Mobile Security: Still Crazy After All These Years


The definition of insanity -- at least in popular culture -- is doing the same thing repeatedly and expecting a different result. By this definition, many business people and IT departments apparently are a few bytes short of a full hard drive.


OK, we already knew that. Specifically, this post at eWeek by Eric Lundquist discusses and links to a PricewaterhouseCoopers study showing that people aren't protecting their mobile devices with any conviction. This finding comes in the face of the run of lost and stolen laptops that hit about three years ago and never totally abated, and the well-known dangers of smartphones gone missing.


The survey, Lundquist says, reports that only half of respondents use laptop encryption, 40 percent use removable media encryption, 42 percent encrypt handheld and portable devices and 40 percent have security standards for cellular and PCS systems. One could subtract those percentages from 100 percent to determine how many people aren't crazy.


The situation seems no better in the UK. Another survey, this one by Credant, looked at mobile device security among lawyers. A quarter of them put confidential documents on mobile devices. Of those surveyed, 37 percent believed a lost machine would be vulnerable to a thief and 13 percent believed their devices wouldn't be breached. More than 90 percent thought their information was secure simply because they used passwords -- hopefully, they are more savvy in court -- about one-third used encryption. Four percent used no protection at all. The preferred device for storing data is the BlackBerry, followed by laptops, USB/memory sticks, smartphones, MP3/tablets or a combination of all of these.


New data protection laws will take effect in the Bay State on Jan. 1. The new Massachusetts Data Protection regulations require encryption of personal information on laptops and other portable devices. Beth Israel Deasoness Medical Center chose McAfee Endpoint Encryption (formerly SafeBoot, says BIDMC CIO John Halamka), largely because it extracts no noticeable price in terms of performance. This piece discusses how BIDMC chose and plans to implement the product. A key challenge, he writes, is that there currently is no version for Apple products, though he says McAfee is working on one.


There is no lack of devices available. Last week, for instance, Alcatel-Lucent and McAfee combined the OmniAccess 3500 Nonstop Laptop Guardian with McAfee's Endpoint Encryption software. The joined products, the companies say, offer software updates, location tracking, security and control data to laptops even when they are off. The McAfee products encrypt and provide access control to prevent unauthorized access, the release says.


Universities are known to be relatively open environments, and the protection of mobile devices can be trickier than in some other instances. This release says that the University of Louisville is using gear from GuardianEdge to protect mobile devices. GuardianEdge was chosen, the release says, because of the wide variety of devices that it can protect. The university will use hard disk and smartphone encryption and a method of transferring encrypted data between machines using removable storage devices.


Not all organizations are crazy enough to not adequately protect mobile devices, of course. Those that are should get the required counseling and begin deploying solutions.