Healthcare // Analytics
Commentary
9/6/2005
02:34 PM
Mitch Irsfeld
Mitch Irsfeld
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Your Data Has Left The Building

Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

And that can change your whole approach. We keep coming back to security, or the lack thereof, as one the pillars of compliance management, and for good reason. With mobile devices such as cellphones, PDAs, laptops, and the array of removable storage media for those devices, the threats are doubled because the data is still exposed to networks (internal and external) and also more susceptible to physical threats (theft, damage or getting lost).Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

And that can change your whole approach. We keep coming back to security, or the lack thereof, as one the pillars of compliance management, and for good reason. With mobile devices such as cellphones, PDAs, laptops, and the array of removable storage media for those devices, the threats are doubled because the data is still exposed to networks (internal and external) and also more susceptible to physical threats (theft, damage or getting lost).

Since the only way to prevent security problems or noncompliance with mobile data is to not allow the use of mobile devices, most IT managers are doing the next best thing, instituting policies around what data is allowed on these devices.

Policies that require the encryption of private data, or software that performs the encryption automatically seem to be the most effective, according to the IT Arhitect article, It's Audit Time. Do You Know Where Your Private Data Is? But what about the cryptographic keys? Since the mobile devices themselves are not designed to sit safely behind corporate firewalls, the keys need to go with them, and that defeats the purpose, so some vendors of mobile devices are using dedicated PKI chips.

And then you have to decide what gets encrypted and build policies around it. Yes, life was easier without mobile devices. But Rebecca Herold, an information privacy, security, and compliance consultant, author and instructor, has some advice about those policies. In her Top 10 Mobile Device Privacy Policies Herold outlines 10 things you can do to reduce the risk that confidential information will be accessed from lost or stolen mobile devices.

As your users access confidential data from both the network and from mobile devices, authenticating their access becomes more complex. There are still issues to resolve but the new standard, SAML 2.0, is making federated identity management technologically viable and may finally pave the way for single signon (SSO). But as the article ID Keepers Hit The Mainstream points out, you still have to appoint someone you trust to control all those identities.

For more on that, check out the review of Red Hat's open source Certificate System 7.1.Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

Comment  | 
Print  | 
More Insights
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Healthcare data is nothing new, but yet, why do healthcare improvements from quantifiable data seem almost rare today? Healthcare administrators have a wealth of data accessible to them but aren't sure how much of that data is usable or even correct.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.