Modern Middle Manager
Primarily my musings on the practical application of technology and management principles at a financial services company.
Mobile Data Security

Saturday, December 03, 2005  

If you do any business in California, surely you have heard of SB 1386. While I appreciate the warning provided to me as a consumer in this age of identity theft, I have to admit that it really throws one more damnable monkey wrench into doing business as a small company (or in our case, small division). For years IT has been assailed for not adding to the bottom line of the business. With the onslaught of more laws, whether SOX or GLBA or SB 1386 or whatever well-intentioned piece of legislation gets through the state or federal legislature (or hell, even created by the courts), a relatively small IT department like ours gets the Hobson's Choice of either derailing existing initiatives to comply with the law or covering its behind by letting management classify the regulation as a small business risk. In this case, we're choosing option #1 because we know how careful our salespeople and front-office personnel are with laptops and handhelds. That thought keeps me up at night. Check out the timestamp if you think I'm lying!

There are some vendors I've found in this space: Control Break's Safeboot, PointSec, PGP Corporation, Utimaco's Safeguard and TrustDigital. I'm sure there are others, but at least I've seen some reviews on these folks.

What are the points of pain? Let's count the easy ways to for employees and vendors to lose data:

1. Laptops.
2. Handhelds.
3. Removable media (e.g., CDROM and USB keys).
4. Tape backups (really a special case of #3).
5. Failed hard drives.

This list doesn't even touch on third-party network access, although we restrict that pretty tightly. Failed hard drives we physically destroy before tossing. The rest are out of our control. Password protection is insufficient as to keep from reporting under SB 1386; only encryption provides safe harbor.

I sent the memo to senior management. I am awaiting their response.

posted by Henry Jenkins | 12/03/2005 12:57:00 AM
Comments: Post a Comment
search
Google

Search blog
Search WWW
the author
Send your comments to henry.jenkins{at}yahoo.com
RSS feed here.
archives
links
Media Links
InfoWorld
CIO Online
CIO Insight
SlashDot


Blog Links
John's Jottings
Windley's Enterprise Computing
Doc Searls
Robert Scoble
Joel on Software
Jeremy Zawodny
Not a PHB
Virtualization Info
open source
LinuxWorld
Linux Magazine
The Open Enterprise
SourceForge
vendors
VMWare
Microsoft
Softricity
PlateSpin
Citrix
Captaris
Veritas
Symantec

Debian
Red Hat
Perl
Python
The Mono Project

Network Appliance
Dell Computers
Cisco Systems
stats

Get a GoStats hit counter
reading