Your Data Has Left The Building - InformationWeek
IoT
IoT
Healthcare // Analytics
Commentary
9/6/2005
02:34 PM
Mitch Irsfeld
Mitch Irsfeld
Commentary
50%
50%

Your Data Has Left The Building

Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

And that can change your whole approach. We keep coming back to security, or the lack thereof, as one the pillars of compliance management, and for good reason. With mobile devices such as cellphones, PDAs, laptops, and the array of removable storage media for those devices, the threats are doubled because the data is still exposed to networks (internal and external) and also more susceptible to physical threats (theft, damage or getting lost).Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

And that can change your whole approach. We keep coming back to security, or the lack thereof, as one the pillars of compliance management, and for good reason. With mobile devices such as cellphones, PDAs, laptops, and the array of removable storage media for those devices, the threats are doubled because the data is still exposed to networks (internal and external) and also more susceptible to physical threats (theft, damage or getting lost).

Since the only way to prevent security problems or noncompliance with mobile data is to not allow the use of mobile devices, most IT managers are doing the next best thing, instituting policies around what data is allowed on these devices.

Policies that require the encryption of private data, or software that performs the encryption automatically seem to be the most effective, according to the IT Arhitect article, It's Audit Time. Do You Know Where Your Private Data Is? But what about the cryptographic keys? Since the mobile devices themselves are not designed to sit safely behind corporate firewalls, the keys need to go with them, and that defeats the purpose, so some vendors of mobile devices are using dedicated PKI chips.

And then you have to decide what gets encrypted and build policies around it. Yes, life was easier without mobile devices. But Rebecca Herold, an information privacy, security, and compliance consultant, author and instructor, has some advice about those policies. In her Top 10 Mobile Device Privacy Policies Herold outlines 10 things you can do to reduce the risk that confidential information will be accessed from lost or stolen mobile devices.

As your users access confidential data from both the network and from mobile devices, authenticating their access becomes more complex. There are still issues to resolve but the new standard, SAML 2.0, is making federated identity management technologically viable and may finally pave the way for single signon (SSO). But as the article ID Keepers Hit The Mainstream points out, you still have to appoint someone you trust to control all those identities.

For more on that, check out the review of Red Hat's open source Certificate System 7.1.Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll