LAS VEGAS--Like many IT services providers that find themselves doing the same thing over and over for their clients, St. Louis-based mobility specialist Asynchrony Solutions developed some reusable technology after it found itself routinely addressing the PDA security concerns of its customers.

Seeing a market for the technology, the company took the next logical step by readying it for use by both enterprises and consumers, and eventually shrink-wrapped the technology into three versions of a product it calls PDA Defense and is demonstrating here at Comdex 2003. According to Bob Elfanbaum, the company's CEO, customers like the U.S. Department of Defense have helped to make PDA Defense a bestseller in the PDA security market.

What's so special about PDA Defense?

Perhaps the feature that security-conscious organizations and PDA aficionados will like most is what I call the Mr. Phelps feature. PDA Defense can be programmed to make PDA-bound data self-destruct after a certain number of failed password attempts or if the PDA goes a certain period of time without being synched. Says Elfanbaum, "The military guys love this stuff because they can program their PDAs to do a bit wipe if they go more than a few hours without synching."

Data self-destruction isn't PDA Defense's only defensive measure. At the user's or PDA administrator's option, a PDA's data can be encrypted as well. This includes data that a user might move or save on a memory card that goes into the PDA's expansion slot. Various encryption algorithms are supported, including Blowfish 64,128 and 512 as well as AES 128, 192 and 256. PDA Defense's bit-wiping and encryption features can be device-wide or application-specific. In other words, if the PDA has a database application on it with sensitive corporate data, PDA Defense can be programmed to encrypt and/or wipe that data without enabling security for the data that goes with the Address Book.

PDA Defense can also shore up a PDA's password protection scheme. By default, when a PDA Defense-protected device is powered on, the PDA Defense security screen comes up looking for a password. But, since that screen could tip would be hackers off to the fact that PDA Defense is loaded on the system, PDA Defense also comes with a stealth mode. In stealth mode, the PDA launches into a security screen that looks and feels like the PDA's native password prompt.

In extremely sensitive situations, however, a PDA Defense-protected PDA could be vulnerable. In my interview with him, Elfanbaum admitted that if the first instinct of a hacker was to crack the device open and suck any data in the silicon into some other form of storage (something an intelligence agency might do), then the only thing standing between the security of that data and the hacker whose trying to get at it would be the encryption algorithm (if it was enabled). Given enough time and compute horsepower, just about any algorithm can be hacked, but doing so is not trivial.

Although weaknesses in the Palm OS were what originally necessitated the invention of PDA Defense, the product now supports PocketPC as well. RIM's BlackBerry is not yet supported but is under consideration. Says Elfanbaum, "the number of BlackBerry users still numbers in the low hundreds of thousands, a market that doesn't have enough critical mass to justify another version of PDA Defense yet."

		Special Coverage Comdex gets down to business Complete coverage of the technology trade show

For organizations looking to centralize PDA security policy management, Asynchrony Solutions now has an enterprise version that allows an administrator to create organization and group-wide policies that are subsequently rolled out through the more popular enterprise synching servers.

Considering what it does, PDA Defense's pricing is reasonable. The professional edition (with no centralized admin capabilities) goes for $29.95, and the enterprise version (with centralized admin) costs $1,500 and covers 50 users (which works out to $30 per user). Thad per user cost goes down as the number of users goes up. For organizations with 10,000 licenses, Elfanbaum says, the cost drops to about $13 per user.

You can write to me at david.berlind@cnet.com. If you're looking for my commentaries on other IT topics, check the archives.