How To Secure Mobile Devices

Protection of sensitive data gained microscopic focus in May 2006, when the U.S. Department of Veterans Affairs reported the theft of an employee’s laptop and storage containing data on American veterans discharged since 1975, about 28.6 million people. Less noted, the theft had been the third separate reported loss of computing equipment by the VA in less than six months.

At least half the states in the U.S. now require public disclosure of lost data, according to the Federation of State Public Interest Research Groups, and no CIO wants his to become the next company to make headlines.

Information-technology executives are wrestling with how to protect data at a growing number of end-points, with the most comprehensive security strategies requiring the use of multiple vendors—all folding into limited budgets.

Putting an enterprisewide embrace on everything that can fall under enterprise mobility—including laptop computers, personal digital assistants, cell phones and removable media—has become a delicate balancing act between cost, management, risk assessment and compliance with a growing list of regulations.

“You have to balance how many locks, how many keys, how many hoops and how many doors you’re going to jump through with how many people. The final decisions are based on your exposure and risk,” says Gregg Davis, senior vice president and CIO for Webcor Builders, a San Mateo, Calif.-based commercial builder. “It’s all about risk assessment, and you weigh your vulnerabilities and plug your holes based on business objectives and goals.”

Building an umbrella of antivirus protection and data security with the manageability and specific features sought by Webcor has required Davis to utilize a range of security products. These include basic Microsoft Windows encryption for its laptops, MotionApps’ mSafe to enable the remote locking or erasure of lost PDAs, Motorola’s Good Mobile Messaging for e-mail encryption and delivery to PDAs, Trend Micro AntiVirus and Symantec’s Veritas backup product.

“We use different mobile pieces, options and tools, depending on the person doing the work and the data and equipment involved,” he says. “Interoperability and consistency weigh heavily, but it takes a lot to move you off a platform and motivate you to throw out everything to try and build around a more comprehensive approach.”