As employee-owned portable devices become more sophisticated they become less secure, according to one analyst -- and the more senior an employee, the less compliant they are when it comes to protecting the information on those devices.
"It's likely that people higher up in an organisation will be the ones who own the more sophisticated devices, and these are the types of users who resent having security imposed on them," said Jay Heiser, research vice president and security specialist at Gartner, speaking at the company's Symposium yesterday.
James Turner, security analyst for research firm Intelligent Business Research Services (IBRS) told ZDNet Australia that he recently hosted a roundtable discussion with a number of IT managers who voiced this complaint.
"Some people were talking about their executives wanting the latest capabilities but resisting the use of authentication technology," he said.
"I think this tends to be a fairly common problem, and the important thing I say to IT managers is not to respond by hitting the panic button, you're far more likely to convince an executive of the importance of protecting their data by reminding them just how many mobiles and PDA's get left in cabs," said Turner.
Gartner's Heiser made the assertion that the security risks posed by portable devices are growing exponentially in accordance with their sophistication, level of use, and the number of devices owned by individuals.
"The more sophisticated the device, the more likely it is to contain sensitive data," said Heiser.
It's a good economy of scale to try to break something that most people have.
James Turner, IBRS
"I think it's fair enough to say that the more sophisticated devices are harder to protect, but the tricky thing about security is that you can't just lock everything down to cover against every feasible risk," said IBRS's Turner.
According to Turner, technically minded security specialists can often overlook the fact that accessibility is equally as important as protection, saying "as soon as a security process becomes too complicated users will switch off and stop taking even simple precautions."
Want to know more?
For all the latest news, analysis and opinion on security, click here
Gartner's Heiser believes that encryption will become one of the most important factors in securing portable devices, predicting that "in five years all laptops will be encrypted."
"Encryption for laptops will be essential eventually, I think it's a no-brainer, especially when we're finding ways to use encryption that are unobtrusive but provide a high level of protection," said IBRS's Turner.
Throughout the Symposium Gartner's Heiser has suggested that many security woes -- not just those involving portable devices -- can be solved through access control measures.
He recommended that security officers employ Mandatory Access Control (MAC) measures over information they thought was likely to end up on employee owned portable devices.
While Heiser rated laptops and high capability PDA's as being the high risk objects when it came to portable devices and security, he also noted that highly prevalent consumer devices such as iPod's posed a threat, given their tendency to be used as storage devices by some users.
"It's a good economy of scale to try to break something that most people have," said IBRS's Turner.
"I think Apple is going to have to learn the same painful lesson that Microsoft did; the bigger your market share, and the more popular your products are, the more likely it is you'll get attacked," he said.