Bluefire Security is adding virtual private networking (VPN) to Mobile Firewall Plus, an application that aims to protect lost and stolen PDAs and smartphones, prevent unauthorized access to devices and networks from those devices, as well as malicious attacks.

Bluefire’s VPN creates a secure tunnel between sender and receiver in the enterprise. Just as in traditional network security, users will be able to use the VPN to secure and filter information entering and exiting their wireless network via handheld devices.

According to Bluefire, organizations have delayed wireless deployments because of security concerns. The company's CEO Mark Komisky claims "by enhancing our Mobile Firewall Plus offering with VPN, we’re helping them achieve that goal (security) by protecting wireless data in transit and on the device."

In addition to the new VPN feature, Mobile Firewall Plus also helps administrators design and enforce policies that lock down a PDA or smartphone and even remotely wipes the data off the device, ensuring that it does not get into the wrong hands. It also prevent hackers from exploiting unsecured handheld devices as a backdoor to the enterprise network and allows managers to set policies for and monitor activity on employee-owned devices accessing a network.

Sorry State of Handheld Security

While companies allow and even encourage their employees to use PDAs and smartphones, they don't make provisions to protect the data on these devices.

According to a survey a couple of months back by TNS NFO, a market research firm, 74.6 percent of employees that use mobile devices either don't have, or don't know whether they have, any security protection. Considering that 86 percent of employers knowingly permit the use of these device, it is disturbing that nearly the same number, 83.76 percent, have failed to set usage guidelines, leaving their enterprises and sensitive data vulnerable to malicious code attacks and information theft.

Serious risk exists when an employee places a mobile device into an in- office cradle, because the device is recognized by the company network as a trusted user and given clearance to access mission-critical information behind the network security protection. A business competitor could then gain free access to a company's entire database, and a hacker could enter a corporate network through the device and use it to plant a computer program that would send information back to the source, undetected for an extended period of time.

The TNS NFO study also found that consumers store vulnerable confidential information on their devices without adequate protection. For instance, nearly 40 percent of PDAs and smart phones contain credit card numbers, while over 25 percent store incomes. In addition, approximately 19 percent reveal health problems, and love letters reside on around 17 percent of mobile devices.

TNS NFO's findings jive with another report by Gartner that found essentially the same thing, that while mobile users are implementing more wireless technologies in their daily lives, most of these folks aren't taking the proper precautions to ensure that their data is safe. According to Gartner, the problem with mobile devices is that 90% them lack the proper protection to ward off hackers.

TNS NFO and Gartner aren't the only one taking up the mantle of mobile security. At the 3GSM World Congress in March, the GSM Association and leading mobile phone vendors announced an agreement to help reduce the theft of mobile phones by establishing a series of measures to enhance the integrity of handset identities.

In addition, the latest version of Microsoft’s Windows Mobile platform includes WPA or Wi-Fi Protected Access, a security standard created by the Wi-Fi Alliance to make wireless access more secure. And the most recent addition of the Palm OS, Cobalt, will include built-in encryption, authentication and authorization frameworks.

For more on mobile security, read our recent article "Top 10 Items You Shouldn't Allow on Employee PDAs (and what do about it)."