The reluctance of employees to use what security is available to them always has been a problem. That problem -- which is well described in an article by Dale Vile, the research director of Britain's Freeform Dynamics -- is getting worse as the workforce deepens its use of mobile technology.
Vendors and IT departments have spent years trying to make security as passive, or automatic, as possible. It's a lot like modern seatbelts (aptly called passive restraints), which minimize the efforts necessary by riders to buckle up.
If people are reluctant to save their necks, they will be just as reluctant to save their data.
Devices are getting more powerful, storage capacity is growing and executives are demanding more freedom to work on sensitive data on planes and in cabs. At the same time, IT departments are loading the widgets up with ever-more sophisticated security software.
Sounds great: More functionality, heftier security and a more efficient workforce. The problem is that many people are disinclined -- we're polite, so we won't say too lazy -- to use passwords as they are intended to be used. The whole equation breaks down if users don't cooperate.
Vile says executives may opt to simply leave devices "open." It's as bad an idea as it sounds. Mechanisms exist to automatically log out users if there is no device activity for a certain amount of time. The bottom line, however, is that technology can't protect mobile devices if the people carrying them don't cooperate.
It's been proven many times during the past months that people play fast and loose with mobile devices, regardless of how sensitive the data on them is. What is just as disconcerting is that in many cases not encrypting data stored on the laptops doesn't breach corporate policies. This suggests that management itself is in denial about the problem.
The options, then, for enterprises aren't appealing. Not using mobile devices to their fullest chills job satisfaction and could tip the competitive balance toward companies that do. But running around town with PDAs, laptops and BlackBerries with sensitive information exposed to the world -- which, of course, is full of bad people -- will cause severe agitation for security personnel.
Biometrics, Vile says, is one answer. Unfortunately, such solutions -- which include fingerprint readers and even iris scanners -- have not proved popular, though more interest has been shown lately.