Increasingly, security targets mobile devices

Recognizing the growing popularity of mobile computing devices such as handheld computers, personal digital assistants (PDAs) and smart phones, companies are rolling out a host of new products to secure data and communications on portable devices. From disposable soft tokens, to virtual private network (VPN) software for PDAs, to security management software for mobile devices, security companies are catching up to and cracking down on mobile users.

In September alone, Trust Digital LLC, RSA Security Inc. and ION Networks Inc. announced security products targeted at users of cell phones, PDAs, and other mobile devices.

"Companies have more mobile workers than ever, and they want to give (those workers) all the tools they need to do their job effectively," said Laura Koetzle, an analyst at Forrester Research Inc., in Cambridge, Massachusetts.

However, much of the infrastructure that enables mobile computing is inherently insecure, according to Koetzle, who notes that the 802.11b wireless protocol and encryption technology such as wired equivalent privacy (WEP) used by laptops and handheld devices have proven easy to exploit.

For companies like Trust Digital LLC of Fairfax, Virginia, concerns such as those raised by Koetzle coupled with the rapid adoption of portable computing devices in information-sensitive sectors like the federal government and the health care industry has meant increased demand for their line of data security solutions for portable devices such as PDAs and smart phones.

"In the last 12 months, we've seen tremendous growth in the use of PDA devices and the ways in which they are being rolled into enterprise networking environment," said Kevin Shahbazi, vice president of marketing at Trust Digital, which last week announced the release of PDASecure, VPN software that can be run on PDAs using Microsoft Corp.'s Pocket PC and Palm Inc.'s PalmOS operating systems and comes with a per-device licensing fee of US$40 per year.

According to Shahbazi, the small size of PDAs and their role as tools of convenience present unique problems for security software makers like Trust Digital that are targeting the PDA market.

"The biggest fears of the CIOs we speak with is that (employees) will lose (portable) devices or never invoke passwords and security on them," said Shahbazi.

The trick, say Shahbazi and others, is to make security both compulsory and transparent to the mobile computing user.

"The average end user doesn't want to know about the idiosyncrasies of VPN. They want to connect to a remote application, see that the tunnel is secure, then go ahead and send information," said Shahbazi.

"There's a definite trade-off between wanting to provide customers with peace of mind and not wanting to make (security) such an imposition in the way they do things that they'll say, 'Oh forget it'," said Charles Golvin, a senior analyst at Forrester Research.

The same themes can be seen in the growing number of configuration management software solutions that are being marketed to organizations -- from public utilities and police forces to vending machine operators and insurance companies -- with mobile workforces that rely on mobile computing devices.

Mobile Automation Inc.'s new Mobile Life Cycle Management Suite uses a software agent installed on the portable device to enable IT administrators to push software updates, applications, and configuration changes from a central server out to mobile devices over a secure connection, according to Doug Neal, chief executive officer and co-founder of Mobile Automation of Santa Monica, California.

According to Neal, his company's software fills what was a gaping security hole for many companies with mobile workforces.

"Commonly, companies would have to manually maintain (mobile) devices...send technicians out into the field, or wait until the quarterly sales meeting for everyone (with a mobile device) to be in one place, or send out a CD and leave it up to users to maintain their own devices, " said Neal.

Despite the attention being given to securing communications from portable devices, however, some see the recent spate of new product announcements as a natural step in the evolution of corporate networks from static, wired to mobile and wireless entities.

"There's a lot of noise in the discussion (about security for portable devices)," said Forrester's Golvin.

"There are certainly security issues -- 802.11b, which has been broken and proven to be for an enterprise a completely inadequate defense mechanism, for example. But if you look at the wireless LAN issue, its no different from other network security issues. Companies don't just send proprietary information over their wired network unprotected, nor should they send them over the air unprotected."

And, while some companies see portable devices as a security hole that needs to be plugged, others see them as a powerful tool in making networks and the Internet more secure.

Both RSA Security and ION Networksm unveiled disposable soft token technology in September that use portable devices to push out one-time secure software "tokens" that can be used by remote workers to log on to sensitive network infrastructure.

Like the smart cards they replace, soft tokens allow two-factor authentication -- users must be in possession of the portable device that will receive the secure token, and know a password associated with the token in order to log on to a secure network.

Unlike smart cards, however, soft tokens can be generated at almost no cost, cannot be lost or stolen, can carry policies that limit user access once logged on, and are deactivated after a single use, according to Kam Saifi, CEO of ION Networks of Piscataway, New Jersey.

ION's Secure Soft Tokens software can be used with the PalmOS, Research in Motion Ltd. Blackberry and Microsoft operating systems. Soft Token licenses are available to customers using ION's Secure PRIISMS Administrator Portal software at a cost of between $200 and $400 for each network access point that is being secured using the software. Customers are then entitled to an unlimited number of tokens for use connecting to that network access point.

RSA's RSA Mobile product also supports a wide range of mobile platforms and is targeted towards larger organizations. RSA Mobile comes with a per device licensing fee ranging from $5 to $10 per year and is sold in packages starting at 100,000 licenses. The price includes the cost of the RSA Mobile Server software.

Analysts agree, the emergence of soft token technology such as RSA's and ION's highlight some of the promise of portable computing devices when it comes to spreading awareness of network security issues.

"These solutions use a channel that is widely available, (soft tokens technology) is something that's fairly simple to explain, and it requires a behavioral change to consumer--but not that much of a change," said Golvin.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

Show Comments



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?