Should I Resist Syncing Business Gmail to Droid X?

Discussion in 'Android Forum' started by WishIKnew, Jul 24, 2010.

  1. WishIKnew
    Offline

    WishIKnew New Member

    Joined:
    Jul 24, 2010
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    Got the notice that my Droid X is scheduled to land on Monday. Can't wait!

    But I've got a dilemma: I run my business through Google Apps and my gmail has sensitive data. For security, I'm not sure it makes sense to sync my business gmail with the phone.

    Doesn't syncing mean that my phone now carries around all this sensitive data even when offline? If so, that defeats one of the beauties of gmail for me: no emails left on the office computers.

    What are other business owners doing: just accessing gmail through the phone browser? Other security procedures?

    Also, if you have any advice about whether to use the native Android app or Google's web app to sync gmail, I'd love to know. Thanks very much.
  2. gocflamedragon
    Offline

    gocflamedragon Member

    Joined:
    Jan 10, 2010
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    KY, Usa
    Ratings:
    +0
    You could just put a lock pattern on the phone, problem solved.
  3. WishIKnew
    Offline

    WishIKnew New Member

    Joined:
    Jul 24, 2010
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    Thanks. But can't phone locks be broken pretty easily?
  4. kodiak799
    Offline

    kodiak799 Silver Member

    Joined:
    Feb 20, 2010
    Messages:
    4,936
    Likes Received:
    270
    Trophy Points:
    198
    Ratings:
    +273
    Well, assuming losing your phone is an issue, can't you just change your gmail password in that event and problem solved?

    It also depends on what settings you have synced - you can choose both folders and number of days to sync. So a shorter sync period and not syncing certain folders may do what you need.

    Also, I don't know how "secure" your office computers would be. I have my Thunderbird set-up to keep a copy offline for a back-up.
  5. WishIKnew
    Offline

    WishIKnew New Member

    Joined:
    Jul 24, 2010
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    Yes, the ability to change the gmail password is good as is the idea to sync a short time period -- thanks! And I agree, the ability to wipe the phone remotely offers good protection.

    But I'm thinking of the worst-case scenarios. For example, you misplace your phone, don't realize it for a couple of hours, and it's picked up by an experienced hacker who really wants your data.

    Under this scenario, I'd like a way to prevent the hacker from getting any sensitive client data at all on the phone. So my guess is I shouldn't even start to sync gmail and contacts to my phone. But I'm hoping there might be a way to have my cake and eat it too with syncing and data security.

    By the way, we don't have any data on our office computers -- they're essentially dumb terminals. We use Google Apps email and Postini (for archiving), so no need to keep local files.

    Thanks again for any further ideas on how to keep data safe while using mobile phones.
  6. kodiak799
    Offline

    kodiak799 Silver Member

    Joined:
    Feb 20, 2010
    Messages:
    4,936
    Likes Received:
    270
    Trophy Points:
    198
    Ratings:
    +273
    How is that different than a blackberry? Mine was never password protected when already powered on.

    So you're worry is basically that you lose your phone - without realizing it - and a skilled hacker happens to find it AND has use for your data? I would think the odds are higher of someone actually breaking in to your office, logging in, and downloading your data offline.

    Honestly, you're more likely at risk to malicious software or having your gmail account hacked. Any convenience of logging in and syncing is a tradeoff to some degree with security. What you are talking about, in all fairness, harkens back to the days of paper files locked in an impenetrable vault.

    If you really want to be secure, as much as you can be, you can go with an exchange account that requires people to log-in every time they access. Of course, one of your employees could always be kidnapped and forced to disclose their password or their wife gets it.
  7. WishIKnew
    Offline

    WishIKnew New Member

    Joined:
    Jul 24, 2010
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    Fair enough, this is what I was hoping to get at: basically, I've found it hard to believe that most people are walking around with some of their most sensitive data only a password away, so thought I might be missing something.

    I agree that hacking the gmail account (or phishing the Salesforce.com employees) may well be a bigger risk than someone getting into my smartphone. Still, it seems like there ought to be a way to benefit from the new mobility while keeping your data secure.

    Having data reside on a smartphone -- whether contacts, email content, or simply names on emails -- seems super risky. Reminds me of the stories about the employees at major corporations losing their laptops with thousands of customers' Social Security numbers and such.

    If I'm one of my clients, I'd probably fire me in a nanosecond if I thought I (or one of my employees) was carrying around sensitive data on a mobile device. And yet, it sounds like "everybody's doing it."