All this information is synced via technology like UMTS/3G, GRPS, WIFI, Blue tooth, USB and more. Copied to the device internal memory or sd-cards. Your information has left the building.
It's important to think about the risks. Some examples:
- phones are stolen or lost
- phones are synced with other computers or devices
- memory card are used with other devices
- transmission of data could be intercepted
So how do you protect your Microsoft environment against this? I'm glad to tell you Microsoft has done the work for us with Windows Mobile 6.1 and Exchange server 2007.
It's important that the mobile devices have Windows Mobile 6.1 or higher. Why? WM 6.1 supports the security policies forced by ActiveSync and Exchange 2007.
Before the first sync the device upgrades it's security policy. Making possible for sys admins and mobile workers to perform a remote wipe when a phone is stolen or lost. But what happens in the mean time?
Make sure you have configured a password policy in Exchange 2007. Via the Exchange 2007 management console Client Access Exchange ActiveSync Mailbox Polices.
Once the password option has been selected you get the encryption options as well. I suggest using both since this will encrypt the device memory and sd-cards. The password/pin allows access to the sd-card and device memory via active sync.
For environments with extra security needs it's also possible to prevent usage of web cam, blue tooth, wifi, unsigned applications and specific applications.
Together with SSL 128 bit the transmission and storage will be safe. even when the device is stolen. the device will perform a local wipe after so many tries. The remote wipe even has a confirmation message as well. A mobile worker can even remote wipe his/her own device with Outlook Web Access.
So forget about Iphone start caring about you information and give everybody a cool HTC device with Windows Mobile 6.1 or higher. For more options check here
Thanks for reading. Next time we talk about notebooks another great security risk...
2 comments:
I work with NGO groups in Asia where works periodically have to enter unfriendly countries.
The security issue they have is not so much that their device might be stolen, but more likely be held by authorities and be forced (with threat of violence) to reveal passwords to allow full access to their devices, containing confidential information.
What is needed is a plausible deniability mechanism, much like that provided by TrueCrypt for the Windows/Linux/Mac environments.
See http://www.truecrypt.org/docs/?s=plausible-deniability for more information.
Hi Adrian, I know what you mean and know Truecrypt. My next article will mention it for notebook security :) It's an intresting point. But it would mean also you might have something to hide. In the cause of information disclosure to the wrong people it makes more sense. Like a director being forced to login.
Maybe mobile virtualization can help in the future... 2 OS instances.
Post a Comment