X
Business
Home Business Companies IBM

Security to go

Commentary--IBM's Doug Conorich says mobile security is a must--but it must be without the extra procedures that will wear down a company's productivity.
Written by Doug Conorich, Contributor
Commentary--Ten years ago, "mobile worker" probably had a very different meaning for most companies than it does today. However, as more and more employees find themselves working outside the company walls, this term has come to mean much more.
Doug Conorich
Doug Conorich
IBM

As wireless technologies have increased in speed, availability and practicality, so have their adoption rates. According to research firm IDC, the global mobile workforce is expected to grow by more than 30 percent in the next four years. This means that over 878 million mobile workers will be conducting business via laptops, handhelds and cell phones by 2009--making up about one-quarter of the global work force. And, clearly, we can assume that this trend will continue.

Of course, as the percentage of employees working remotely continues to rise, so does the threat to keeping their work secure. Where it has traditionally been hard enough to keep networks secure and efficient when employees worked on the premises, it will be harder yet to guard work not being done on a company's grounds. The sudden surge in mobile workers can't be overlooked, as this is surely not the end of the transition from in-house to remote and from wired to wireless.

So, now that wireless actually works--what do we do now?

The answer, clearly, is to make sure that these mobile setups continue to work, and that companies continue to adapt their current policies to include these workers. However, how will this affect productivity and profitability?

The more time and resources that need to be invested in new security solutions, the less there will be available to focus on other tasks. This concerns both those that implement and those that use the technology, of course. Employees will want to avoid being bogged down in a long trail of passwords and security procedures, and they will still want access to the same data on the road that they can retrieve in the office. However, misuse of information can cost IT staff valuable time as well, as they work to patch holes and fix problems. In order to ensure that the entire network is properly secured, companies must make sure that all the bases are covered. At this point, a good security policy doesn't just mean protecting the technology in use, but even more so protecting the actual information. This means not only the wired and wireless technologies, but also all information access and authorizations. Corporations need to outline which assets need protecting, and then prioritize which need to be seen to first.

If, for example, an e-mail list is stolen or a password to a low-level system is misplaced, the threat may be relatively low. However, if thieves get access to customers' personal or financial information, this could clearly be very damaging. By ranking company data and assets in terms of the value that would be lost due to theft or breaches, valuable time and money can be saved.

After conducting a risk assessment and ranking assets, the next move is to classify company data, and determine what is public, what is private, and who needs to have access to what. A good deal of time and effort can be saved by setting up a good framework from the start.

However, as has been the pattern, the biggest threat to these new wireless security models may likely come from within the company. Employees will only follow rules if they know them, so it's vital to determine a good security policy and appoint a specific IT employee or business manager to be in charge of it. This leader should be in charge of making any necessary changes to the policy and reviewing it on a regular basis to ensure that the plan continues to work and address all issues--and in charge of enforcing the rules.

A good policy should outline all the details, and give specifics on who has access to what data, what encryption procedures are, how to set up and change passwords, and how to report problems. This will ensure that even if devices are misplaced, the information on them will be of no use to would-be thieves. Furthermore, don't stop at laptops. PDA and cell phone viruses are become more and more commonplace, and the data on these devices can be just as vital. Encrypt vital information on all devices, and restrict access to only those who need it.

The bottom line in this debate is that while the need for change is immediate, there's no quick fix. This is not the type of problem that can be solved once and forever--requirements to keep a wireless network secure will continue to change over time. By creating a dynamic, adaptive security plan, we can be sure to spend time and resources attacking the threat, not rewriting our own plans.

biography
Doug Conorich is Global Solutions Manager for IBM's Business Continuity and Recovery Services.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

windows-11-laptop

Microsoft is now showing ads in Windows 11's Start menu. Here's how to block them

GOTRAX 4 electric scooter

The Jackery Explorer 1000 is one of the best portable power stations you can buy, and it's on sale