated for removal.
For these reasons, its very important that users perform frequent backups of their data, which is a good practice for handheld device users, anyway. However, backups, particularly when backing up to a CompactFlash or other piece of removable media, caused a security snag in our testing.
We backed our Pocket PC up to a CompactFlash card, forced our device into a RAM wipe and restored our backup from the CompactFlash card. After the restore, PDA Defense was back on our test devicebut without an assigned password. We then had full access to the data on the device. Users can avoid this by keeping their backup card separate from their device.
Data stored in the flash ROM of a device is likewise not wiped but may be protected by creating an encrypted volume within the flash area. Asynchrony advises against installing PDA Defense itself into flasha forgotten password would render such a device unusable until its flash could be rewritten.
Administrators can configure devices under their care as they choose, using Asynchronys policy manager software.
We could create policy files that controlled whether and under which circumstances PDA Defense would trigger its bit-wipe feature, as well as control password length and composition and a variety of other settings.
Companies can boost the security of handhelds with software that enables on-device data encryption and more rigorous password protection. eWeek Labs tested two such products, Asynchrony Software Inc.s PDA Defense Enterprise and Trust Digital LLCs PDA Secure Enterprise.