Is Data Security for the Mobile Workforce an Oxymoron?

The iPhone 6 has been under much media pressure recently with "Will it bend?" tests among other cringe-worthy videos like "Will it blend?" flooding the internet. One need not look too far back in time to find mobile phones that were much sturdier and consumers treating their mobile phones and personal devices with much more respect. Consumers also owned fewer of these devices, as there was a much higher premium to pay for owning what used to be a novelty. 

These days, however, consumers are flooding the workplace with their (sometimes multiple) mobile devices, together with portable storage devices like the ubiquitous USB flash drive. This combination has been dishing out massive headaches to CEOs and CIOs alike.In a conversation with the CEO of a large sales organization, we found out that one of the key issues that keeps him awake at night is the constant outward flow of company data through portable storage devices and file sharing applications, including Dropbox and Google Docs, where users could easily upload sensitive company data, even via their phones. There are simply too many ways information can be transferred out of the organization. He already had some security measures in place for his organization (which is why he knows of the data flow) but was not clamping down on the use of such devices because the sales staff within his organization needed quick and unrestrained access to information. This is especially true of FSI (Financial Services Industry) organizations that have large numbers of sales personnel running around to meet customers. It used to be that sales people leaving an organization brought sensitive customers and sensitive company information with them as they left. Now, they can “share” this information to anyone, intentionally or not, without even handing in the resignation letter.

What do we do then? Should we go paranoid on our employees and apply a blanket ruling to ban all storage devices, block all ports and limit access to information to within the office network? I had the chance to glimpse into some possible (albeit justifiably paranoid) solutions during my days as a conscript in the Singapore Armed Forces. Some of the measures included but were not limited to what one would see in the movies – metal detectors, X-ray machines, encrypted workstations, encrypted storage devices and more. While this allowed some mobility such that users issued with portable encrypted workstations and storage devices could bring some work back home, access to important systems had to be limited to the office. Moreover, permission to bring out certain data required an often lengthy authorization process.While effective for the armed forces, this is one solution the highly mobile organization cannot afford to implement. Unfortunately, from what I have heard, this is exactly what some organizations are doing in order to safe-keep their data.What can organizations do to come to a balance between productivity and security? 

I’m glad to say that solutions marrying mobility and security do exist and we’ll be looking at a few of them in a future post. 

1250 views

Like this article? Rate it!

Related Articles