Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Development
    • IT Management
    • PC Hardware

    Microsoft Defends Windows Mobile E-Mail Security

    By
    Matt Hines
    -
    November 16, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Responding to analyst reports that elements of its Windows smart phone software may leave users open to data exposure, Microsoft officials contend that the companys wireless e-mail application is secure enough for enterprise adoption today.

      In a recent report published by J. Gold Associates, a wireless research company, analysts proposed that Microsofts decision not to offer file encryption capabilities throughout its Windows Mobile platform could leave users of smart phones running on the software vulnerable to data loss.

      Unlike handheld software from rivals including Good Technology, Research In Motion and Sybase, Microsofts Direct Push e-mail system fails to offer encryption for data once it has reached a handheld, leaving the information open to anyone able to get his or her hands on one of the devices and defeat its password system, J. Gold said.

      Windows Mobile provides for encryption of data while it is in transit to the device, but leaves sensitive corporate data open to access if someone hacks one of the handhelds password, according to Jack Gold, an analyst with the research company.

      As much as lost or stolen laptops with unencrypted data onboard have become a significant pain point for enterprises today, the threat of unprotected information on an easily misplaced handheld could present even greater security challenges, the analyst said.

      However, Microsoft officials said that Windows Mobile 5.0, the latest iteration of the product, provides users with the right balance of security and usability and does not put data stored on the devices at risk by failing to offer additional encryption.

      With the features already built into the handheld software, along with aftermarket security tools available from its partners, the smart phone platform provides more than sufficient protection for enterprise workers who use the software, said John Starkweather, product manager of the Mobile and Embedded Devices division at Microsoft, in Redmond, Wash.

      “Our intent is to provide a solution that works for most organizations; some may want additional security tools, and our partners can provide that and allow end users to encrypt everything natively on the phone,” Starkweather said. “But most people dont want to encrypt everything on the device—most dont even do that on their PCs. There is such limited memory on the wireless devices, even smart phones, that using encryption like that slows performance down to a crawl.”

      Starkweather said that while RIM offers the ability for users to encrypt stored e-mail data, few use the feature because it weighs so heavily on device performance. By offering strong password protection and the ability to remotely wipe out information carried on the devices using third-party tools built to interface with the Windows Mobile application API, customers can protect themselves against the threat of lost and stolen smart phones.

      /zimages/1/28571.gifClick here to read about Symantecs anti-virus software for Windows Mobile smart phones.

      By linking Windows Mobile with its Exchange messaging server software in the way it already does, Microsoft is also trying to make it easy for IT administrators to manage security on the smart phone, he said.

      “We can only work within the available parameters of the devices themselves,” said Starkweather. “Our solution in linking Windows Mobile with Exchange is about leveraging existing infrastructure within organizations, including their mail servers and firewalls; organizations can feel comfortable in using the same security system for Windows Mobile-powered devices that they already use for their PCs.”

      Despite Microsofts defense of its system, Gold said that financial services firms, health care providers and other companies that operate under strict data-handling regulations may see the lack of additional encryption as a reason to go with smart phones running on software other than Windows Mobile.

      “Microsoft has yet to say anywhere that they provide encrypted data storage on the device, which is the crux of the issue, not the data transport, which is done with SSL in Windows Mobile and is secure,” said Gold. “The kill switch is fine but not sufficient for enterprise security needs, nor is the password alone.”

      Security for mobile devices is becoming a more high-profile issue as smart phones become more widely adopted. Some 51 million smart phones were shipped in 2005, representing a mere 6 percent of all wireless handsets, according to iGillottResearch. The research company predicts that the devices will account for 21 percent of handhelds by 2010.

      J. Gold Associates contends that smart phones will make up roughly 10 to 20 percent of wireless device shipments over the next four years but expects that for business users, the number will be much higher, accounting for as much as 50 to 60 percent of all handhelds.

      In September, the Trusted Computing Groups Mobile Phone Work Group issued a draft of its Mobile Trusted Module standard, which is meant to establish guidelines that help wireless device and software makers improve the security of their products.

      A final draft of the set of product specifications is expected to arrive before the end of 2006, and aims to dovetail with other wireless security initiatives driven by groups including the Open Mobile Alliance, Open Mobile Terminal Platform, and Mobile Industry Processor Interface Alliance.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK SecurityWatch blog.

      Matt Hines

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×