Editor’s Note: This is a continuation of a two-part piece on mobile computing security measures. See here for Bert’s first article, Mobile Computing in Secure Environments, Part 1: What’s Reasonable and Possible.

Where my wife works, no devices with either a WiFi or Bluetooth capability are allowed in, even when carried by employees. To me this seems absurd, given that cell phones are allowed. Bluetooth in particular is so short range that it is of little use in transmitting anything beyond the walls of the facility, and it is difficult to find a cell phone without it. Bluetooth (the “blue”, by the way, is a reference to IBM) was designed specifically for use with small, battery-operated mobile devices. Power use was, therefore, an important factor in the design.

As such, Bluetooth is designed for very short distances and limited bandwidth, which means comparatively slow transmission speeds. The actual range of a particular Bluetooth device depends in part on the amount of power available to it, but it is usually no more than 35-70 feet. And it is designed to connect only to one or at most two devices at a time. At META Group, our networking people talked about the Personal Area Network (PAN) – the wireless network around your body.

Basically Bluetooth has found two uses – wireless keyboards and wireless headsets. It is possible to transmit data over short distances – I have a Bluetooth wireless modem that I used at one time to connect my PDA to the Internet, but I had to be close to the modem, in the same room, for it to work. It certainly would not let me connect from outside my house. And it ran at dial-up speed.

But, not all Bluetooth devices can transmit data. Bluetooth as two portfolios, one for audio and the other for data. Cell phones, for instance, may not have the portfolio for data transmission, something I discovered the hard way when I tried to connect my PDA to my cell phone to read my e-mail, back in the pre-smartphone days.

WiFi, by comparison, definitely is a high speed wireless network, but again the range of a WiFi signal is not that great – the receiver would have to be concealed in the parking lot rather than miles away. And WiFi signals are easily discovered and traced using an inexpensive hand “sniffer” — the same kind of device used by many shops to detect unauthorized WiFi modems and WiFi “leaks” beyond the office building.

The first line of defense for all of these risks is to know your employees. The U.S. government puts its employees through a formal security rating process that normally goes back five years to detect potential security risks such as excessive debts, drug use, or criminal records. This is repeated for all employees every few years. Of course that does not completely eliminate problems, as history has shown, but it can cut down greatly on them.

Often one of the largest issues is that the security teams may not have a sophisticated knowledge of technology, and what is and is not a threat. Robert Hansen, the Cold War spy who became head of counter-espionage for the FBI while simultaneously spying for the Russians (and the subject of the movie “Breach”) used a Palm PDA to smuggle highly sensitive information out of FBI headquarters. Supposedly he was in part motivated by his disgust at the lack of technical expertise shown by the security enforcement personnel.

The lesson is that IT should form an alliance with building security, particularly in medium-to-high security environments, and provide its specialized knowledge to creating reasonable, effective security practices surrounding mobile computing devices. One thing to keep in mind is that while “better safe than sorry” may make the idea of forbidding everything attractive, that can also lead to exactly the kinds of practices and lowered morale that can make some employees more likely to break security, either by taking sensitive material out of the building against regulations for legitimate business use or in the extreme by actively spying for a competitor.