This article can also be found in the Premium Editorial Download "Storage magazine: Managing data storage for remote employees."
Download it now to read this article plus other related content.
|Seven ways to secure a PDA|
|Last year, an estimated 250,000 cell phones|
| and PDAs were lost in airports, according to the Gartner Group. The consequence of misplacing most of those devices was no worse than losing a day planner. But some small, unknown percentage contained critical data and access to enterprise applications.
Securing PDAs with sensitive data - or access to it - should be taken seriously. Basically, you need to apply the same rigor to PDA security that you would to any other enterprise-class device, with a clear security policy and a uniform suite of security software. Consider the following:
1. Password protection. Enforce alphanumeric passwords with no less than seven characters. Adding gestures, supported by some security software, can make break-ins nearly impossible. Several products - such as Trust Digital's Policy Editor or IS/Complete's PDA Restrictor Enterprise - enable you to manage password policies for groups of PDAs or reset individual passwords remotely.
2. Asset tagging. Slap on non-removable labels and bring PDAs into your asset numbering system. You'll avoid confusion when storing, distributing and repairing devices as well as discourage theft. You'll also be far more likely to get PDAs back when employees leave the company.
3. Lost and found. Just as with laptops, it never hurts to display contact information when a device boots. Alternatively, for those who want to remain anonymous, IDstrip.com prints stickers that have a toll-free phone number and a unique numeric identifier.
4. Encryption. PDA file encryption packages such as Trust Digital's PDA Secure abound, offering algorithms ranging from MD5 to 512-bit Blowfish.
5. The bomb. With some software, such as Asynchrony Software's PDA Defense, a destruct sequence can wipe the PDA clean - if the device isn't synched in 48 hours or in the event of too many password attempts in a row.
6. Biometrics. Fingerprint identification is available for PDAs - Applied Biometrics' PINprint Pilot will do the trick, among others. Signature recognition is less accurate, but Communication Intelligence's Sign-On provides a inexpensive solution for Pocket PCs and Palm devices.
7. VPN connection. Better combine top-notch password/encryption with this one. Microsoft Pocket PC 2002 comes with VPN capability built in; Palm devices require an add-on client such as Certicom's movianVPN.
But the nagging problem of dead PDA batteries was an even more pressing issue than security. "When they're dead too long, you lose all the data," says Allocco. "We were sending down databases that were about 1.5MB. How do we get that back out to them?" Rather than deploy flash modules to back up read-only data, Allocco's solution was to create the PDA version of a bare metal recovery disk on the server that, in the event a user's storage got wiped out, would send out the application first - and then a refresh of the entire database.
Allocco solved another common difficulty with handhelds: People load them with games until they run out of memory and call the help desk. Worse, users tend to be dishonest about what they've installed. The Mobile Suite's management module not only let Allocco see a PDA's contents when the user synched with the host, but he could also delete stuff. "Next time they synched," says Allocco, "they would be looking for Tiger Woods Golf for a very long time."
The wireless workhorse
Enterprise applications running on handhelds are still the exception. But handhelds that serve field service workers have been around for decades. When those devices are used for data collection, the integrity of that data has a direct impact on the bottom line.
Last year, Saul Cohen, vice president of information technology oversaw the development of a new field service application for U.S. Fleet Services in Horsham, PA. The company has 60 branch offices in 28 states and provides on-site, truck-to-truck fueling services to such companies as FedEx, Coca-Cola, and Nabisco. Cohen's project was to automate the process of recording the details of truck refuels, a paper affair subject to errors by truckers and whoever keyed in the data.
Cohen came up with a wireless handheld application that required zero manual data input. The hardware of choice was a Pocket PC equipped with an 802.11 network card and a barcode scanner. For each delivery, all the driver had to do was scan the barcode that had been pasted on the customer truck then download data from the truck's fuel gauge, which was also 802.11-enabled. When the truck rolled back into the garage, it communicated with an 802.11b access point installed there that hooked the handheld to the corporate WAN and uploaded the data for the day.
Along the route, delivery data was collected in a SQL for a CE 2000 database on the Pocket PCs. Cohen used XTNDConnect Server from Extended Systems to send out daily route information, push new application versions and configure devices remotely. Storing everything on 128MB CompactFlash cards ensured data integrity. Moreover, every time a driver completed a delivery, they needed to print a receipt before the transaction was complete. Each driver had an extra battery and the Pocket PC rode in a recharging cradle in the truck when it wasn't being used.
Getting control and keeping it
Despite Cohen's best efforts at making the application easy, he discovered that the biggest problem was training. At one point, he even rode shotgun and coached drivers en route. There's a lesson to be learned from that: Outside the office, more responsibility for making things work inevitably devolves to the user, because you have reduced power of enforcement and less ability to help. To ensure data integrity, explicit policies and procedures for remote users - and in some cases training - are absolute necessities.
That fact shouldn't discourage your efforts to make everything as automated as possible for far-flung users. But particularly in lean times, you need to choose management, synchronization and backup solutions that cause the least IT disruption possible. As Pyxis' Allocco puts it: "You keep your central organization. We're not trying to decentralize IT. We're just trying to extend information that makes sense."
Fortunately, off-the-shelf solutions abound. The market leaders in backup and groupware generally supply just enough remote options to make setting up a specialized package seem like more of a hassle. On the other hand - particularly with PDA applications - only specialized or custom-written software provides exactly what you need and integrating it with your existing system makes the most sense. Either way, remote data demands to be taken seriously. As Jeff Warner from Extended Systems says: "The device is always much more disposable than the data that's on it."
This was first published in September 2002