Mobile device security – we keep spinning our wheels

It’s been a year since I contributed to a piece on mobile security for the Wall Street Journal and was thinking about how things have changed since then. In a nutshell: They’re gotten more complex and less secure.

It’s amazing – and scary – given all the sensitive electronic information scattered everywhere across any given network. Be it workstations, servers, databases, smartphones, mobile storage devices – you name it – it’s so often they go unprotected. By that I mean there are no access controls to prevent unruly employees from doing bad things with your data and no access controls to prevent outsiders from doing bad things, either.

I’m not just talking about corporate intellectual property either. I’m talking about healthcare records, SSNs, credit cards, and other personal information…personal information belonging to me and you! This isn’t just a business issue – it’s a privacy and identity issue that affects us personally.

This is backed by story after story, breach after breach, and study after study. Just Google “mobile security breach” and you’ll see what I mean. The Privacy Rights Clearinghouse Chronology of Data Breaches reveals such breaches practically every week.

If you’re responsible for information security, audit, or compliance in your organization … this subject/dilemma should be on your short list of priorities for the coming year. Rather than just ranting, let me share with you some solutions and further reading:

• Document Security – Protecting sensitive information both inside and outside the firewall
• Securing data at rest vs. data in transit
• The compliance payoffs for securing vulnerable information at rest
• Tools for securing mobile drives
• The problem with unstructured information
• How to secure laptops in 7 steps
• Enterprise iPads: Compliance risk or productivity tool?
• Can mobile device security include risk management and compliance?

..and finally, some of my blog posts on the subject.

Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. You can reach Kevin through his website at www.principlelogic.com and follow him on Twitter at @kevinbeaver.