Perimeter spread causing undue paranoia at the edge

Losing a laptop or handheld wireless device packed with sensitive corporate data is typically a serious breach of privacy. An employee at Toronto-based Hummingbird Ltd., for example, recently lost “a piece of computer equipment” containing names and social security numbers belonging to an estimated 1.3 million clients of a student loan firm.

Organizations can set up a number of safeguards to mitigate the risks associated with the loss of private customer information and other confidential corporate data.

The first step is to get a better grip on the network, says Steve Rampado, senior manager of enterprise risk services for Deloitte and Touche LLP. Once a company knows what devices are tapping into its data, appropriate policies must be implemented and adhered to, followed by effective security measures like passwords and encryption.

Rampado says most organizations need to begin by assessing the problem, by sizing up the risk, because they don’t even have a handle on what devices are connecting to their networks. “Quite often an employee will buy the PDA or phone they want and they’ll be connecting to corporate network.”

Handheld mobiles are becoming more like laptops and the network perimeter keeps expanding outward, says Rampado, with increasing numbers and varieties of wireless devices. Smart phones and PDAs, with storage of up to 20GB, are becoming full-fledged operating systems capable of supporting applications that run on a desktop.

“If you’re going to allow these devices to connect, you’ve got to have the appropriate infrastructure in place so they’re going through the right authentication mechanisms to gain access to the corporate network,” he says.

Part of assessing the risk is understanding what data is accessible, and how. Rampado says a lot of companies have no idea what other devices their employees are synchronizing to their handhelds. An individual may be synching their handheld device to their laptop, which may contain confidential information.

“The corporation has no control over what is being synchronized and how that information is being synchronized.”

Integral to developing a strategy is defining policies and standards for employees that dictate what’s acceptable, adds Rampado. Setting a proper governance structure helps to ensure the information doesn’t get into the wrong hands, at least internally.

Companies might allow network access to only certain devices; employees may be allowed only to synchronize their contacts; only these people at this level can synchronize their e-mail; and perhaps no one may be allowed to copy any sensitive files to these remote devices.

Another important and often overlooked strategy would be to train employees to become more conscious about security and raise their awareness of any corporate policies in

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now