Skip to content

Entries from September 2006

PDAs in highly classified environments

For a while IT security professionals are warning against the impacts of Personal Digital Assistants (PDAs) on corporate security. A PDA can be lost or stolen and lead to undesired disclosure of the information that is on it. The emerging of micro-drives leads to these tiny devices having gigabytes of storage. Due to the high storage capacity of the PDA and the reduced file formats it uses (resulting in smaller files), a modern PDA can easily store the entire document repository of its owner. This document repository may contain masses of sensitive corporate information in a physical size that is way too easy to lose or to have stolen. This poses a real threat to organizations, as also pointed out by Bruce Schneier in an essay called “Risks of Losing Portable Devices”.

Information security officers are not unaware of the risk and attempt at finding solutions. The most immediate solution that comes to mind is password-protecting the PDA. Realizing that these mechanisms can be hacked, encryption is put to use, enciphering all or some of the PDA databases using a key that is entered by the user. This method carries notable inconvenience for the user, who is forced to enter a key each time he is looking for a phone number, an e-mail address, or a meeting time. It is clumsy, but it solves the problem. However, does it solve all problems?

No; at least not for everyone, in my opinion.

Continue reading "PDAs in highly classified environments"