Home » Data Protection » Wireless/Mobile

In Depth

How To Protect Your Mobile Data

Encrypt data that leaves the office? Yes. The best way to do it? It depends. Here's how to develop a strategy for your organization seeking to secure data on those roaming, mobile devices.

By Galen Gruman

Page 4

Baptist Memorial Health Care, a hospital group in Tennessee and Mississippi, uses software from Safend to prevent the use of unauthorized external drives. The company also has its USB drive vendor, Kingston Technology, create software to encrypt the drives' contents. The hospital group also logs all files transferred to these devices in order to identify who is copying data from the secured laptops, says Lenny Goodman, director of desktop management.

A simpler solution is to extend disk-based encryption to laptops' external drives, notes Burton Group analyst Maiwald. He expects that capability to become widely available as vendors upgrade their products. Pacific Northwest, for example, is looking at encryption software that would extend its protection to USB drives, says Kevin Piatt, the lab's manager of office automation and collaboration services.

Handheld Horrors

Perhaps the hardest devices to secure through encryption are handhelds. Most don't have the horsepower to run full-disk encryption, says Kocher. He says that when encryption software is available for these devices, it usually lacks appropriate strength or interferes with communication functions, such as making calls&mdashwhich is not good when you're talking about phones. "There are so many implementations of PDAs that there's no way for a security vendor to do a whole PDA solution," Kocher says. So IT must install and manage a variety of software if it wants to support a variety of devices.

That's why eFunds, Lincoln Health, Pacific Northwest National Laboratory, and Stillwater Bank all ban the use of handhelds for e-mail and the storage of corporate data. Northrop Grumman disallows their use at all divisions but one (where handhelds were allowed before Northrop bought it). To ensure the security of these devices, most Northrop business divisions forbid their access to e-mail and use a management tool that applies encryption to their files whenever they're connected to a Northrop PC or network. "It's expensive to allow PDAs using such policy-based tools," McKnight says.

For all these organizations, there is one exception to handheld insecurity: the BlackBerry, which comes with sufficiently strong full-disk encryption, as well as e-mail encryption, not to mention remote management features such as the ability for IT to wipe out the contents of a stolen or lost device.

Love That Data Center

The simplest way to protect data on mobile devices is to not store it there in the first place. "People should really get a handle on where their data is and who has access to it," advises Kocher. "Why are people putting this information on their laptop in the first place?" he asks. Burton Group's Maiwald suggests that enterprises adopt remote access tools where possible so that the information never leaves the confines of the data center.