Perhaps security folks are so accustomed to dealing with wireless safety issues that they miss the forest for the trees. The forest, in this case, brings an especially unpleasant reality: People don't care enough about mobile security to do anything about it.
Signs of this not-so-benign neglect are everywhere. Pointsec Mobile Technologies recently conducted a survey of taxi companies in the San Francisco and Washington, D.C./Baltimore areas. Seems that people are just as easily separated from their mobile devices as they were before a year filled with embarrassing and potentially costly high-profile mobile security lapses.
Denial, of course, is a useful tool. If we didn't use denial creatively, we'd never go to the dentist or the gym, eat our vegetables, have kids, or do anything else that guarantees short-term pain in exchange for long-term gain. It's going too far, however, when we use denial as a mechanism for not doing something that in the long run can cost us our corporate skin. Assuming our mobile gadgets are magically inviolate and not bothering to encrypt data or take other measures clearly is an example of an inappropriate level of denial.
The answer, of course, is the development of mobile security systems that don't rely on end users to activate. Parallel to this is the need for cogent and well-designed policies and centralized management that enables remote control of remote devices.
The security industry has been talking about this for a few years. The troubling element is that it seems that the denial is not just with end users. Surveys from Entrust and the Business Performance Management Forum suggest that many companies, especially smaller ones, are just as negligent as end users. This is frightening. Similarly, the fact that some providers of metro Wi-Fi services in hotels -- and, by extension, coffee shops and airports -- don't put a priority on security is enough to keep CSOs up nights.
In the final analysis, it's bad that end users -- workers on the run -- don't pay attention to the security of their mobile devices. That's somewhat understandable, however. It's far worse that hotspot providers and even IT departments don't pay heed, since it is something for which they clearly are responsible.