Survival of the fittest

TB. We are becoming all the more mobile in our work life. Today’s tools allow us to enjoy constant connectivity from almost any location, enabling us to manage our e-mail from home or on the road. The recent UK government-sponsored Workplace Employment Relations Survey (WERS) 2004 highlighted the fact that the number of workplaces offering staff the opportunity to work flexibly has almost doubled in the last six years.

Mobile computers are getting more capable, yet smaller and smaller, making them easier to lose. Even a small USB storage stick can store vast quantities of customer databases etc. Data protection legislation sets high demands on organisations handling personal information. Identity theft has been called the fastest growing crime both in the US and in the UK.

Furthermore, an internet enabled mobile device is also a key to the organisation’s network. A lost or stolen PDA or smartphone can allow unauthorised users easy access to corporate secrets.

CXO. What are the cost effective benefits of investing in security?

TB. Adequate security measures will result in productivity gains, for example by allowing users to work remotely when they want to. Information on laptops and handheld devices needs to be protected, so that the co-worker can carry important documents without risk when travelling. It is essential that security is not treated as an option in these cases, when it actually is a key enabler for new applications and services that benefit the bottom line.

CXO. What particular threats do mobile devices pose to an enterprise? How significant are they?

TB. A laptop, PDA, smartphone or even storage media such as a USB Flash memory have the capacity to contain all an organisation’s vital information. Such a device is easily lost or stolen. Pointsec’s latest global survey shows that hundreds of thousands of portable devices are left in taxicabs every year. The number of high profile security incidents involving lost laptops or handhelds over the last year is stunning. Remember the stolen MCI Inc. laptop containing 16,500 names and social security numbers of current and former employees. Or the Morgan Stanley PDA sold on eBay including confidential information.

When an incident occurs, clean-up costs can be significant. Damages to an organisation’s reputation can be devastating. According to several of the data protection regulations taken in use all over the planet, it is compulsory for any organisation to protect the private data of individuals. If data is compromised, everybody at risk must be informed, and company management may be held personally responsible.

CXO. As information flowing into organisations increases exponentially, what are the challenges to keeping mobile devices secure? Information loss or theft is one of the biggest threats to organisations today, how can the risks posed by PDAs, phones and converged devices be reduced?

TB. If information stored on each mobile device is protected through encryption and strong authentication, the cost of a lost or stolen device is reduced to the mere cost of the hardware. The real value lies in the information, and the damages it can cause, should it end up in the wrong hands. In order to win user acceptance, an encryption solution needs to be intuitive, without leaving any options. If the user has to choose between encrypting or not, he would in most cases go for the latter. The solution must also be easy to manage in large organisations, including means to remotely implement changes to the security policy to each and every device and to assist users who forget their passwords in a secure fashion.

CXO. Are companies currently doing enough to safeguard their confidential information while still allowing workers mobility? How can they get that balance right?

TB. A good starting point is to assess the value of the organisation’s information by conducting a risk analysis. What costs would arise if information is somehow exposed to the wrong people? Through a risk analysis, an optimum level of security investment can be defined. Then again, you have to invest in the right security. Smart phone viruses are not really an issue today. Information loss is.

CXO. What do you think about the state of IT security today as an industry? How do you see it improving in the future?

TB. As long as new security threats arise, whether from new types of attacks or from using new types of devices, the IT security industry will continue to grow. We will likely see more cooperative efforts, such as security solution providers partnering with each other to create more comprehensive solutions.