Modern Middle Manager
Primarily my musings on the practical application of technology and management principles at a financial services company.
Mobile Data Security

Saturday, December 03, 2005  

If you do any business in California, surely you have heard of SB 1386. While I appreciate the warning provided to me as a consumer in this age of identity theft, I have to admit that it really throws one more damnable monkey wrench into doing business as a small company (or in our case, small division). For years IT has been assailed for not adding to the bottom line of the business. With the onslaught of more laws, whether SOX or GLBA or SB 1386 or whatever well-intentioned piece of legislation gets through the state or federal legislature (or hell, even created by the courts), a relatively small IT department like ours gets the Hobson's Choice of either derailing existing initiatives to comply with the law or covering its behind by letting management classify the regulation as a small business risk. In this case, we're choosing option #1 because we know how careful our salespeople and front-office personnel are with laptops and handhelds. That thought keeps me up at night. Check out the timestamp if you think I'm lying!

There are some vendors I've found in this space: Control Break's Safeboot, PointSec, PGP Corporation, Utimaco's Safeguard and TrustDigital. I'm sure there are others, but at least I've seen some reviews on these folks.

What are the points of pain? Let's count the easy ways to for employees and vendors to lose data:

1. Laptops.
2. Handhelds.
3. Removable media (e.g., CDROM and USB keys).
4. Tape backups (really a special case of #3).
5. Failed hard drives.

This list doesn't even touch on third-party network access, although we restrict that pretty tightly. Failed hard drives we physically destroy before tossing. The rest are out of our control. Password protection is insufficient as to keep from reporting under SB 1386; only encryption provides safe harbor.

I sent the memo to senior management. I am awaiting their response.

posted by Henry Jenkins | 12/03/2005 12:57:00 AM

Comments: Post a Comment
the author
open source