The top 9 ways to secure mobile devices

Computerworld - In the past six months a disturbing trend has emerged involving the theft of laptops containing sensitive personal information -- most recently from the home of a U.S. Department of Veterans Affairs data analyst.

These inevitably involve the loss of names, addresses, Social Security numbers and often credit card or investment account numbers of thousands of people. The VA case involved all veterans who retired from active duty in the last 40 years.

At the March FOSE '06 conference on computing in government, Cisco Systems CEO John Chambers told an increasingly familiar story about getting a letter from his financial advisers warning that his personal information may have been stolen along with someone's laptop. "What do I do now?" he quipped, "Change my name?"

These losses are embarrassing and costly, and they may be only the tip of an oncoming iceberg, as corporations increasingly equip their outside sales and support people and traveling executives with mobile "gadgets" -- smart phones and other handhelds -- that not only access corporate e-mail but carry copies of databases on corporate clients, R&D, financials and strategy.

These devices are very vulnerable to both accidental loss and theft, said Jack Gold, founder and president of J.Gold Associates in Northboro, Mass., and a former analyst at Meta Group. "My expectation is that we will see at least one major theft of a smart phone or PDA exposing sensitive corporate data within the next two years."

Gold estimated that these losses cost a minimum of $35 per customer whose personal data is lost, just in notification costs. "Then you add on the cost of the personal credit watchdog services that companies often provide users who are victimized, plus the potential loss of business from the negative publicity, and the total loss to the company grows rapidly," he said.

And the loss of some key business information can also be a violation of the new business regulations, such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act (HIPAA). "These carry penalties ranging from substantial fines to jail time for executives," Gold warned.

So far, none of these incidents have involved handheld mobile devices, but the potential is growing. Two major developments in what has been a niche market for handhelds and high-end smart phones are making Gold's prediction likely:

1. In particular, smart phones are becoming increasingly popular with knowledge workers and their employers. Increasing numbers of companies, particularly in the Global 2000, are either providing devices to mobile workers and executives for use both inside and outside the office or are supporting connectivity to devices the individuals buy for their own uses.
     
2. While the first focus of mobile computing use is e-mail access, increasing numbers of organizations are taking the next step, extending access to data in core corporate applications such as ERP, CRM and financial systems.