Confidentiality In The Field: How To Control Your Data

By Jim Sheldon, general manager, Trimble Mobile Computing Solutions, www.trimbleMCS.com

With more mobile data than ever before, how do you make sure your company’s information is safe and secure?

The enterprise has left the office behind, and the terms “field service worker” or “mobile worker” now apply to almost every professional. This means smartphones, tablets, and specialized handheld computers are collecting, creating, and sharing data on a 24/7 basis. This phenomenon has led to the question keeping many a business manager awake at night — how safe is all that information residing in and passing back and forth between those mobile devices?

Every Industry Is Mobile Now
Technology is enabling workers in all industries to be more productive, and part of that productivity is tied to today’s cloud connectivity. For instance, an insurance adjuster can fill out a form on-site on their rugged tablet, connect to the cloud and send it and a photograph back to the corporate office, and receive estimates and further instruction in minutes. A service worker can fill in a client form, send the information back to their team, and have the manager recalculate work orders on the fly, enabling better management of a group of people scattered over a wide area.

A utility employee can photograph and calibrate the status of field assets — pipelines, poles and wires, drainage equipment — while sharing and receiving instructions with the back office, saving hours of work time and fuel dollars. Visiting nurses and other healthcare professionals can fill in patient forms for electronic medical records at sites like blood drives and home visits and send that data back to doctors’ offices and hospitals.

The opportunities with mobility are endless. However, there’s a big concern — much of this information being shared could be hacked. Not only is there sensitive proprietary information passing back and forth daily through the cloud, but legally protected private information such as client addresses and patient data is at risk.

Mobile Data Protection Basics
When choosing equipment for field workers, businesses should keep in mind two things: ruggedness and security. Ruggedness must be considered because no matter how convenient a handheld can be, if it is dropped or dunked or smashed and the data inside is nonrecoverable, the work time in gathering it has been wasted.

Security must be considered because it could save your business. It’s only a matter of time before legal liability issues on how private or business data is shared become a regular headache. Don’t make it yours.

There is a standard, already in place, regarding security requirements for computer products that can implement cryptography — FIPS (Federal Information Processing Standard). The FIPS standard applies to any security system (whether hardware, firmware, software, or a combination thereof) when it must protect sensitive but unclassified information. The current standard is FIPS 140-2. Testing against the FIPS 140 standard is maintained by the Cryptographic Module Validation Program (CMVP), a joint effort between the National Institute of Standards and Technology (NIST) and the Communications Security Establishment of Canada (CSEC).

FIPS 140 defines levels of security from one to four; most software products now being developed are tested internally against the FIPS 140 Level One security requirements. The 140-2 standard is also being used today by other groups, nations, and some private institutions for requirements or guidelines. For instance, the Digital Cinema Systems Specification, which is designed to prevent piracy, uses this standard.

Security Considerations For Mobile Enterprise Hardware
Any enterprise that has workers regularly sharing data that could be considered sensitive should ensure that the equipment they are using meets FIPS standards. In handheld computers, this is found through a certified feature called TPM (Trusted Processing Module), which allows encrypted software to work on the machine. The TPM ensures that as data is transferred through the cloud, it stays safe.

TPM is not common on handhelds today, but it is a feature that will become more recognized and valuable over the coming months. As you may be considering a 2013 equipment purchase, keep in mind your field data security needs. It will save you a sleepless night.