Admitting your brand new, company-issue PDA has gone missing can be a little embarrassing – especially when you are the head of IT. But for Richard Isted, IT manager at the London’s exclusive Ritz Hotel, the experience provided both a red face and a salutary lesson.
The theft of the device, during the trial for the roll out of PDAs to the hotel’s senior staff, highlighted just how important it was to secure the mobile systems. Although the PDA he used in the trial contained no customer data, the aim was to eventually put detailed customer information on the devices. And given that the Ritz’s reputation has been built, in large part, on its ability to safeguard the privacy of its VIP guests, protecting that data was paramount.
On realising the theft of his PDA, Isted logged into the PDA console to send a ‘kill pill’ to wipe the device – but without success. “What I hadn’t realised was that the security built into the existing email synchronisation software meant the device actually had to connect to the mobile server [to send the ‘kill pill’], which meant I couldn’t actually wipe it,” he explains.
“I also realised that if someone took the SIM out or the PDA was out of contact [with the mobile server] there was no way you could kill it anyway. This concerned me a lot, because it meant there was a gaping hole in the design of how this security measure was supposed to work.”
His diagnosis: encryption had to be mandatory on the device itself.
It was important, however, that the encryption software chosen was both strong and flexible, and that it would fit easily with the working practices of the Ritz staff as they constantly move around the hotel.
“We chose Pointsec [from Pointsec Mobile Technologies] because we wanted an encryption product that was easy to use; it also integrated very well with our email synchronisation,” explains Isted.
Initially however, determining a method of easily installing the software, and rolling it out to each PDA, was a challenge. Ultimately, this was solved through the use of the original email synchronisation software, which offers the facility to roll out applications remotely.
“The synchronisation application provides a list of available applications that can be published to user devices over the air,” says Isted.
Despite the mandatory use of encryption, the Pointsec’s customisation features have made the roll out highly successful – and incredibly popular with users. “They can have picture passwords or numeric passwords, for example,” says Isted.
Getting user buy-in was essential, Isted explains. “It was useful that we could implement a system that actually leans towards users’ preferences. It makes it easier for them to use, and it avoids complaints about too much security. That’s the balance you need to achieve,” he adds.