1. Field of Invention
This application relates to the field of security of data accessible by mobile devices. Mobile devices are using wired and wireless technologies to access networks at work, at home, or in public ‘hot spots.’ Those same mobile devices have documents, spreadsheets, e-mail, and other files with valuable company information if not valuable personal information in them.
2. Description of the Related Art
The availability of wired and wireless network access points (NAP) allow mobile devices like laptop computers and personal digital assistants (PDAS) to enable users today to be more mobile, providing access to corporate networks, e-mail, home networks and the Internet from anywhere. With the advent of the IEEE 802.11 standard for wireless communication, and other popular wireless technologies, software products that protect against unwanted access to information stored on mobile devices and corporate servers is highly desirable.
Traditional security architectures assume that the information assets being protected are ‘tethered’—wired to a particular network infrastructure such as a company's network infrastructure. But mobile users can pick up valuable corporate information, such as that stored on their laptops, and walk away from the corporate network, and connect to other networks with different security policies. Users with laptops and mobile devices want to take advantage of wireless technologies, to connect wherever they are—at work, at home, in the conference room of another company, at the airport, a hotel, a highway or at the coffee shop on the corner. The mobile device's network environment is constantly changing as the user moves about. Each environment has different needs in terms of security. Each environment presents different challenges to protect the information on the mobile device while allowing access to e-mail, the Internet, and company Virtual Private Networks (VPNs).
Personal firewalls are designed to deal with static environments. A personal firewall could be ideally suited for mobile users if users knew how to adapt their configuration for their particular mobile application. Unfortunately, security settings for one situation can compromise data security in another. The configuration of popular personal firewalls typically requires a level of expertise on how the technology actually works that average users do not possess. Additionally, personal firewalls don't protect against all 802.11 intrusions. For example, when a user configures a personal firewall off to surf the Internet through their wireless device, their files may be vulnerable to unauthorized malicious wireless attacks on their computer.
Solutions which secure data in transit, for example a (VPN) connection, from a corporate server to a mobile client device do not protect the data once it is stored on the mobile device. For example, an executive could be retrieving sensitive files or emails from the corporate network, and the VPN will stop eavesdroppers from seeing the data in transit, but once the data is stored on the executive's remote device, hackers in the parking lot could break into the remote device and copy or maliciously alter the data. With the onset of new powerful mobile devices that can store corporate data, IT managers see their network perimeters having to extend to the new limits of these mobile wireless connections.
Simple to use, mobile-aware security tools providing different levels of security protection for different locations and/or security features are highly desirable. It is desirable to provide technology that automatically senses the network environment of the mobile device, associates the network environment with a location, and adjusts its security configuration and settings accordingly. It is also highly desirable to take security features in a particular network environment into account. For example, setting a security policy based on whether the data is being received over a wireless network adapter or over a wired one is highly desirable. This would allow unprecedented ease of use allowing users to move between different environments without needing to manually change security parameters, adjust difficult-to-configure firewalls, disable and enable network file sharing features, or worry about remembering what security protocols are currently set. Furthermore, enterprises seek a centralized approach to the administration of security policies used by the mobile devices storing company data and accessing company data stored on the enterprises' systems via network environments not under the control of the enterprise.