Designing an Enterprise Handheld Security Policy - Part II

The use of access control mechanisms among your mobile device field is essential to prevent unauthorized access of data. Access control needs to be strong and well-tested. The device on a data is only as safe as the ability of someone to access it. If strong access control software is used the data remains relatively safe.

Authentication processes need to be easy to use and not time consuming. End users are not interested in security; they only want to be able to access their work easily. If the process is time consuming or difficult, you may find that employees will look for ways of disabling the access control mechanisms, thus defeating the whole purpose.

Consideration should also be made to the pre-authentication state of the device. Some devices do have debugging features that can be accessed by manufacturer codes. A lot of mobile phones have these debugging features hard coded into the device. Thieves can use these codes to bypass authentication measures and gain access to the protected data. Essentially this is a backdoor to the data stored on the device. If you are worried that your device may have some sort of debugging feature, it may be wise to contact the manufacturer, or even try to reverse engineer it yourself.