Security 101
Posted: 03.01.05 - By Craig Settles

In the past, many executives and department managers viewed hardware and data security as an IT issue that didn’t merit much thought on the business side of things. But the surge in mobile application deployments brings with it a new reality. Security matters, and it requires your direct attention.

In the new mobile and wireless world order, security—or the lack thereof—impacts your ROI. Either wake up to this reality and address it now, or wait till all hell breaks loose. Here’s where your bottom line is exposed.

First, there’s the financial cost if a mobile device is lost. The device itself is expensive to replace—strike one. Data on the device is expensive (far more so than the hardware itself) to replace, assuming that’s even possible—strike two. Whatever productivity that device was generating is lost for however many days it takes to replace the unit and the lost data—strike three.

Beyond immediate quantifiable losses is the impact on business operations if sensitive data falls into the wrong hands or unauthorized people obtain access to server data through stolen passwords or hacked Wi-Fi access points.

Finally, there are the six- and seven-figure fines and other drastic financial losses that can hit you if your mobile technology somehow causes a breach of customers’ privacy or fails to adhere to compliance rules (e.g., HIPAA or Sarbanes Oxley).

So what do you do, get advanced degrees in security technology? A less painful and more effective tactic lies in a different type of schooling for your employees and you.

School your people by creating a “culture of security.” Mobile devices are often viewed more as personal than company property, due to their size, what’s stored on them (personal as much as business data) and the fact that they live with many people day and night. In this new culture, it must be ingrained into the mobile workforce that any laptops, PDAs or mobile phones that store and provide access to company data are company assets. Reinforce these lessons with penalties for forgetting, particularly when forgetting results in data loss or a security breech. Few people want to leave their year-end bonus payment sitting on a subway car.

The culture teaches mobile users that IT’s security guidelines, passwords and access procedures are to be followed as if their careers depended on them. Executives and workers are constantly reminded about on-the-road security guidelines, including the proper use of devices when accessing hotspots or even access points within a customer’s facilities. Access points are potentially windows into the soul of your network. Caution must be second nature.

School yourself by learning how compliance regulations governing your organization can impact, or be impacted by, the use of mobile technology to access server data, collect data and manage documents. How mobile and wireless access to data impacts compliance may not be clear, but federal and state enforcers of compliance rules often will fall back on the ancient maxim: “Ignorance of the law is no excuse.”

How is patient data protected after it’s collected and stored on mobile devices? What customer data is accessed by which mobile worker and when? You may have to answer these and other questions. Even knowing what data is viewed on a device that’s been handed to another person can come into question. Are you guarding against rogue access points on your site, and what safeguards are in place to prevent hacking through legitimate ones?

You need to be knowledgeable about these and other issues, because any ROI analysis of mobile and wireless applications must factor in the financial upside of facilitating security and the potential downside if your security falls short.


Leisure Publications