Wireless - Mastering Mobile Madness
This past summer, Intelsat’s Kraus held an information security awareness day for all employees of the satellite communications company, where he made sure that everyone knew about virus protection, identity and password management, wireless devices and protecting home PCs. At his law firm, Novak says he spends a lot of time in coaching sessions for security best practices. He also sends out e-mails of tech tips that take users no more than 10 minutes to read. “Once you can explain in business terms why this is important, they can carve out the time to read it,” he says.
CIOs also need to make sure that the help desk is well-versed in these new devices before they’re rolled out to a single user. “That’s where the disconnect happens,” says Reality Mobile’s Rensin. Far too often, the help desk gets thrown the BlackBerry or Treo training manual after the fact, and then they have to learn it while dealing with cranky users. Time and money lost in that process may be hard to quantify but “there’s never any way to recover it,” Rensin adds.
Enforcement of a device security policy is one of the biggest pieces of any overall mobile device strategy, especially in light of regulations such as Sarbanes-Oxley, HIPAA and Gramm-Leach-Bliley. If CIOs are going to “allow these devices, then they need to make sure their policies are enforced,” says Maiwald.
One way to enforce a security policy is to track rogue devices, especially if you’ve decided not to allow any unapproved devices on the network. Tracking requires security software that can, for example, scan for unauthorized device-to-desktop synchronization, or unauthorized devices accessing your network through your wireless LAN.
If such a policy is in place but is not enforced, the risk to the organization may be greater than if the organization were to simply ignore the problem. That’s because the existence of the policy may give the enterprise (and the CIO) a false sense of security, Maiwald writes in the Burton Group report. And if any employee leaves the company, CIOs have to make sure that his device has been wiped clean of all company information. (See “When the Bits Bite the Dust” for more on wiping hard drives clean at www.cio.com/100105.)
In the end, any mobile device “is only as secure as the human operating it,” Ovum’s Entner says. “No amount of software can change that.”
Get the latest on network infrastructure tools and technologies.
