Handheld Security Too Expensive For Enterprise?

If your enterprise relies on PDAs and smartphones to get business
done, you may be paying too much to secure it, according to a report
issued Monday.

An analyst at IT research firm Burton Group found that the cost of a
complete set of security products (antivirus, VPN, device security and
management) can be higher than the cost of the device itself.

In his research report, “Handheld Device Security,” Eric
Maiwald surveyed the market of business-ready devices including the HP
iPAQ 6315, HP iPAQ hx2700, Palm Treo 650, Samsung i700, Nokia 9500
Communicator, Dell Axim X50v and the RIM BlackBerry 7100.

The analyst surveyed the various protections on the market
and found that the average monthly cost of an antivirus subscription is
$32, while an average VPN can run an enterprise as much as
$280. Device security products were another high-ticket category,
with plans hitting an average of $70 per device. Management devices
topped out at $250, with the average around $90. When
combined, a comprehensive plan that protects that $299
BlackBerry, $499 Dell Axim or $449 Palm Treo smartphone may not seem so
smart, Burton found.

“Organizations should perform a risk assessment of any handheld
device installation to determine the types of security mechanisms that
should be installed on devices and whether the cost is justified by the
risk to the organization,” Maiwald said in his report.

According to the report, the latest classes of handhelds
have a number of communication options, but not all of them may be
necessary to secure. For example, a device that is used to take orders
in a distribution company may not need WLAN or WWAN
capabilities if the orders are synchronized later, when the
employee returns to the warehouse. The same scenario probably means that
the device does not need a firewall, Maiwald found.

Burton found most large organizations already have
management systems and security mechanisms such as VPNs, antivirus
software and file encryption products in place. According to the report, all of
the antivirus vendors and most of the management vendors sell products
for both desktop systems and handheld devices.

“If these products are able to manage and protect handheld devices,
they should be extended by the organization instead of purchasing new
products specifically for the devices,” Maiwald said in his report.

Alternatively, rather than managing devices in-house, Maiwald
recommended that organizations work with a network operator that provides
device management as a service. In most cases, this option is only
available for companies that use the WWAN capability.

Even then, as these devices become more prevalent, Burton said
network operators are likely to offer greater services in terms of asset
tracking, software management and configuration control.

Of the remaining security aspects, Maiwald’s report said management
products may provide sufficient protection for lost or stolen devices to
make the use of additional security products unnecessary.

“However, device security products generally provide richer
authentication and file encryption functionality than do management
products, so the organization should determine the risk associated with
the compromise of sensitive information on the device” he said.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web