Smart Phones "Bigger Security Risk" Than Laptops

CWmike writes "A recent survey of 300 senior IT staff found that 94% fear PDAs present a security risk, surpassing the 88% who highlighted mobile storage devices as a worry. Nearly eight in 10 said laptops were an issue. Only four in 10 had encrypted data on their laptops, and the remainder said the information was 'not worth' protecting. A key danger with PDAs was that over half of IT executives surveyed were 'not bothering' to enter a password when they used their phone. A VP at the company that performed the survey said: 'Companies need to regain control of these devices and the data that they are carrying, or risk finding their investment in securing the enterprise misplaced and woefully inadequate.' Is this just iPhone fear-mongering? Do you think the passwords execs could remember would help with securing PDAs and smart phones?"

Fortunately, we use blackberries!

And if you have a blackberry enterprise server, you can:

- force your users to have a password
- force the device to lock after a specified period of inactivity
- force the user to enter the password every x minutes regardless of activity
- prevent users from having a trivial password
- give users a duress password
- set the blackberries to store everything in encrypted from
- if a blackberry is lost, you can remotely lock the blackberry
- if a blackberry is lost, you can remotely wipe it

Blackberries are the best mobile platform, period.

Re:Fortunately, we use blackberries!

[vux984]

Mod parent up. Blackberries ARE better than the other PDA platforms in terms of security, because they do support this level of security 'out of the box'.

Other PDA's don't, and in most cases you can't even add it. With the BB, you can essentially set them up so that all data is end-to-end encrypted to YOUR server, and from their it can go out to retreive web pages, access address books, download documents, run applications, etc, etc. You can apply corporate filters to the web, limit applications, etc, etc all very easily.

All other PDA platforms require you to trust the carrier and the user for a significant chunk of the security. They give you exchange and imap support for example so email can be reasonably secure, but its much harder to lockdown EVERYTHING else... like blocking it so the pad web browser can't reach facebook or myspace or so poker can't be installed... blackberries make it as easy to manage PDA's as it is to manage desktops... which is to say... its a hassle. But on other platforms its not even really doable.

How easy is it to get an iphone to run through a 'VPN' so it can access an intranet site and have no or extremely limited access to the public WWW? This is a pretty common scenario for the PC's staff are provided by enterprises, but smartphones in general do no make this sort of configuration easy; in many cases its simply not possible.

Re:Fortunately, we use blackberries!

I have no experience with Blackberries. Do they support traditional wifi (802.11a/b/g/n?)

Some models do.

I thought emails and all that went through Blackberry's central servers before being passed on to the organization's or corporation's servers.

Depends. If you have a blackberry enterprise server, you manage the encryption entirely in-house. The company (RIM) is only carrying the encrypted message, and RIM doesn't have the keys, you do. The government of India was in the news recently, threatening to cut off blackberry service, since they can't decrypt the messages.

If you don't have a blackberry enterprise server, RIM manages the encryption on your behalf. In this case RIM has the keys.

I know this data is encrypted, but does it meet the encryption requirements laid down for electronic medical records in HIPAA?

Absolutely. They have a sales division dedicated to health care.

I also wonder about Blackberry service coverage. In many of the buildings where I work, I don't get cell service (Sprint) and my peers do not either (AT&T, T-Mobile, Verizon, etc).

That really depends on your local provider, and how much concrete & steel you have in your building. If you really want to, you can buy a cellular repeater to carry cell phone signals through the building. Expensive though.

There is local wifi available, but can Blackberry use that?

Some blackberries can do wifi.

Just wondering what the limitations of the seemingly "perfect" Blackberry platform really are.

I never said it's perfect, just that it is the best of what is available.

The thing I found most annoying is that you can't make the phone ring & vibrate at the same time. It can ring only, vibrate only, vibrate then ring, but not both simultaneously.

If you have a headset plugged in to the blackberry, when the phone rings, the ringing sound is made by the regular ringer, not through the headset.

Re:Fortunately, we use blackberries!

[ohcrapitssteve]

In just a few days, Apple is set to release iPhone Software 2.0 (as well as maybe Hardware 2.0...) but sw 2.0 is slated to have many of the enterprise features listed above. Not to sound like an Apple commercial, but features will include:

-ActiveSync (with SSL..)
-Remote administration with remote wipe of a lost device
-Cisco VPN with RSA SecurID

And as far as the VPN question, it is pretty straight forward, just another pane in the settings menu. PPTP and IPSec.

So iPhone's release featureset wouldn't have satisfied your needs, but tune back in in a few days and see if it floats your boat.

Re:IT departments securing handhelds

[bigstrat2003]

(And if a company laptop doesn't contain ANYTHING worth stealing, the employee should probably be fired for not producing anything worthwhile :) ) That, or they're (God bless them!) putting their data on network drives, not on their PC. Harder, but still doable, with a laptop, even on the go, as long as you have VPN access. It's always tragic/amusing when someone loses all their data, when they knew damn well they should've been keeping it in a location that's backed up regularly. :/