“Free as a bird, is the next best thing to be,” sang the Beatles. This is what modern workers want more and more: they want to be able to work while commuting, on a business trip and at home, even in the middle of the night or at weekends.
Naturally, the need for greater out-of-hours and out-of-office accessibility to work resources has grown with the development of new, smaller and lighter devices that are constantly coming out and gaining ground in the market.
With the choice getting wider by the day, professionals, who are getting more and more tech-savvy, want to be able to have their say when it comes to choosing their mobile devices. They want to be free to use what they like and are used to, for example their own mini Netbook or smart phone, rather than being forced to use machines approved by the IT department, often heavier and less discreet.
Some organisations have considered setting a budget for hardware expenses and allowing each individual to choose their own machine. Although arguably democratic, this move can turn out to be a disaster for two main reasons: firstly, the organisation would need to provide widely skilled, up-to-date support to cover all of the machines; secondly, and most importantly, the trendiest and newest gadgets often present the most risks concerning security.
While iPads and iPhones may appear more attractive than laptops, Blackberry and other handheld mobiles, it is not by chance that they are not popular in the workplace: they are not suited for remote VDI access and lack security lockdown features. Many smartphones were not originally designed for business or corporate use, therefore do not support data encryption. In addition to this, because of their novelty they may be more vulnerable to viruses and hacking. Let’s keep in mind that trendy devices are more eye-catching and at a higher risk of being stolen. If the device is not effectively password-protected and its data encrypted, then the thief will have full access to the crown jewels.
Another risk linked to mobile devices is that the smallest, lightest ones have less storage capacity, therefore users end up transferring and storing data through the use of external devices such as memory sticks, and sometimes other unconventional tools which allow data storage, such as digital cameras memory cards or mp3 players, perhaps to conceal sensitive information. While small devices like memory sticks are easy to lose, the unconventional ones do not provide adequate levels of data protection.
Even with the new Data Protection regulations which came out this year, forcing private companies to declare breaches to the Information Commissioner who is free to make them public, and facing breachers with fines up to £500,000, it still seems that many organisations do not fully understand the need to enhance their security measures. A survey conducted by ICD Research in association with CBR found that organisations are planning to spend 42% more on mobility this year, whilst 36% will spend the same budget as the previous year. However, surprisingly, 61% are planning to spend the same amount of money on security as the year before, and only 28% are going to increase spending in that area. From this data, it appears that although organisations recognise the need for mobile devices and to embrace mobility, they do not completely realise the importance of security, which becomes even more crucial when work is taken outside the office doors.
To be effective, security must work in layers, and protect access equally from the outside and from the inside. Apart from passwords and physical barriers to impede external access, it is important to update antivirus software regularly, especially on the more modern devices, which are typically more vulnerable to bugs and attack by hackers.
It is important as well to allow data to self-protect, in case the previous measures fail to be effective or in the not uncommon case of human error. Only recently, the news came that a police officer emailed some 100,000 criminal records to a journalist by mistake, due to the auto-complete function in his email account. Although human error cannot be automatically prevented, there is a way to save the organisation from a breach of data security, and that is to encrypt all documents, even when they are just sent between co-workers. Data is exposed to risks whilst in transit, attached to emails, when the transmission channel is owned by an external provider.
To insure an enhanced level of security, training should be provided to all members of the organisation, as most breaches happen at end point. A security culture must be introduced with mobility to reduce the attendant risks and, most importantly, a loss of reputation for the whole organisation, and not only the employee responsible for the breach. It is only embracing such measures that mobility, efficiency and security can finally meet.
Ayodele Soleye, Senior Consultant
Find this article online on Director: http://www.director.co.uk/ONLINE/2010/06_10_ipad_security.html