Gallery

Stand-up security

Posted on 18 Jan 2005 at 15:20

Mark Needham gets an earbashing over data security and experiences the joys of 3G phones

A good stand-up comedian always insults at least part of his audience, and Martin Smith, principal of The Security Company - the keynote speaker at a conference I went to a month or so back - clearly works on the same principle. He certainly woke up his audience. His speciality is data security within organisations. In front of an audience made up mainly of IT managers who had probably spent money on a security product, he laid into what he described as 'the technical solutions that have been pushed to solve what is essentially a people problem'.

'We must stop developing increasingly technical solutions for increasingly obscure problems at the expense of the blindingly obvious,' he continued. 'Systems malfunction and human error or ignorance will cost you far more than viruses, cybercrime, phishing or Denial-of-Service attacks.' I laughed along with the other attendees at some of his anecdotes, such as the time he was appointed security chief for a Luxembourg bank, and on his first trip back to the UK he sat in the row behind a senior executive from the bank who proceeded to display a series of top-secret figures on the screen of his laptop. Of course, when I got back to the office, I promptly forgot everything Smith had said, as everyone else present doubtless did as well, until his words came back to me when reading press information from a US company called Trust Digital:

'Gartner predicts that by 2005 more than 60 per cent of Global 2000 workers will have mobile access to corporate applications and 40 per cent of corporate data will reside on handheld devices,' said Trust Digital, fairly straightforwardly. 'This migration of corporate information to mobile handheld devices creates new and evolving security risks and regulatory liabilities for enterprises world-wide,' it continued, leading to the tendentious conclusion: 'You cannot afford to wait to extend enterprise security policies to the mobile edge of your network. Your security risk, regulatory and privacy concerns, and IT costs will continue to rise without intervention.'

Naturally, Trust Digital is flogging some kind of Wi-Fi encryption product, which will keep your organisation safe from bad people using Pringles tins and laptops to pick up top-secret data.

But the real threat to data on your laptops and handheld computers is that people lose them, or use them on planes or trains in full view of other commuters. Most PDAs already come with some kind of password system, which few people use as they reduce the speed at which you can look up information - which is the key benefit of the product. A year or so ago the iPAQ h5450 and h5550 came with fingerprint recognition. I have never seen anyone using this feature in real life.

The sad fact is that it is very difficult to change people's behaviour within an organisation (or anywhere else for that matter). Buying a new security product and installing it can be a good excuse for empire building, a boondoggle, or just good old-fashioned fun with a new and expensive toy. And anyone who opposes such expenditures can easily be made to look foolhardy - or, in the US, unpatriotic. If there are any PC Pro readers out there who would like to spill the beans about expensive-but-useless security projects they have been involved with, please email me at feedback@widget.co.uk.

When is a Blackberry not a Blackberry?
The success of the BlackBerry device has encouraged several mobile phone manufacturers to bundle BlackBerry's software with their products. This month sees the launch of the new Siemens SK65, for example, which boasts BlackBerry built-in technology.