Most professional people I know travel with laptops and mobile phones (I’ve never met a PDA that eliminates my need for a laptop). But how many of us actually worry about encrypting the data that sits on a laptop or have actually enabled our laptops with foolproof login capability? The truth is that most of us carry completely unprotected laptops around and never give it much thought. (Or rather, the thinking is, “It’s not my laptop that will be stolen or lost.)
Why then all the fuss over PDA and mobile phone security? What percentage of mobile pros really carry critical strategic information around with them on such devices, and is this the most likely area of mobile vulnerability? Some of the mobile middleware players are now beginning to provide device-level security for such hardware, such as remote PDA data wipe, encryption of data on the device itself and more esoteric capabilities such as preventing an unauthorized user from running a debugger on a device to hack passwords or other data. All well and good. But is this enhanced PDA security more a differentiator offered to meet the misplaced concerns of the enterprise CIO than an actual necessity?
Some of us believe that current data encryption standards and compression—whether provided as part of a mobile application through a middleware player or through a mobile VPN—provide more than enough security to meet the needs of most wireless/mobile communications for most users. But it isn’t the actual transmission of mobile information that is the major security issue.
Assuming a PDA or a mobile communication channel isn’t the real enterprise mobile security threat, where is it to be found? Recent mobile research I’ve been conducting at The 451 Group strongly indicates that the true mobile-equipped laptop or tablet PC (whether through Wi-Fi, emerging EV-DO or UMTS, CDMA, GPRS or likely a combination of these) will begin to replace most desktops in the enterprise sooner than later—making every enterprise user a mobile employee. It is that full-fledged Windows-based (or perhaps soon Linux-based) machine that enterprises need to secure from a mobile perspective. Think about it, because not nearly enough of you are.
—Tony Rizzo is head of the Mobile Technology Sector at The 451 Group, an analysis firm covering the business of emerging information technologies.