YOU ARE AT:Archived ArticlesEnterprise security: it's all about the executive suite

Enterprise security: it’s all about the executive suite

Within the mobile industry, security vendors’ warnings are gaining traction as headlines blare the latest loss of corporate or government data-a sure way to destroy an organization’s credibility, not to mention the violation of federal mandates on data privacy and security.
Getting drubbed in headlines by self-interested industry players can be effective, if occasionally tiresome. Fresh air is always welcome.
The latest breeze comes from outside the industry in the form of a study from the Business Performance Management Forum, a Los Angeles-based organization that represents 1,500 global enterprises. “Company on the Fly”-the title of the BPM Forum report-captures the current situation, according to Adriano Gonzalez, vice president of strategy and programming at the BPM Forum.
Essentially, the speed of mobile uptake is outpacing the ability-and the will-to manage its risks.
IDC has estimated 850 million workers worldwide are mobile, Gonzalez said. And a new report from AberdeenGroup suggests that 80 percent of corporations plan on purchasing PDAs with wireless access, 60 percent will buy wide-area wireless data cards and more than 50 percent plan to purchase mobile phones for sales, marketing and customer service departments.
While technical security solutions are available, the most critical element missing in nearly half of all enterprises is the involvement of senior executives in establishing policies and compliance practices, Gonzalez said.
“We see the horror stories in the press,” Gonzalez said. “And I.T. managers are raising the flag. They’re waiting for a mandate to come from the top.”
The BPM Forum’s study found that half of executives surveyed reported more than 25 percent of mobile devices in their business carry mission-critical applications and information. Nearly half of the executives surveyed said that they have no policies to manage the tracking and backup of mobile data for regulatory compliance. Moreover, almost two-thirds of respondents are moderately or severely concerned about security breaches to mobile enterprise devices. Against this backdrop, and consistent with the AberdeenGroup findings, more than three-quarters of enterprises surveyed said they plan to increase their use of mobile devices.
“There’s a serious disconnect between I.T. executives who recognize the compliance and security risks associated with mobile devices and C-level executives who see the benefits but not the compliance and security risks,” Gonzalez said. “The most prevalent response was that senior management is more interested in other (regulatory) compliance priorities. And they have not budgeted for compliance efforts, which implies a lack of attention by senior management. This makes many organizations highly vulnerable to compliance violations, not to mention security threats that could expose customer data and impact the enterprise’s performance.”
Gonzalez said that enterprises typically have “silos” for compliance or I.T., but that the use of mobile devices calls for an enterprise-wide set of policies and compliance measures led by top executives.
“A cultural transformation is necessary to adopt these devices in a manner that’s secure and compliant,” Gonzalez said.
Enterprise needs to understand who uses mobile devices and why, and perform a risk assessment to define financial and brand impacts that could be caused by potential losses, then develop a corporate governance policy for complying with federal laws requiring data security and archiving. Ideally, these policies would be integrated with the technical side of enterprise network management. Only then should enterprises focus on specific, technical security solutions currently offered on the market. (Full disclosure: The BMP Forum’s study was underwritten by InfoExpress, Nokia Corp. and Sybase, Inc. which offer such solutions. “We are not pushing products,” Gonzalez said.)
The proverbial big picture is not unfamiliar to business management types.
“Technology has always posed a conundrum,” Gonzalez said. “As we discover fabulous new technology, we rapidly learn how best to use it. But then we discover, in a reactive manner, the side effects and vulnerabilities. So the corporate inertia we’re seeing with regard to mobile device use is a natural phenomenon that has been taking place since the invention of the wheel.”

ABOUT AUTHOR