Mobile Computing and Security

Wednesday, June 19, 2013

You are here : »

1739 Landon Avenue

Jacksonville, FL 32207

(904) 573-8678

Security Policies and Enforcement

As mobile devices become more and more prevalent in the workplace, research shows that policies and enforcement are not keeping up with the increased risk of a data breach.

One issue is the question of whether or not corporate policies are hindering productivity. There may be, for example, a legitimate reason for someone to copy data to a USB stick and transfer it to a computer outside the enterprise.

According to a recent survey report, 58 percent of the respondents said they felt their companies did not provide adequate training on following the rules, while 46 percent said the policies were too complex to understand.

Employees are under tremendous pressure to be highly mobile and productive, but they aren't being properly educated on the risks to data integrity; they are taking data outside of the organizational structure without complete understanding or awareness of the serious implications of a breach or misuse of sensitive information.

Up to Date Software and Security

Mobile Computing and Security

Business owners must ensure the security and availability of company applications and data. Delivering on this mandate can be difficult enough on closely managed, company-owned machines

However, with increasing frequency, the additional wrinkle exists of supporting PCs over which ultimate control lies outside of the company. A growing number of employees are looking to use their own personal PCs and laptops in their jobs as well.

Two key factors playing into this loss of control are trends toward consumerism and mobilization in computing. The range of computing product options marketed to individual users has expanded, and the ease with which these systems can move between home and work has increased. As a result, businesses are faced with supporting or tolerating systems their users have brought in from home.

Some companies actively pursue employee-owned notebook schemes as a means of boosting productivity and reducing support costs among workers who own computers, laptops or netbooks.

Companies always have the option of banning the use of company data or applications on systems brought from home (with the inevitable exception of users with enough clout to bend the rules), but there are plenty of situations in which the line between authorized and forbidden systems can't be so clear.

For instance, companies work in many cases with contractors or partners who own their own machines, or telecommuting workers who live outside the range of the business office.

It makes sense to develop a set of strategies for ensuring sufficient levels of data security and application accessibility for user systems that fall outside of the office environment.

It's not an easy problem to tackle, most importantly because the administrative rights over a user-controlled desktop or notebook scheme are such that users have the right to install (purposely or unknowingly) arbitrary software on their machines, some of which could be malicious or harmful in purpose or practice.

Since trying to enforce good policy on machines that lie outside the control of the business is such a tricky proposition, a simpler way to install controls involves situating a tightly controlled hosted desktop environment within the employee's machine.

ManaSyst’s remote Desktop Host is the best solution to the problem of working with user-controlled desktop and notebook systems. The approach involves carving out an isolated and closely managed environment within an otherwise unmanaged system.

The Weakest Link

Apparently some rules are meant to be broken - including IT security policies, according to a new study.
In a recent survey report, roughly half of the 967 end users surveyed said their corporate data security policies are largely ignored by both employees and management. The policy violations ranged from the misuse of USB sticks to personal use of e-mail to turning off the firewall.

In an age of data breaches and insider threats, 61 percent admitted to copying confidential data onto USB sticks and transferring the information to a noncorporate device. Most admitted their companies either did not allow this or had no policy in place to deal with it.

What's more, 47 percent admitted to having shared their passwords with co-workers or third-party contractors in the past.

The bad news doesn't stop there. More than 20 percent of the respondents admitted to having turned off security such as anti-virus software, desktop firewalls and encryption on enterprise devices, up from 17 percent when this study was performed two years ago.