ZIFFPAGE TITLEDifferent StrokesBy Connie Winkler | Posted 2006-05-15 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Lost or broken mobile devices are no longer headache No. 1 for I.T. execsit's securing critical data on the new generation of handhelds.
Companies are taking different approaches to safeguarding the data on mobile devices. Pitney Bowes in Stamford, Conn., has taken the strict routesupplying 100% of the devices used by its employees, and meticulously monitoring how and when the data network is accessed by any device.
"It all starts with assetsunderstanding who's using that asset, and what are they accessing," says David Giambruno, director of security and engineering, about his big-picture view of managing all data and hardware. "Once you understand that geometry, you can then manage it."
Almost 2,000 sales reps and executives at the mail and document management provider use company-supplied Palm Treos and BlackBerrys from Research In Motion to access e-mail and highly specific data. The data is customized to jobs, individuals and devices, and is available only during certain hours. To catch mobile viruses, which Giambruno acknowledges are an unknown so far, Pitney Bowes recently installed McAfee's Mobile Security software.
Wisely, Giambruno tries to maintain ease-of-use for security so that it doesn't get bypassed as too painful. "In the mobile space, organizations can spend millions, but if no one uses it, it's for naught," he says. His team also works with an internal privacy office that manages device-security policies and education efforts.
Farmers and Merchants Bank, a regional financial institution based in Long Beach, Calif., also provides all mobile devices used by its workers. Bob Graham, senior vice president of information systems, points out that employees with company-issued mobile devices may not be as careful with them as they would be with their own, but he doesn't consider that issue a deal-breaker for the bank.
"When the business provides [the devices], employees don't have the same concerns about them, but the security aspects far outweigh dropped or broken antennae," Graham says.
What he loses sleep over are the bigger threats: At Farmers' 10-story downtown Long Beach office, 28 unsecured wireless data networks lurk nearby. That's 28 too many for Graham, who's trying to both implement wireless connectivity throughout the company and keep up with employee requests for Treos.
So far, 26 bank managers and lending officers who work with customers outside the bank have the mobile devices to access
e-mail, appointments and contacts. With only company-supplied devices allowed, Farmers also has tight policies on who gets the devices and how they can be used; runs Symantec mobile antivirus software; and has a security officer, armed with a Hewlett-Packard iPaq, who trawls for mischief and unsecured connections.
The story is a bit different at real estate developer Cooper Communities in Rogers, Ark. Back in 2001, Jim Craig, the company's CIO, first saw a Kyocera smart phone with a Web browser.
Today, the devices are a powerful opportunity for Craig and the company to deliver business intelligence to the field. No more executives phoning their assistants every hour and asking them to access sales figures on the exec's desktop PC.
Fifteen top Cooper executives now check their world via the Treo 650 handheld, using the PalmOne operating system supplied by Sprint. Needed metrics are dished out via homegrown software built on the Microsoft .NET platform.
Though the information is encrypted at both ends, Craig admits there are probably security holes. But he doesn't lose sleep over the data being hacked or lost along with a handheld. "A whole set of things would have to happen for someone to get into this information," Craig says. "Then, how useful would the metrics be?"