• United States



by Paul Kerstein

Good Puts Security Management On the Air

Nov 07, 20055 mins
CSO and CISOData and Information Security

The handheld devices used in enterprises traditionally have been likean executive’s company car, leased and maintained by the employee,though paid for by the boss. But in some cases they’re evolving into acorporate asset tightly controlled by the IT department, for securityas well as productivity reasons.

Mobile e-mail software vendor Good Technology Inc. on Monday is set toexpand its product line to help IT maintain that grip even as employeestravel. Good Mobile Defense, an optional add-on coming in January forthe company’s GoodLink wireless messaging software, lets administratorscontrol five key aspects of security policy over the air, said DanRudolph, director of product management at Good, in Santa Clara,California. The product is based on SureWave Mobile Defense, which Goodacquired earlier this year through its purchase of JP Mobile Inc. Ituses the GoodLink messaging mechanism to reach and modify devices inthe field, Rudolph said.

There are already tools on the market that let administrators controlmobile devices, such as software that disables the digital camerasbuilt into phones. But today, the IT department has to get the deviceinto its hands or rely on the user to carry out changes, according toRudolph.

“One of the shortcomings in the past has been IT’s inability to enforcethe policies once the device is in users’ hands,” he said. “It’s beenincumbent on the user to actually comply with and download the policiesthat IT sets.”

Good Mobile Defense lets administrators manage five types of policies:

— advanced password management, including setting and resettingpasswords for devices and applications, as well as forcing employees touse strong passwords;

— device use control, such as blocking access to Bluetooth, Wi-Fi, camera or synchronization software;

— application lockdown, in which IT can create and modify a “whitelist” of programs users are allowed to download and run;

— encryption management, application-specific rules about which types of data on the device have to be encrypted;

— data erasing, for setting policies on what actions — such as threefailed password attempts — should trigger the erasure of all data onthe device.

Industrial Bank, in Washington, D.C., earlier this year chose GoodLinkto give executives, loan officers and some other employees mobileaccess to their Microsoft Corp. Exchange e-mail. It has issued PalmInc. Treo 650 handhelds from Cingular Wireless LLC to 25 employees sofar. GoodLink had security capabilities that Research In Motion Ltd.’s(RIM) BlackBerry products didn’t have, including compliance with FIPS(Federal Information Processing Standards), said Michael Johnson, thebank’s director of information services. These helped the deploymentplan pass a rigorous review by management, he said.

Johnson welcomed the coming Good Mobile Defense mechanisms formaintaining central control of the remote devices. In particular, hewants the ability to lock out features of the Treos, enforce passwordpolicies and delegate specific capabilities to employees based on theirroles, he said. The bank already maintains a tight ship: It deliveredthe Treos to users without the synchronization cable for uploadingcontent and applications from a PC, and in any case, employees don’thave the administrative rights to load the Palm Desktop synchronizationsoftware on their PCs.

Johnson hopes to deploy custom loan processing applications to the Treo650s in the future. Having loan applications on handheld devices couldallow loan officers to cut hours or days off approval time or evenapprove loans while at the borrower’s location, he said. Industrial isa relatively small bank, with about US$300 million in assets and eightbranches in Maryland and the District of Columbia, and the market forloans is highly competitive, Johnson said.

“As a bank that doesn’t have the resources of, say, a Bank of America, we’ve got to use every advantage we can,” Johnson said.

Enterprises are just starting to wake up to the need for employees tohave mobile devices with e-mail and application access, and security isa critical concern for them, said Kitty Weldon, an analyst at CurrentAnalysis Inc., in Sterling, Virginia. Once handhelds are used to accesscorporate databases or applications, the IT department will want to ownand control them, she said.

Good is facing tough competition from RIM’s BlackBerry handhelds andits BlackBerry Connect software for other vendors’ devices, as well asfrom Microsoft as it rolls out Windows Mobile 5.0, Weldon said. RIM’ssystem is quite secure when used with a BlackBerry, but Good now seemsto have the edge over Windows Mobile and BlackBerry Connect, she said.This may prove critical as the enterprise-oriented market clustersaround two vendors.

“I think if there is room for a third, it’s going to be Good,” Weldon said.

Existing customers of Good will be able to buy Good Mobile Defensestarting in January, and later, users will be able to buy it on amonthly basis through carrier partners that sell Good’s software,Rudolph said. Prices have not yet been set, but a one-time license feeshould be less than $100 per user, he said. Added to the monthly feefor a carrier’s data plan, Good Mobile Defense would probably costbetween $5 and $7 per user, according to Rudolph. Customers that don’tuse GoodLink could buy the Good Mobile Defense but would not get theover-the-air management capability.

Good was also set to announce on Monday that it will preload McAfeeVirusScan Mobile in the Good Management Console, which is used tocontrol GoodLink, so IT administrators can more easily push theantivirus software out to employees’ devices. The McAfee software willbe available in a trial version and enterprises can buy full licensesfrom McAfee, Rudolph said. They also will be able to set policiesregarding the presence of the antivirus software, such as requiringthat it be on the device before any other software is loaded, he added.

By Stephen Lawson – IDG News Service (San Francisco Bureau)