Solution tackles wireless-data security management

When Irwin Jacobs’ laptop was stolen last September after he’d given a speech at a California hotel, he told reporters it contained sensitive information that could compromise Qualcomm’s (www.qualcomm.com) competitive position. Even John Deutch, former CIA director (www.cia.gov), admitted to having sensitive files on his laptop.

With Blackberries, PDAs and smart phones an increasingly integral part of the road warrior’s arsenal, securing wireless computing devices and the business secrets they contain is a growing concern. Many enterprise security solutions for wireless devices focus on encryption. But losing devices -- or losing control of them when employees quit or get fired -- can be a much greater security risk than the pilfering of packets during transmission, said Upal Basu, mFormation vice president of corporate development and co-founder (www.mformation.com).

The New Jersey-based company developed a system to manage, monitor and control enterprise wireless data devices and applications via a centralized console within the IT department.

Basu said trials at more than a dozen companies in the United States and Europe have shown promise, but declined to disclose further client information. mFormation raised a total of $15.5 million in two rounds of funding: $13.5 million in June in a public round led by Battery Ventures (www.battery.com) and North Bridge Venture Partners (www.nbvp.com), and $2 million last year in seed funding from Deutsche Bank (www.deutsche-bank.de) and Kingdon Capital.

The company’s current focus is on enterprise clients, but it’s developing a similar solution carriers could sell to business subscribers.

mFormation’s Wireless Infrastructure Management system can accommodate any wireless device, regardless of the network being used by a company or its employees.

“As corporations move away from a LAN-based environment to a pervasive computing environment, they need the same levels of corporate control, monitoring and management which they’ve historically exercised on their mainframes, desktops and laptops, on their wireless devices as well,” Basu said. “Our goal is a centralized console-based environment that allows the IT department to do that.”

For the solution to work, microcode must first be loaded onto each device to be managed. This can be done during regular device synchronization. No action, other than regular synchronization, is required of end-users, Shah said. As the wireless industry moves towards over-the-air provisioning of applications, cradle or cable synchronization won’t be necessary, he said.

Once the microcode is loaded, IT managers can automatically or manually perform data management functions.

“This microcode resides on a Blackberry, Palm, Pocket PC or J2ME device,” said Amit Shah, vice president of product development. “That piece of code talks to an enterprise server, and we send data back and forth between the device and the server to manage and effect asset, security, configuration and performance management.”

Overall management includes more than just security, but the security functionality of mFormation’s wireless data solution is unique, Basu said.

“Hardware is insured by the company, but the content (on wireless devices) is never insured. And content is sensitive to corporations,” he said. “How do you provide security over the content once it is on the device? That is the first problem. The second is, when you leave your office, you lockup your PC via a password, but with your cell phone, you would never use a password every time. Ninety percent of people who use Blackberry and Palm devices don’t enforce password policies. So if you’re not enforcing password policies and you leave the device lying around, I can steal it.”

Therefore, stronger security measures are necessary, Basu contends. MFormation’s management system provides this enhanced device security in three ways.

“We can lock and unlock the device (remotely),” he said. “If I find that your device has been misused, using my centralized console, which constantly is receiving information from the device, I can lock your device.”

If the device was not, in fact, stolen, the employee calls the system administrator (from another phone, of course) with per-determined identification information to prove device ownership. The systems administrator then unlocks the device remotely for the employee. If the device was stolen, the thief is unable to use it.

“You can also zap selective information,” Basu said. “Also, we can force you -- every week, day or month -- to enforce your password. We can detect that you’re not using your password because of constant communication between server and agent.”

Clients so far have been impressed with the system, Basu said. Though most trials today involve Blackberry devices, other PDAs, smart phones and even wirelessly-enabled laptops can be managed in the same way with mFormation’s solution.

“The reality was that cell phones did not have much sensitive data,” Basu said. “No one has really looked at wireless data devices. It is a new problem.”