S 4.230 Central administration of PDAs

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

Administrating portable terminal devices is not an easy task, especially in large-scale organisations and with users who travel frequently and all over the world. There are tools which make central administration and the implementation of security policies easier. For example, such tools can be used to impose central requirements regarding the design of passwords or to improve access control during synchronisation operations.

Basically, integration into the existing IT environment must be well thought out so that the convenience of well-administered PDAs integration deters the users from introducing additional, uncontrolled and hence potentially insecure PDAs. Central administration can serve not only to distribute software and information but also to implement the organisation's own security policy, e.g. as regards authentication, access or data backup.

Where software for central PDA management is used, synchronisation of PDAs is then typically carried out with a central server rather than a local device. Therefore, data cannot only be synchronised from one station, but from all stations connected to the server. (Note: This means of course that the protection of access to docking stations is particularly important to prevent unauthorised persons from obtaining access to all the collected synchronisation data via a docking station.)

However, security policies may also be enforced technically during synchronisation using a server by resetting security-relevant settings to their specified values. Typical functions of such central PDA management tools include, amongst others:

• Personal Information Managers (PIM) can be used to administer appointments and maintain address books not just for individual users but for teams of users. The most widely known PIM applications are Microsoft Outlook and Lotus Notes. In the case of PDAs, PIMs are used to control synchronisation with the background systems. Management of the PIM data, and of other information and the applications that exist on the various PDAs can be centrally controlled. By this means, applications can be remotely installed and configured.
• Central collections of addresses and other data can also be maintained and passed on to the users. This is particularly useful where there is a large number of mobile users who need to be able to make data updated en route available to other employees quickly and conveniently.
• Data backups can be performed in a centralised manner without the users having to deal with them. Likewise, specifications as to when and/or how often the data must be backed up or synchronised and as to which general conditions must be met in so doing can be made.
• It is possible to receive feedback regarding the status of the PDAs and to perform remote diagnoses.
• User profiles can be created in order to make user administration easier.
• Password rules and other security rules that can be adapted to the organisation can be specified.

These functions can generally be offered not only by docking stations but also over other interfaces such as infrared or Bluetooth, so that these can support access too and at the same time be protected.

A central PDA management tool should support all PDA operating systems used within the organisation, if possible, so that several tools need not be used at the same time. The same applies of course to the groupware and e-mail platform used.

Review questions:

• Are central PDA management tools used?