Dumb Users, Regulators Are Part of the Problem

By Wayne Rash  |  Posted 2012-07-30 Print this article Print

In addition to the legions of bad guys who are trying to steal your corporate data, mobile security managers are saddled with an even bigger problem: dumb users. Despite everything you may try to accomplish by managing data loss exposure, by limiting the apps users can use while connected to the corporate network and by controlling what they download and upload, you€™re still at the mercy of the employee who loads corporate data on to their mobile device and then takes it home. While you can limit this to some extent through training and through security awareness, there are some things that you can do nothing about.

In some places, regulators limit what security managers can do or what devices can be sold in their countries. Jose Otero, president of the Uruguay-based Signals Telecom Consulting said that stupid users are only part of the problem. €œWe have stupid regulators, as well, who don't understand security, malware, or BYOD [bring your own device].€

Adding to the problem are mobile device manufacturers, such as Apple, that prevent full management of their devices. Apple iPhones and iPads always allow the user to have control over their devices, and iOS doesn€™t provide the full management capability that some other mobile devices allow.

So what can you do? Knesek said that, at BT, the executives solve the problem of security by carrying two devices€”one that€™s owned and controlled by the company, and the other that€™s personal. This means that all company data is on the company-owned device, and the personal device is used only for personal data. She pointed out that this has one distinct advantage: The executive can turn off the company device and not be bothered by work.

Another answer, obviously, is to use a device that€™s secure in the first place. It€™s probably significant that when I polled my panel while we discussed our presentations over coffee and bagels at the Loews Hotel in the South Beach area of Miami, I found that four of the five panelists used BlackBerry devices. One used an iPhone. None of the security experts depended on an Android device for communications. The iPhone user (we won€™t say who it was) expressed embarrassment.

But in reality, choosing the right platform is only part of the problem. The bigger problem is using the device appropriately, and that€™s where the zero-sum game comes in.

Editor's Note: This story was updated to correct the spelling of Jill Knesek€™s name.

Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel