Thats the question on the minds of mobile professionals and the IT departments responsible for that data whenever a device is missing, and Pointsec Mobile Technologies has partnered with Smartner Information Systems Ltd., a provider of push e-mail solutions for mobile devices, in an effort to provide an answer—or, at least, peace-of-mind that the data will not fall into the wrong hands.
"You cant get beyond this big security risk that, as devices get smaller and more mobile, people just lose things," said Bob Egner, vice president of marketing at Pointsec. "Data at rest is at risk if the device is lost."
The solution combines Pointsecs FIPS (Federal Information Processing Standard)-certified encryption with Smartners Always-On Mail Enterprise Edition to allow enterprises to centrally manage security polices for mobile devices and push out changes and updates as they are made. It uses 128-bit AES (Advanced Encryption Standard) to protect data at rest on devices such as BlackBerrys, mobile phones, PDAs and USB drives.
Encryption is initiated at the normal screen time-out, locking down all data including Internet page caches and temporary files. Legal users can easily retrieve data by logging in and reauthenticating with the system. Others, Egner said, cannot access the data "unless they have a way to authenticate themselves as you. When data has been encrypted across the entire hard drive, anyone who finds the device really would not see anything."
FIPS certification means the software meets the cryptographic security requirements to protect information in computer and telecommunication systems of U.S. federal agencies. It works seamlessly with other encryption solutions, such as VPN tunneling, and operates at the system layer to avoid interference with other security applications such as anti-virus protection.
The problem of how to secure data on mobile devices is becoming exacerbated as the data storage capacity on devices increases, Egner said. He pointed out that it is not unusual today to find devices with 80MB of memory, which can contain as many as 6,000 Microsoft Word documents; 720,000 e-mails; 360,000 contact details; or 7,200 pictures.
Data stored on mobile devices is often at greater risk than data communicated over the air, due to the ease with which those devices can be lost. To dramatize the problem, Pointsec conducted a nine-nation survey of cab companies to see how frequently devices are left behind. A Chicago cab company reported the highest number of losses in the survey. On average, 3.42 mobile phones and .86 PDAs and Pocket PCs per cab were left behind each day. Over six months, the survey estimated that Chicago cab riders lost 85,619 mobile phones; 21,460 PDAs/Pocket PCs; and 4,425 laptops.
"Taxi companies are actually quite good in getting the device back to the owner, but, in all cases, the equipment is started up in an effort to identify the owner," Egner said. "Just in the act of trying to return the equipment, data is typically compromised."