Your Data Has Left The Building - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Analytics
Commentary
9/6/2005
02:34 PM
Mitch Irsfeld
Mitch Irsfeld
Commentary
50%
50%

Your Data Has Left The Building

Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

And that can change your whole approach. We keep coming back to security, or the lack thereof, as one the pillars of compliance management, and for good reason. With mobile devices such as cellphones, PDAs, laptops, and the array of removable storage media for those devices, the threats are doubled because the data is still exposed to networks (internal and external) and also more susceptible to physical threats (theft, damage or getting lost).Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

And that can change your whole approach. We keep coming back to security, or the lack thereof, as one the pillars of compliance management, and for good reason. With mobile devices such as cellphones, PDAs, laptops, and the array of removable storage media for those devices, the threats are doubled because the data is still exposed to networks (internal and external) and also more susceptible to physical threats (theft, damage or getting lost).

Since the only way to prevent security problems or noncompliance with mobile data is to not allow the use of mobile devices, most IT managers are doing the next best thing, instituting policies around what data is allowed on these devices.

Policies that require the encryption of private data, or software that performs the encryption automatically seem to be the most effective, according to the IT Arhitect article, It's Audit Time. Do You Know Where Your Private Data Is? But what about the cryptographic keys? Since the mobile devices themselves are not designed to sit safely behind corporate firewalls, the keys need to go with them, and that defeats the purpose, so some vendors of mobile devices are using dedicated PKI chips.

And then you have to decide what gets encrypted and build policies around it. Yes, life was easier without mobile devices. But Rebecca Herold, an information privacy, security, and compliance consultant, author and instructor, has some advice about those policies. In her Top 10 Mobile Device Privacy Policies Herold outlines 10 things you can do to reduce the risk that confidential information will be accessed from lost or stolen mobile devices.

As your users access confidential data from both the network and from mobile devices, authenticating their access becomes more complex. There are still issues to resolve but the new standard, SAML 2.0, is making federated identity management technologically viable and may finally pave the way for single signon (SSO). But as the article ID Keepers Hit The Mainstream points out, you still have to appoint someone you trust to control all those identities.

For more on that, check out the review of Red Hat's open source Certificate System 7.1.Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll