Shahbazi said users don't always realize what's at stake if the PDA is lost or stolen. A new one can be purchased for a few hundred dollars, but the access to data and customer information on the missing PDA is, as MasterCard likes to say, priceless. While a claims rep's information on an auto accident might not be interesting to whoever ends up with the device, a palmtop belonging to someone in the healthcare field-say, a nurse practitioner for a health insurer-might have more private information.

Trust Digital can help enterprise users develop security policies if they don't already have them in place. Such policies include a limit on incorrect password entries. After the limit is reached, the PDA “reverts to the factory setting,” according to Shahbazi. It wipes information from the computer, rendering it useless and giving the owner control of the device even if someone else has it.

According to Shahbazi, PDA Secure's GUI allows for easy installation and configuration, as well as providing flexibility in securing data. Administrators can choose whether to secure all applications on the PDA or specific apps. “One of the product's attractive features is its universal integration with all applications installed on the PDA,” he said.

PDA Secure also works with the company's Forever Secure product, which provides security to desktop PC applications. Any PDA data that is stored on the PC will be secured as well. “Our complementary products create a secure environment for you whether you are on a PDA or a PC,” Shahbazi said.

To the Rescue

Asynchrony Solutions (www. asynchrony.com) is the developer of PDA Defense, a virtual community for software programmers, designers, writers, project managers, and testers. Members share ideas with each other and form teams to collaborate on software projects. Asynchrony then markets the product and shares the revenues with the team members who developed the software. One of the benefits of the community atmosphere is that many ideas are shared during the beta testing process.

PDA Defense also comes in three versions. The standard is for individuals with less stringent security needs and sells for $19.95, offering 64-bit encryption. The professional version ($29.95) ships with 128-bit encryption, but can be upgraded to 512 bit, according to Asynchrony CTO Nate McKie. The enterprise version allows administrators to mandate some of the optional security features, with an administrative password necessary to modify any settings. A minimum of 50 users is needed for the enterprise system.

Asynchrony members spoke with several businesses about PDA policies during its development stages. “Most of them have policies that prohibit sensitive data being available on the PDA, but they also acknowledge that the data are on the PDA,” McKie said.

Even if there is no connection to the company database, PDAs are handy as a place to store passwords, sales leads, policyholder information, and other data that users need and can't afford to give away. “A lot of people would like to get their hands on that information,” McKie said.

But David Elfenbaum, founder and CEO of Asynchrony, doesn't believe there's a nationwide scourge of PDA thieves. The usual culprit, when it comes to lost palmtops, is loss. Gartner Group estimates that 250,000 PDAs and cell phones will be lost in airports alone this year. “If you have information on your PDA that can't be disclosed outside the enterprise, this is an inexpensive way to cure that,” Elfenbaum said of his company's product.

“PDAs are the last unsecured computer platform within most organizations,” Elfenbaum said. “Unfortunately, the features that make PDAs so useful, such as their portability and access to data, also create a serious security risk for the user and the enterprise.”
The company is also developing Pocket PC and Blackberry security software products that will be on the market soon, according to Elfenbaum.

The PDA market is exploding, and with it comes its own set of problems. No matter how you connect to the home-office database, you have to make sure that it is private and secure. An entirely different set of security problems arise when tour agents or claims reps are using PDAs. While you don't have to worry about agents losing their PCs or someone breaking into the office to steal your mainframe, theft and loss are incredibly large problems with PDAs. If your people start thinking of their PDAs as portable PCs, maybe they'll take better care of them.

Bombs Away

Product names can be a tricky business. Consider the initial name for Asynchrony Solution's PDA software security product: PDA Bomb. A graphic on the screen would let unauthorized users know that they were about to “set off the bomb” that would disable the PDA if they didn't provide the correct password.

Things have changed, though, since PDA Bomb was introduced in January.
“We moved off that name quickly, especially when you have customers carrying their PDA through security checks at airports,” according to David Elfenbaum, CEO of Asynchrony. “Security people will sometimes ask you to turn on your machine and if that graphic came up, well”
The new name is PDA Defense.

Invisible Fence, Laptop Style

Forgetfulness may be a prime suspect in the loss of PDAs, but for their big brothers, laptop computers, the problem is more classical: They get stolen. Estimates suggest almost 300,000 laptops are stolen each year. With their use increasing, the number could go even higher.

David Lee, founder and CEO of Caveo Technology (www.caveo.com), said, “The laptop computer market continues to grow rapidly, and laptop theft has become a critical security problem. In fact, laptop theft is among the most common security breaches in organizations today, second only to computer viruses.”

With laptops ranging in price from $1,000 to more than $5,000, the cost of replacing the computers is just one factor, according to Lee. “You've lost an asset, but you're also suffering a loss of productivity because your employee no longer has his computer, there are set-up costs involved with a replacement, and you have a loss of data-[data] that may have fallen into the wrong person's hands,” he said.

Caveo has developed Caveo Anti-Theft, a standard PC card that fits into any Windows-based laptop. Lee said it can be armed or disarmed with a password. To keep the laptop from getting up and walking out of your office, users can set up a perimeter in which the laptop would have to remain. Think Invisible Fence without the “slight correction.”

If the laptop goes outside the perimeter, the alarm signals. There are different noise levels, depending on how much attention you want to draw to the laptop. After a short time, the computer will shut down. The ability to re-start then becomes a major challenge. “You need a 16-digit password and you only get five tries at it,” Lee said. Even the rightful owner might have trouble with a 16-digit password, so there are a series of three questions that can be answered instead. (“What is your name?” “What is your quest?” And so on.)

What sets Caveo apart, though, is the motion detector that allows users to have what amounts to a motion password. A turn of the laptop in its carrying case can either arm or disarm the security system in the laptop. “We can basically turn the laptop into a brick,” Lee said. “The laptop becomes useless to anyone but the rightful owner.”

Lee feels Anti-Theft could eventually be fitted for PDAs and cellular telephones, but for now the company is focusing on the laptop market.

Like most security companies, Caveo would love to deal with the manufacturers to provide security for every laptop sold. “The technology from our part is easier as a built-in unit,” Lee said. “With the PC card, it is almost like an independent operating system.”

Laptop security has not always kept up with the technology inside the computers. But at least the days when users used a cable to lock their laptops to a piece of furniture are gone, leaving that bit of “technology” to the bicycle industry.