What can you do to keep your data safe?
Your firm is considering rolling out a new mobile application on Pocket PC-based devices which should save the company millions a year through increased productivity and reduced overhead. Suddenly that new guy at the end of the table speaks up and asks the question: What about the information security issues surrounding these devices?
Corporations rely on mobile handheld computing devices more and more each day. Whether through a departmental Pocket PC-based workflow application or because of just a few employees who use PDAs for increased personal productivity, corporate IT departments will have to support and secure this part of the IT infrastructure sooner rather than later. Support can be accomplished without too much trouble, but what about security? Is that new PDA your director of marketing just bought violating your security policy without you even knowing it? If so, how will the problem be solved? Those are the questions we will be looking into here.
The issues
There are a few areas of the Pocket PC operating system that are of concern from a security perspective:
-
No concept of user credentials
-
No way to restrict file access based on permissions
-
No protection for sensitive areas of the system such as device drivers
-
Infrared document receives are turned on by default (does not apply to Windows Mobile 2003)
-
The ActiveSync desktop synchronization system
Other concerns stem from the nature of mobile devices:
Printer-friendly version
