Computerworld
Home News Blogs In Depth ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Newsletter Sign-Up

Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Security Manager's Journal: Security Crashes Into Productivity

Our manager didn't tell users that they could have laptops, but she's the one who has to tell them that they can't.

By C.J. Kelly
August 27, 2007 12:00 PM ET
Comments
(9)
Recommended
(173)
Digg
Share/Email

Computerworld -

Trouble Ticket

At issue: A department is letting some staffers use wireless laptops.

Action plan: Pull them back, explain why, and get on the stick to address security concerns.

Security can sometimes come crashing up against productivity, and when it does, security must prevail. Thats because my state agency is a maintainer of records covered by HIPAA rules. One blunder, and were front-page news. Not on my watch, thanks.

Given the consequences of jeopardizing client data, I think my obsession with security is good for the agency. But for our users, it can seem as if were living in the Dark Ages. Many technologies that are commonplace in the corporate world and even in other government agencies havent won my approval yet, and they wont until I am thoroughly convinced that they wont undermine our security efforts.

Still, things can slip through, since determined users dont always go through proper channels. When that happens, I have the unenviable job of rolling back the technological timeline for the wayward users. They thought it was the 21st century  ha! Get back to the Dark Ages with the rest of us.

So it was that I had to tell our agencys program manager that the four productivity-enhancing laptops with Wi-Fi that his group was using were leaving us vulnerable to a serious breach. Sorry, but the Wi-Fi capability is going to have to be disabled, the laptops configured with our standard image and the hard drives encrypted. Users can check out a laptop when needed. Otherwise, the laptops stay put, connected directly to the network so they can be patched and updated. No working at home for them.

Naturally, this put a kink in his plan. What good are laptops if we cant go wireless, work on the road and work at home? he asked. He had transferred from another agency, where he had carried a laptop. I explained that we have different security constraints and since we dont yet have a foolproof way of securing mobile devices, we dont want to put our data at risk.

We allowed laptops until last year, when one news story after another told about laptops that had gone missing. They often held data such as patients names and Social Security numbers. The case of the missing Veterans Administration laptop alone was enough to curl your hair if youre in charge of securing similar information.

The Lucky Few

Now, only systems administrators and a few chiefs trained in laptop security have laptops. Even then, they cant synchronize their My Documents folders from the network drive to the laptop. Protected data remains within the protected network.

I am one of those people with a laptop, and I take it everywhere. But I am extremely cautious. I never use Wi-Fi. Instead, I have a broadband wireless card, which eliminates the risk of a hacker sniffing my wireless traffic or hijacking my wireless session. My laptop has host-based intrusion prevention and a firewall, and it is set up for automatic patches and updates.

When I travel, my eyes never leave my laptop. At airports, I have a set order for putting my belongings on the conveyer belt so that when my laptop emerges, I am already at the other end to retrieve it. Even my purse is a lower priority. I use a small laptop case that slides under the seat ­ no overhead compartments. I try not to leave it in a hotel room, but if I must, I hang out a Do Not Disturb sign and put the laptop in the room safe. I refuse housekeeping services. Someone from the hotel could still enter my room, but I eliminate as much risk as possible.

Would our employees have this same level of  I guess you would have to call it  obsessive caution? Those news headlines give me my answer.

Luckily, the program manager didnt let his disappointment blind him to the sincerity of my goals. I assured him that overcoming these security concerns is on our agenda.

This weeks journal is written by a real security manager, C.J. Kelly, whose name and employer have been disguised for obvious reasons. Contact her at mscjkelly@yahoo.com.



Comment Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints
Jump to comments

HIPAA

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

9 comments | Add new
See all comments (9) | Add new

White Papers & Webcasts

Share our Strength
Download Now  

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

Top 10 Things to Know about Data Protection
Download Now  

Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!

Top 10 Actions a CIO Can Take to Prepare for a Hurricane
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Ponemon Study: The Business Risk of a Lost Laptop
Download Now  

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Airport Insecurity: The Case of Lost Laptops
Download Now  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.