How vulnerable is sensitive information on mobile devices?
I'm quoted in today's Wall Street Journal in a special section on mobile security (page A20) and thought this subject would make for a good topic of discussion on ITKE.
We hear story after story, breach after breach, and study after study related to sensitive information on mobile devices being compromised but yet the problem is still rampant and seems to be getting worse. Does no one in management truly understand the seriousness of this issue? Or, do IT admins and security managers just not have the time and energy to devote to it?
I think its one of the biggest information security problems we face right now...I've written extensively about the vulnerabilities associated with data at rest and have especially ranted about sensitive information on unprotected mobile devices. But I feel alone.
What do you all think? Are you coming across the same issue? If so, what solutions are you seeing and/or recommending?
Software/Hardware used:
Software/Hardware used:
ASKED:
September 23, 2009 8:17 PM
UPDATED:
October 2, 2009 1:19 PM
Answer Wiki:
Anybody have any input on this?
**********
Just saw this Kevin. We have at least implemented strong password protection on any mobile devices connected to our exchange server and have disabled connectivity for all devices except those approved. We also inform users their device will be wiped if lost. Approved devices at this time are only blackberry devices connected to our BES and owned by our organization. No personally owned devices are allowed to connect. We get pressured from time to time to be more lenient but so far we have not caved.
To see all answers submitted to the Answer Wiki: View Answer History.
I think the silence speaks loud and clear.
Technochic – I’ve seen this same setup work well at other organizations…what about laptops, flash drives, and external hard drives? Doing/seeing anything in that area?
We have implemented Secure Doc full disk encryption for all our corporate laptops. This at least keeps anyone from accessing info on a lost or stolen laptop. Nothing has been done to block use of flash drives or external hard drives, and I think this is another serious security hole.
Good to hear. Interesting how we still haven’t been able to get the idea that unprotected laptops are a *huge* business risk into the heads of most executives. A look-see at the Chronology of Data Breaches shows we have a long way to go.