Healthcare // Analytics
Commentary
9/6/2005
02:34 PM
Mitch Irsfeld
Mitch Irsfeld
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Your Data Has Left The Building

Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

And that can change your whole approach. We keep coming back to security, or the lack thereof, as one the pillars of compliance management, and for good reason. With mobile devices such as cellphones, PDAs, laptops, and the array of removable storage media for those devices, the threats are doubled because the data is still exposed to networks (internal and external) and also more susceptible to physical threats (theft, damage or getting lost).Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

And that can change your whole approach. We keep coming back to security, or the lack thereof, as one the pillars of compliance management, and for good reason. With mobile devices such as cellphones, PDAs, laptops, and the array of removable storage media for those devices, the threats are doubled because the data is still exposed to networks (internal and external) and also more susceptible to physical threats (theft, damage or getting lost).

Since the only way to prevent security problems or noncompliance with mobile data is to not allow the use of mobile devices, most IT managers are doing the next best thing, instituting policies around what data is allowed on these devices.

Policies that require the encryption of private data, or software that performs the encryption automatically seem to be the most effective, according to the IT Arhitect article, It's Audit Time. Do You Know Where Your Private Data Is? But what about the cryptographic keys? Since the mobile devices themselves are not designed to sit safely behind corporate firewalls, the keys need to go with them, and that defeats the purpose, so some vendors of mobile devices are using dedicated PKI chips.

And then you have to decide what gets encrypted and build policies around it. Yes, life was easier without mobile devices. But Rebecca Herold, an information privacy, security, and compliance consultant, author and instructor, has some advice about those policies. In her Top 10 Mobile Device Privacy Policies Herold outlines 10 things you can do to reduce the risk that confidential information will be accessed from lost or stolen mobile devices.

As your users access confidential data from both the network and from mobile devices, authenticating their access becomes more complex. There are still issues to resolve but the new standard, SAML 2.0, is making federated identity management technologically viable and may finally pave the way for single signon (SSO). But as the article ID Keepers Hit The Mainstream points out, you still have to appoint someone you trust to control all those identities.

For more on that, check out the review of Red Hat's open source Certificate System 7.1.Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

Comment  | 
Print  | 
More Insights
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Healthcare data is nothing new, but yet, why do healthcare improvements from quantifiable data seem almost rare today? Healthcare administrators have a wealth of data accessible to them but aren't sure how much of that data is usable or even correct.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.