Should I Resist Syncing Business Gmail to Droid X?

[WishIKnew]

Got the notice that my Droid X is scheduled to land on Monday. Can't wait!

But I've got a dilemma: I run my business through Google Apps and my gmail has sensitive data. For security, I'm not sure it makes sense to sync my business gmail with the phone.

Doesn't syncing mean that my phone now carries around all this sensitive data even when offline? If so, that defeats one of the beauties of gmail for me: no emails left on the office computers.

What are other business owners doing: just accessing gmail through the phone browser? Other security procedures?

Also, if you have any advice about whether to use the native Android app or Google's web app to sync gmail, I'd love to know. Thanks very much.

 

[gocflamedragon]

You could just put a lock pattern on the phone, problem solved.

 

[WishIKnew]

Thanks. But can't phone locks be broken pretty easily?

 

[kodiak799]

Well, assuming losing your phone is an issue, can't you just change your gmail password in that event and problem solved?

It also depends on what settings you have synced - you can choose both folders and number of days to sync. So a shorter sync period and not syncing certain folders may do what you need.

Also, I don't know how "secure" your office computers would be. I have my Thunderbird set-up to keep a copy offline for a back-up.

 

[WishIKnew]

Yes, the ability to change the gmail password is good as is the idea to sync a short time period -- thanks! And I agree, the ability to wipe the phone remotely offers good protection.

But I'm thinking of the worst-case scenarios. For example, you misplace your phone, don't realize it for a couple of hours, and it's picked up by an experienced hacker who really wants your data.

Under this scenario, I'd like a way to prevent the hacker from getting any sensitive client data at all on the phone. So my guess is I shouldn't even start to sync gmail and contacts to my phone. But I'm hoping there might be a way to have my cake and eat it too with syncing and data security.

By the way, we don't have any data on our office computers -- they're essentially dumb terminals. We use Google Apps email and Postini (for archiving), so no need to keep local files.

Thanks again for any further ideas on how to keep data safe while using mobile phones.

 

[kodiak799]

But I'm thinking of the worst-case scenarios. For example, you misplace your phone, don't realize it for a couple of hours, and it's picked up by an experienced hacker who really wants your data.

How is that different than a blackberry? Mine was never password protected when already powered on.

So you're worry is basically that you lose your phone - without realizing it - and a skilled hacker happens to find it AND has use for your data? I would think the odds are higher of someone actually breaking in to your office, logging in, and downloading your data offline.

Honestly, you're more likely at risk to malicious software or having your gmail account hacked. Any convenience of logging in and syncing is a tradeoff to some degree with security. What you are talking about, in all fairness, harkens back to the days of paper files locked in an impenetrable vault.

If you really want to be secure, as much as you can be, you can go with an exchange account that requires people to log-in every time they access. Of course, one of your employees could always be kidnapped and forced to disclose their password or their wife gets it.

 

[WishIKnew]

Fair enough, this is what I was hoping to get at: basically, I've found it hard to believe that most people are walking around with some of their most sensitive data only a password away, so thought I might be missing something.

I agree that hacking the gmail account (or phishing the Salesforce.com employees) may well be a bigger risk than someone getting into my smartphone. Still, it seems like there ought to be a way to benefit from the new mobility while keeping your data secure.

Having data reside on a smartphone -- whether contacts, email content, or simply names on emails -- seems super risky. Reminds me of the stories about the employees at major corporations losing their laptops with thousands of customers' Social Security numbers and such.

If I'm one of my clients, I'd probably fire me in a nanosecond if I thought I (or one of my employees) was carrying around sensitive data on a mobile device. And yet, it sounds like "everybody's doing it."