Securing Moving Targets

Newton’s first law of motion states that a moving body will want to keep moving.  The same law also seems to apply to business data, and the problem is trying to stop that mobile data moving further than you want it to.

It’s an issue that has caught out a number of very high-profile organisations, from the Nationwide Building Society to MI5. 

Both have suffered embarrassing losses of laptops, with the potential for damaging data leaks.

What’s more, the problem is growing.  In the 2006 FBI security survey in America, theft of laptops and mobile devices was second only to viruses as the most common type of attack detected over the previous year.  Nearly 50% of respondents had suffered, with an average loss over $30,000 USD.

So how should mobile data security be addressed?  Broadly, this means looking at three key issues.  

The first issue is hard disk encryption of laptops, and smart devices such as PDAs, mobile phones and USB devices. 

The second is auditing and controlling data transfer and access to removable media, for example USB keys or iPods. 

The final issue is control of the security policy running on the user’s endpoint device – irrespective of type of device.  Let’s now look at each of these separately.