“In terms of security, there are three things to consider,” she says. “Nowadays, it is good practice to ensure that any business notebook comes with a biometric fingerprint reader on board, as well as disk encryption. The second element is being provided from an original equipment manufacturer perspective. When Intel or AMD design a new processing platform, security is one of the key features they focus on. Basically, you get additional pieces of software that work together with the processing platform to enable higher data security and higher data integrity, though how much this can achieve is debatable.
“The third element is putting really secure software, such as McAfee, Symantec and Check Point ZoneAlarm, on top of the operating system to offer all-around protection,” explains Morvay.
“The principal shaper of future security policies will be governance regulations,” she adds. The onus is on companies to prove they are taking all possible measures to protect sensitive information – and that requires a massive amount of work to increase the awareness of employees to best practices. The size of this task may change the face of future infrastructures, especially on the client side.
Morvay explains: “There are several client solutions emerging at the moment that have no hard drives or USB ports. These thin clients are basically access devices. When you type in your username and password, the remote server allocates processing power and the applications you are going to be using.”
Morvay points out that the availability of mobile thin clients, which look like conventional laptops and cost between £300-£400, makes the proposition even more attractive. In vertical markets such as financial services, retail and healthcare, where data security is crucial, the lack of data storage on the device greatly simplifies the security structure.
A mobile thin client without server access is a fairly useless device, which is both a blessing and a curse. The good point is that security training is simplified to protecting the login process and not leaving the equipment turned on and unattended. The downside is that some form of network has to be available in order for the device to be useful.
The mobile thin client may not be to everybody’s taste, but a thin-client phone or PDA may be the way ahead to ensure that data is not stored locally and, therefore, cannot easily be compromised.
What to do when mobile data goes missing
1. A security policy should ensure that any missing item containing data is reported immediately to the helpdesk. There is sometimes a tendency to hold back in case the item shows up.
2. All relevant helpdesk reports should be immediately referred to the CIO, chief security officer, or an appointed authority. Where possible, the report should contain details of where, when and how the loss occurred, and the contents of the device.
3. Perform an immediate risk assessment and take any -necessary actions to mitigate impact on the business. Close down any -exposure points on the network, report the loss to the police and, if applicable, instigate an immediate search.
4. Collect and collate information on all missing items to see if any patterns emerge, including specific departments, locations, or time of year. Questions should be asked to determine factors such as whether the incidents are the result of carelessness, or if particular models are more attractive to thieves.
5. Review the security policies constantly to see if awareness can be improved. Should a reminder be issued? Is a specific -training course necessary? Could increasing the penalties for certain breaches improve security?