Computerworld - New Orleans
Companies were warned last week that corporate information on handhelds could fall into the wrong hands, but wireless LANs remain a bigger concern.
At a conference here on mobile and remote network access sponsored by Stamford, Conn.-based Gartner Group Inc., analysts scrutinized security issues that handheld users should consider.
The greatest risks surrounding handhelds are that they can be easily lost or stolen. But Gartner analyst Phil Redman said that the wireless devices' best defense is that they are nomadic and not constantly connected to the corporate network. This fact makes it difficult for interlopers working in the area to locate a specific signal and sort individual messages from the stream on a spectrum band.
Alex Robinson at Maple Valley, Wash.-based Tranzoa Co., producer of the OnlyMe access control program for Palm Inc.'s Palm devices, said that encrypting data with a pass phrase of a half-dozen words makes the data secure, although it's cumbersome to input it on a handheld unit.
Account and password management programs, such as Clifton, N.J.-based Zetetic Enterprises' Secure Tool for Recalling Important Passwords, use 128-bit Triple Data Encryption Standard to store data such as credit-card numbers, or voice mail access codes. But Robinson noted that encryption programs often require long passwords, and many wireless applications limit the amount of time a user can spend entering this data - ironically, to thwart crackers who may be fishing for passwords.
Password Difficulties
Another drawback to encrypted data is that users can lose data forever by forgetting a password. Encrypted programs generally expand the data, he said, but the old version of the Palm desktop truncated memos to 4KB. "Encrypted memos were longer than 4K," said Robinson. "Now I have several permanently encrypted memos."
According to Gartner analyst Bob Egan, the security worry is higher when companies use wireless LANs. In theory, a well-equipped corporate spy could position himself near corporate headquarters and tap the stream of wireless data.
While stories about research laboratories conducting strip searches for personal digital assistants or barring scientists from using such devices circulated at the conference, users were encouraged to consider practical defensive techniques.
Read more about E-business in Computerworld's E-business Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
