Wayne Rash raises two very important and related points in a post at IT Business Edge's new site CTOEdge.
Rash, reacting to the Sidekick data loss, took on the topic of the overall security level of smartphones. Rash said that the marriage of mobile devices to cloud storage-Microsoft's appropriately named Danger unit holds the data for Sidekick users on the T-Mobile network-means that security concerns track all the way into the network. They don't stop at the device.
The related point is that regulators will expect enterprises to know the details of where data is and how it is stored at all times, including any time it spends in the cloud.
The bottom line to both of these points is that companies using off-device storage for mobile messaging have to do a great deal of due diligence to make sure the data is safe-and to prove that it is so. This suggests a whole new line of questioning to vendors and service providers-and a whole new set of admonitions to employees who may naturally use the same services for work as they do in their consumer lives.
Rash's opinions, which focus on concerns and uncertainty about smartphone security, dovetails nicely with a study released by Goode Intelligence in the UK The report, done in association with Acumin Consulting, said 89 percent of surveyed security professionals think that awareness of phone security is inadequate. The survey also said 46 percent of organizations have no mobile phone security policy. The press release offers a lot of interesting and telling survey results.
The changing world of security is a subtext of this Processor piece on mobile security. The writer says IT departments should lock down gear as tightly as they can without affecting user experience, perform a rewards-versus-risks assessment and seek to control mobile applications. As one of the subheads to the piece suggests, it is quite a balancing act. A short sidebar to the main story makes the important point that the world is moving from a device- to an identity-based orientation. Doing so is easier said than done. The result is more of an emphasis on the individual and less on the devices he or she has, which is becoming more fluid by the day.
The world is far more complex than when everything was neatly tucked behind a firewall. Today, security experts are asked to do something that is rife with inherent contradictions: They are mandated to secure equipment that is out of their control. Indeed, in some cases, they are being asked to secure devices of which they are not even unaware.