Securing information in a mobile world

Whether it's an employee making a tree change or a sea change, an executive who spends the majority of their time on the road, or simply a staff member who wants to stay connected outside of work hours, remote and mobile workers are now firmly entrenched in Australian businesses.

Within Australia, we have seen an explosion in the popularity of endpoint devices - such as mobile phones, PDAs and laptop computers - to meet the demand of this changing workforce. We have also witnessed a rising trend of employees choosing to use personal devices on the corporate network rather than company-issued devices, and an increasing adoption of DVDs and USB storage devices in the workplace.

Social networking is also being embraced by organisations both internally and externally, and in many cases it is now the norm to allow employees to access popular social networks and use wikis to improve information-sharing between teams and enhance productivity. However, with the rise of web-based attacks, protecting these interactions has become critical. According to Symantec's latest Internet Security Threat Report, web-based attacks are now the primary attack method and 63 per cent of vulnerabilities reported in 2008 affected web applications.  

The bottom line is that we now live in a world where information can be accessed virtually anywhere, anytime, and from any device. And while businesses are embracing these changes, many are struggling to adequately protect their information, which is now is as mobile as their workforce. The result is that businesses are changing the way they secure their information. Rather than security revolving solely around a company's infrastructure or devices, it now should revolve around an organisation's most important asset: their information.

Managing Risk in a Mobile World
So how can organisations reap the productivity and business advantages that come hand-in-hand with these recent trends without exposing themselves to an additional set of IT security risks? The answer lies in protecting the information as well as the device it resides on through the implementation of security technologies, development of policies and processes, and education for all employees and visitors to the network.

One of the most important ways a company can protect their information is by managing access to confidential information. This in turn minimises the number of mobile devices this information can be accessed from and consequently reduces the chance of a breach. In addition, by installing the right data loss prevention technologies, the processes supporting these policies can be automated and provide a range of options to quickly respond to policy violations.

For example, a business might decide to establish a policy stating employees cannot put customer credit card data on a USB key. To support this policy, it installs a data loss prevention solution that recognises this information and when it is copied. One day this technology registers that an employee has downloaded a spreadsheet containing credit card numbers onto a USB device and issues an alert that triggers a series of processes. The business is then in a position to warn the employee, lock down the computer's USB drive, isolate the computer from the network, or take other appropriate actions.

These policies and technologies can also provide a business with options if the information, regardless of the medium, is lost or stolen. This includes barring network access from the device, disabling any active passwords, and quickly identifying any sensitive information that may reside on it.