Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Mobile

    For Users, Its Back to Basics – 2

    Written by

    Anne Chen
    Published July 29, 2002
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      As third-party developers and vendors of handheld devices beef up encryption and password management technologies, Palm OS, Pocket PC and other handhelds are becoming more secure.

      But, experts say, IT managers should not rely on the availability of improved software alone to secure handheld devices. To be sure, users should be required to install anti-virus software and keep it up-to-date, authenticate with user names and distinct passwords, and use encryption software to safeguard confidential data (click here for recommended best practices). But, because many handheld devices still make their way into the enterprise through the back door, IT managers also need to go out of their way to communicate to users that the same policies used to secure PCs should be applied to handheld devices.

      “Various technologies are very much safeguarding mechanisms so that damage can be kept to a minimum,” said Bill Jaeger, an analyst at Meta Security Group Inc., in Charlotte, NC. “But because the hand-to-hand proliferation of handheld devices is so great, you really have to back up the technologies with policies to protect your organization and to keep people honest.”

      One thing is clear: The trickle of handheld devices into the enterprise has grown to a flood. Last year, the global handheld PC market grew to roughly 12 million units worldwide, according to Gartner Inc., in Stamford, Conn.

      Unfortunately for handheld users—and for their organizations—most handheld operating systems such as Palm OS still lack built-in encryption and strong password management features, said David Pollino, managing security architect at security consultancy @Stake Inc., in San Francisco. While Palm OS and Windows CE devices come with security software installed by their manufacturers, analysts say they are often insufficient for enterprise users.

      “Security that comes on these handheld devices are the equivalent to having a lock on the screen door to your house,” Metas Jaeger said. “Any information found on a handheld could be considered mission-critical if it supports business functions and should be protected as such.” (See eWEEK Labs analysis of security improvements on tap for future mobile operating systems.)

      Experts agree that even if the devices supported strong security technologies, many users would likely ignore them. Thats because, in most organizations, handheld devices are purchased and deployed not by enterprise IT organizations but by individuals who often see passwords and other security steps simply as productivity inhibitors.

      As a result, @Stakes Pollino and others say, IT managers need to work harder to encourage individual PDA (personal digital assistant) users to adhere to some basic security best practices. Users should be discouraged from storing sensitive enterprise information on their PDAs in the first place, said Pollino, since these devices are so frequently lost and difficult to secure via passwords. Indeed, Gartner estimates that as many as 250,000 mobile phones and handheld computers will be lost at airports this year.

      Page Two

      : Back to Basics”>

      Second, said Pollino, individuals should make use of the default password capabilities built into PDAs, even though most are not robust. When PDAs are stolen, thieves are most often after the hardware itself, not the possibly sensitive data they store. So even a password thats easy to crack or bypass will discourage some thieves.

      Jaeger also recommended that organizations make encryption software available on a company intranet, regardless of whether the handhelds are officially supported. This way, precautions can still be taken to safeguard handhelds that are brought into an organization without authorization.

      And, said Jaeger, when PDAs are used to communicate wirelessly with the corporate network, its essential to use a combination of technologies such as IP Security clients, digital certificates and VPNs (virtual private networks) to protect the traffic.

      Thats exactly what IT officials at Medepass Inc., in San Francisco, are doing. There, IT managers are looking into providing physicians with digital certificates so confidential patient data and information can be transmitted via handheld devices such as PalmPilots, Windows CE devices and tablet PCs, said Girard Pessis, chief technology officer at Medepass.

      Medepass, which was formed by the California Medical Association to verify the online identities of health care professionals and to serve as its certificate authority, would use Certicom Corp.s MobileTrust services to issue wireless digital certificates if and when the project is approved. The company will be able to leverage its registration authority, which runs on Certicoms TrustPoint PKI Portal software.

      Experts say organizations should build upon the access management technologies and policies they have in place. This means extending VPNs and PKIs (public-key infrastructures) to handle the authentication of handheld users. While few high-profile handheld-borne viruses or other security events have grabbed top management attention to date, tying handheld security mechanisms to a companys security strategy will ensure that an enterprise will be able to respond to threats when they do arise.

      “Overall, the people most worried about viruses on PDAs are the anti-virus companies,” Metas Jaeger said. “Still, enterprises need to remember that mobile platforms are designed with portability in mind. Theyre not built to fend off malicious attacks.”

      Executive Managing Editor Jeff Moad is at jeff_moad@ziffdavis.com; Senior Writer Anne Chen is at anne_chen@ ziffdavis.com.

      Related Stories:

      • Handheld OSes Due for Security Advances
      • Security in Hand
      Anne Chen
      Anne Chen
      As a senior writer for eWEEK Labs, Anne writes articles pertaining to IT professionals and the best practices for technology implementation. Anne covers the deployment issues and the business drivers related to technologies including databases, wireless, security and network operating systems. Anne joined eWeek in 1999 as a writer for eWeek's eBiz Strategies section before moving over to Labs in 2001. Prior to eWeek, she covered business and technology at the San Jose Mercury News and at the Contra Costa Times.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×