Pocket PC Enterprise Security

Like any other devices on your LAN or WAN, Pocket PCs can be a challenge to manage. Securing them with mandatory policies can be a quagmire.

One must always ask oneself: What are the driving forces behind the search for a given security solution? These are the factors that must be converted into requirements before a solution can be found.

Mandates for security

Security mandates are common in different local, state, and federal laws, as well as in internal initiatives. Some examples:

• If your company is located in the state of California, California’s Security Breach Notice Law requires your company to notify any Californians whose personal information was located in a database that has been breached.
• In the financial industry, the Gramm-Leach-Bliley Act mandates insuring the security and confidentiality of customer records and information.
• In the health care industry, the Health Insurance Portability and Accountability Act (HIPAA) deals with many corporate security issues including IT data information, storage, audits, and protection.
• A CEO may mandate protection for trade secrets kept in a database on the SD card of a Pocket PC device.
• A new corporate mandate may be issued after an internal audit reveals that Pocket PC access to the company network is saved in a profile for anyone to use.

The threats are real, but solutions are available!

The basics in security features

For the user, major security concerns involve mandatory compliance to the following:

• User authentication to the device.
• Encryption: on the device and on storage cards.
• Recovery: full restorability.
• Secure forgotten password assistance.

For the enterprise, I have found the major security concerns to be:

• Management capabilities (monitoring and overseeing security implementation).
• Security policies and changes.
• Upgrading the software.

Leading security solution providers

Each of the security solutions we will examine requires a third-party tool to completely manage and successfully deploy them for Pocket PCs. These solutions can be installed on the devices without the third-party tools; however, managing the devices in the event of a full/hard reset, forced backup, or the introduction of an additional Pocket PC to the host PC will necessitate using them.

There are no fewer than 40 vendors competing in the security/encryption space; however, fewer than ten of these are in the enterprise solutions market. Some of the major players are:

• Asynchrony: PDADefense (http://www.pdadefense.com)
• F-Secure: FileCrypto Enterprise (http://www.f-secure.com)
• Pointsec Mobile Technologies: Pointsec for Pocket PC 2.0 (http://www.pointsec.com)
• Trust Digital: PDASecure (http://www.trustdigital.com)
• Utimaco: Safe Guard PDA (http://www.utimaco.com)