Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile Encryption: Don't Leave Home Without It

Let's face it, laptop loss is reaching epidemic proportions. In the just released 2007 CSI Computer Crime and Security Survey, half of respondents had a laptop or mobile device stolen in the past year. In response at least 35 states require some form of notification when customers' or employees' personal information has been compromised. Federal laws such as HIPAA, GLBA and even SOX mandate data protection efforts, with encryption strongly suggested—and stiff penalties if recommendations are ignored.


InformationWeek Reports

And then there are your customers. A study by the Poneman Institute found that only 7% of companies said concern about protecting customers was a motivating factor to invest in encryption. We can only hope that's a statistical blip, for all our sakes. As the public becomes weary of continual data breaches—everyone has a friend who's been a victim of identity theft—inevitably customers will begin to scrutinize the practices of companies they do business with. Complicating all this are new e-discovery rules; claiming you can't access data because no one knows how to decrypt it isn't going to win points with a judge.


Data Privacy
Immersion Center

NEWS | REVIEWS | BLOGS | FORUMS TUTORIALS | STRATEGY | MORE

Policies

We've said it before and we'll no doubt say it again: Successful security starts with comprehensive policies. This is true in spades with mobile encryption. There's no way around the fact that device encryption is inconvenient for users. A policy will help garner support at the executive level, vital to reduce pushback. Policy should also define exactly what data needs to be protected in which circumstances, and when various safeguards, including encryption, are to be applied.

Your policies should limit the amount of sensitive data stored on mobile devices, favoring instead secure remote access. Mobile devices are uniquely dangerous because all the normal security risks are present, along with the added threat of loss or theft. Your goal is to prevent someone in unauthorized possession from accessing data. Limiting encryption to this threat profile can greatly simplify both the rollout of the encryption system and improve ease of use.

  • 1