Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Security Manager's Journal: Security Crashes Into Productivity

Our manager didn't tell users that they could have laptops, but she's the one who has to tell them that they can't.

August 27, 2007 12:00 PM ET

Computerworld -

Trouble Ticket

At issue: A department is letting some staffers use wireless laptops.

Action plan: Pull them back, explain why, and get on the stick to address security concerns.

Security can sometimes come crashing up against productivity, and when it does, security must prevail. Thats because my state agency is a maintainer of records covered by HIPAA rules. One blunder, and were front-page news. Not on my watch, thanks.

Given the consequences of jeopardizing client data, I think my obsession with security is good for the agency. But for our users, it can seem as if were living in the Dark Ages. Many technologies that are commonplace in the corporate world and even in other government agencies havent won my approval yet, and they wont until I am thoroughly convinced that they wont undermine our security efforts.

Still, things can slip through, since determined users dont always go through proper channels. When that happens, I have the unenviable job of rolling back the technological timeline for the wayward users. They thought it was the 21st century  ha! Get back to the Dark Ages with the rest of us.

So it was that I had to tell our agencys program manager that the four productivity-enhancing laptops with Wi-Fi that his group was using were leaving us vulnerable to a serious breach. Sorry, but the Wi-Fi capability is going to have to be disabled, the laptops configured with our standard image and the hard drives encrypted. Users can check out a laptop when needed. Otherwise, the laptops stay put, connected directly to the network so they can be patched and updated. No working at home for them.

Naturally, this put a kink in his plan. What good are laptops if we cant go wireless, work on the road and work at home? he asked. He had transferred from another agency, where he had carried a laptop. I explained that we have different security constraints and since we dont yet have a foolproof way of securing mobile devices, we dont want to put our data at risk.

We allowed laptops until last year, when one news story after another told about laptops that had gone missing. They often held data such as patients names and Social Security numbers. The case of the missing Veterans Administration laptop alone was enough to curl your hair if youre in charge of securing similar information.

The Lucky Few

Now, only systems administrators and a few chiefs trained in laptop security have laptops. Even then, they cant synchronize their My Documents folders from the network drive to the laptop. Protected data remains within the protected network.

I am one of those people with a laptop, and I take it everywhere. But I am extremely cautious. I never use Wi-Fi. Instead, I have a broadband wireless card, which eliminates the risk of a hacker sniffing my wireless traffic or hijacking my wireless session. My laptop has host-based intrusion prevention and a firewall, and it is set up for automatic patches and updates.

When I travel, my eyes never leave my laptop. At airports, I have a set order for putting my belongings on the conveyer belt so that when my laptop emerges, I am already at the other end to retrieve it. Even my purse is a lower priority. I use a small laptop case that slides under the seat ­ no overhead compartments. I try not to leave it in a hotel room, but if I must, I hang out a Do Not Disturb sign and put the laptop in the room safe. I refuse housekeeping services. Someone from the hotel could still enter my room, but I eliminate as much risk as possible.

Would our employees have this same level of  I guess you would have to call it  obsessive caution? Those news headlines give me my answer.

Luckily, the program manager didnt let his disappointment blind him to the sincerity of my goals. I assured him that overcoming these security concerns is on our agenda.

This weeks journal is written by a real security manager, C.J. Kelly, whose name and employer have been disguised for obvious reasons. Contact her at mscjkelly@yahoo.com.

Read more about security in Computerworld's Security Knowledge Center.



Jump to comments

HIPAA

Additional Resources

Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs