Users Act to Encrypt Mobile Data

Concerns linger about untested handheld tools

Companies looking to protect data on mobile client devices such as notebooks, handheld devices and smart phones are getting more options to choose from.

Last week, Trust Digital Inc., a McLean, Va.-based vendor of mobile security software, released a new version of its technology that's designed to allow security administrators to extend and enforce access-control and encryption policies on mobile devices.

There are several components to the company's new Trust Digital 2005 software. One feature allows systems administrators to control access to ports such as Universal Serial Bus (USB), FireWire and Bluetooth. The software also lets administrators ensure that critical information is encrypted when it's transferred to removable media such as USB thumb drives and writable CDs.

Trust Digital's tool is one of a small but growing number of products designed to give companies a way to protect data on mobile clients. Another vendor, Addison, Texas-based Credant Technologies Inc., ships a product that's nearly identical to Trust Digital's tool. And PC Guardian Technologies Inc. in San Rafael, Calif., offers a technology that allows companies to encrypt e-mail and data on mobile computers, desktops, handhelds and removable storage devices.

Critical Appeal

The appeal of such technologies is that they allow security policies to be extended and enforced on mobile products at a time when a growing amount of critical data is being stored on such devices, said Randy Maib, senior IT consultant at Integris Health Inc. in Oklahoma City.

As part of its effort to comply with the Health Insurance Portability and Accountability Act, Integris is using a tool from Credant to protect data on mobile devices "by forcing authentication and encrypting data," he said. "A secondary goal was to discover how many mobile devices were being used in our environment."

The Credant product is deployed on more than 2,300 computers used by Integris workers, and the goal is to have it on all 5,000 desktops and mobile devices by the end of this year, Maib said.

PepsiAmericas Inc., a Rolling Meadows, Ill.-based bottler that is partly owned by PepsiCo Inc., is using the Trust Digital product to protect data on over 300 handheld devices used by its sales staff in Central Europe.

The technology lets Pepsi encrypt sensitive information on the handhelds and control what users can do with the devices, said Laszlo Kovari, a PepsiAmericas information security manager in Budapest.

"My idea was to extend the same level of protection that we provide for laptops and PCs to PDAs as well. From a pure security standpoint, it provides for confidentiality and integrity of the data on the devices," Kovari said.

The $2.5 billion CUNA Mutual Group in Madison, Wis., is using similar technology from Credant to encrypt data on more than 600 mobile computers used by its field sales force.

The decision to implement the technology was driven by concerns about theft and accidental loss of data, said David Meunier, CUNA Mutual's chief information security officer.

"The one thing we are really trying to address is the risk that mobile technologies, specifically laptops, present to any business," said Meunier, who is now looking to extend the same protection to enterprise handhelds.

Despite some of the benefits, there are caveats as well, users said. For one thing, products from companies such as Credant and Trust Digital are still fairly new and relatively untested, Maib said.

"Encryption is not a silver bullet," Meunier said. "It adds a whole realm of things that you need to start thinking about."

For example, using encryption to protect data -- whether full-disk or only partial encryption -- can also have performance implications and require greater disk capacity and investment, Meunier said.

Copyright © 2005 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon