For Andrew S. Braunstein, mobile data security is top priority.
As chief technology officer of HealthWyse—a Wilmington,
Mass.-based firm that provides software and data services to the
home care, hospice, and private duty markets—Braunstein is on top
of the strict laws governing patient medical records, forcing firms
like HealthWyse and its clients to exceed the security standards
most companies set on employee mobile devices.
 | | | | | The answer that commonly surfaced
was that they were not allocated enough in the budget to address
the issue.
Adriano Gonzalez,
vice president of strategy and programmingBPM
Forum |
| | | | | |
| |
|
But some companies are falling behind, according to a new study
conducted by the Palo Alto, Calif.-based Business Performance
Management Forum. In some enterprises, other compliance related
priorities are overshadowing the need to regulate
mobile device use in the workplace.
The BPM Forum interviewed a select group of executives and
surveyed nearly 700 others finding that as many as 40% of these
firms failed to
regulate the use of mobile devices. While
important information may exist on some mobile devices,
companies are not taking this security issue seriously, said
Adriano Gonzalez, vice president of strategy and programming for
the BPM Forum.
"Many organisations are asleep at the wheel," Gonzalez said.
"The answer that commonly surfaced was that they were not
allocating enough in the budget to address the issue."
About half of those surveyed estimated that a minimum of 25% of
mobile devices carry mission critical information. In addition, 27%
of the respondents said that most of the mobile devices in their
companies currently transmit proprietary enterprise data.
Businesses must track and archive billions of messages to comply
with the Sarbanes Oxley Act, a set of federal regulations that
protect against accounting errors and fraudulent procedures in the
workplace.
Still, companies are not fully addressing data mobile device
data transmission, according to the BPM Forum. The survey found
that 21% of respondents said other compliance issues are taking a
higher priority; and 12% said budget constraints have prevented
them from taking action.
"Management is still largely concentrating on establishing
legacy compliance," Gonzalez said. "They've forgotten about the
major exposure related to mobile devices."
Braunstein, whose firm specialises in software for personal
digital assistants (PDAs) in the healthcare industry, said he has
seen firms act passively, relying instead on employee know-how.
Other companies take an
aggressive approach, making mobile devices
almost useless. The challenge is to find a happy medium, he
said.
"Large companies with sophisticated IT departments apply
policies internally, but smaller firms have people who probably
don't understand what they're doing with company data on their
mobile devices," Braunstein said.
With more employees
introducing consumer devices, such as PDAs,
BlackBerrys and even iPods in the workplace, IT managers are
trying to get upper level management to set strict policies
about their use, Gonzalez said.
IT managers are not agreeing with management on the amount of
time and money spent to address mobile data security, according to
the survey. While 50% of compliance, finance and legal executives
say that mobile compliance has a strong level of influence in the
overall IT and network strategy, only 35% of IT officers feel the
same way, Gonzalez said.
Despite the tools and encryption software available to protect
sensitive data, respondents said it would likely take a major
breach for management to act. The challenge is to get firms to
begin by putting guidelines in place to educate employees, Gonzalez
said.
"There are a number of companies that have not addressed the
issue appropriately, but as organisations adopt more appropriate
governance frameworks, those companies will follow," Gonzalez
said.