Poison pills protect lost data

Most good corporate citizens would never fly on planes, eat in restaurants or ride in taxis with file folders full of confidential company information tucked haphazardly into their back pockets. However, more and more corporate information is finding its way outside of company walls by way of PDAs. This doesn’t necessarily pose a problem – until the PDA gets lost.

Rosaleen Citron, CEO of WhiteHat Inc. in Burlington, Ont., said New York’s LaGuardia Airport has had up to 70,000 PDAs and laptops in its lost and found, which equals a whole lot of corporate information sitting in no man’s land.

While most companies do not yet officially endorse the use of PDAs, employees and executives often buy them for personal use, bringing them in through the back door, Citron said. The problem with this is that there are no restrictions as to what can leave the building on a PDA.

“Just because corporations don’t have policies in place doesn’t mean that people aren’t using them,” she said.

According to Citron, one company’s employee had the organization’s entire research and development strategy sitting on a PDA.

“If someone got their hands on it, they would have everything,” Citron said.

Some companies are attempting to address this issue. Sybase Inc.’s mobile software subsidiary – iAnywhere Solutions Inc. – recently announced a security tool designed to let network managers zap data from lost or stolen laptops and PDAs.

The Zap It feature was added to the company’s Manage Anywhere Studio software, said Rob Veitch, director of business development in Waterloo, Ont.

“It enables someone in administration to arrange for all data to be erased as a cold reset. If you lose the device, you don’t want people to connect back to the network, but if they try, Zap It wipes out the device,” he said.

It can also be configured so that if the device is lost or stolen, and is not signed-on to in a valid way, the contents of the device will be destroyed, Veitch explained.

Features similar to Zap It have been added to a variety of products sold by iAnywhere’s competitors during the last six months or so, according to Stephen Drake, an analyst at IDC in Framingham, Mass.

For example, Research In Motion Ltd. offers a data-deletion capability for use with its BlackBerry handhelds, and XcelleNet Inc. and Synchrologic Inc. also sell mobile device management tools with “poison pill” functionality, Drake said.

“There’s a real need to manage and administer mobile devices, especially the small devices that are much easier to lose,” Drake said.

Citron said enterprises must know how many of them they have before they can attempt to control the flow of information.

“That step alone will help – you can’t improve something if you can’t measure it,” she added.

Ben Baker, an IT manager at PDS Research Inc., said his company plans to install iAnywhere’s Zap It module on each new laptop it rolls out. The Louisville, Colo., company coordinates pulmonary clinical testing for pharmaceutical companies. A lost laptop containing testing data about a new drug being developed by a PDS client could be worth millions of dollars to rival pharmaceutical makers, Baker said.

“We’ve chained laptops to desks, but somebody will come along and use a bolt cutter to take one,” he said. IT staffers will set the Zap It feature to delete PDS’s custom software and all data connected to it if a user doesn’t connect to the company’s network within a prescribed period of time.

– With files from IDG News Service