Log In

Reset Password
BERMUDA | RSS PODCAST

Mobility of data … whose device is it?

Ronnie Viera

It has been a long time since the days of company and customer sensitive data being managed and accessed within the physical boundaries of a building. Global networking and the internet changed all of that back in the mid to late 1990s with employees and customers having more access to data than ever before.While this has given rise to a plethora of software tools to help a company manage this new reality, the challenge is now greater and expanding to mobile technology in a way that we have never seen before.In a developing trend, many companies are now embracing the “BYOD” or “bring-your-own-device” approach when it comes to an employee’s work environment. While not all positions are suitable for this, in the new economy, many companies are seeking ways of reducing costs and since most people own a mobile device and many have their own laptops, there is a significant potential savings by allowing employees to use them in the enterprise.Additionally, the iPad and tablets in general, are now important personal productivity tools which are used for a number of things such as note taking, calendaring and task management. This added efficiency extends to the board room where directors are using these devices instead of carrying around reams of paper.Access to so much information and functionality is great news for consumers and companies alike; however, it comes with its own set of new risks. I recall attending a mobile technology conference in 2004 where the idea of “location based” services, was just that, an idea, with predictions that “soon” one would be walking down a street and be inundated with retail specials from the very stores you were walking past.While it has taken several years to become a reality, this technology exists in most smart phones today and some may recall the controversy earlier in the year when Apple was accused of storing and using the iPhone location based data, unbeknown to most users. With consumers now having access to so many services using mobile applications such as banking, investments, e-mail and social networking, it is sometimes difficult to know how the data being accessed, is being protected and who may be “listening in”.In addition, in the not too distant future, many will be using their mobile to pay for items in a store without pulling out the plastic. Awareness of the risks is important as well as being careful of where & when you use certain applications and services to protect your private information. But be aware, this concern over your own data may soon extend to that of your employer.Consider the following:l Mobile users will represent 60 percent of employees by 2012 according to Research In Motion (maker of the BlackBerry); another survey (Infotech) shows that 83 percent of the companies already allow employee owned devices to be connected to the corporate network.l The numbers of Malware (viruses, Trojans etc) have grown substantially since 2008, by some estimates as much as 400 percent.l The Android OS, due to its rapid growth and the ability to download apps from just about anywhere, is the main target of new mobile malware threats.l Without the use of proper controls, companies have little visibility or control over personally-owned mobile devices. Many do not have the most basic form of security which is requiring that a password be used to access the device.l Many personally owned mobile devices now store corporate data which is easily attained through attachments to e-mail etc.l Depending on whose statistic you believe, there are thousands of mobile devices lost annually in North America.l Many companies are unable to “remote wipe” data on their employees’ mobile devices which compounds the problem mentioned above in addition to the risk of employee termination and corporate data being stored on their personal device.What was a personal object of enjoyment and tool for communicating, the personal mobile device is quickly becoming an important work tool.Companies who choose to allow personal devices to connect to their network need to have the appropriate policies and technical tools in place to isolate the personal use of an employee owned device, properly manage access to the corporate network and ensure encryption of company data on the device. Balancing your personal use and needs of the device with your employer’s need to protect their data, means being prepared to give up some control over it.How this all develops over the next little while remains to be seen but personally I have always been an avid user and supporter of mobile technology having switched my 10+ year Palm OS loyalty to Apple in the last few years. The benefit of not having to carry around two cell phones (company and personal) outweighs my concern over the company’s control over my personal device. Plus isn’t it great to be able to keep a handle on your work e-mail when you’re on vacation … it makes returning to the office so much easier!Ronnie Viera, CISSP, CISM, CISA. Disclaimer: Views and comments expressed are personal do not necessarily represent those of Mr Viera’s employer.