Stolen laptops are only the beginning

Identity management offers enterprises the ability to operate mobile devices safely and securely while protecting personal information and corporate resources.

by Sara Gates

As mobile devices get smaller, and increasingly relevant to business operations, enterprise security hangs in the balance.

But the real problem isn't just the risk of lost or stolen identity data resulting from stolen or misplaced laptops. Today, enterprises face a much greater risk from much smaller devices -- BlackBerrys, Treos and Wi-Fi-enabled cell phones. These devices are a staple tool for business and are frequently enabled to access the corporate intranet. As digital work assistants get smaller and more powerful, they're also becoming more frequently misplaced, lost and stolen. And a security breach caused by data lost on a smartphone can be just as damaging as the loss of a laptop.

Companies can't afford to keep workforces stationary, however. Some important questions have to be answered -- and solutions put in place -- so that companies don't lose critical time to market and the ability to compete on a global scale.

Mobility and security -- is it possible to have both?
The advent of "smart" mobile devices is both a blessing and a curse for business productivity. Mobile computing is popular with employees because it extends the workplace from the cubicle to just about anywhere. And it's popular with enterprise decision makers because it dramatically reduces operating costs and can replace paper-based tasks with electronic ones. Text messaging and instant messaging via mobile devices reduce telecommunications costs as well.

At this point, asking employees to leave their BlackBerrys and Treos at home is not realistic (or desirable -- we would grind to a halt). But a BlackBerry is much easier to steal or misplace than a laptop or hard drive. And in a time when even watches and pens come equipped with USB storage devices, connectivity is easy to find both in and out of the office -- for valued employees or for thieves accessing information via a stolen device.

Security begins at the network level
So how do companies embrace and leverage the benefits of mobile devices and protect valuable data? Enter identity management. Although it's critical to encrypt data and use password protection at the device level, the real security has to start at the network level.

Identity management offers the ability to operate these devices safely and securely and to protect personal information and corporate resources while giving employees more access to resources. Using identity management, IT managers can correctly and instantly provision and authenticate usernames and passwords as employees access the internal portal, and de-provision that access just as easily. Identity management is the core enabler for enterprises to deliver the right resources to the right people at the right time in the right context -- throughout the network.

Open (but secure) network access
Creating a successful, productive business environment with the appropriate amount of risk is of the utmost concern -- and the mobility "era" both enhances and complicates this goal. Being able to share information quickly and efficiently is central to a company's ability to stay ahead of the competition. With identity management technology, network access is controlled, not closed off, and the network is monitored, not locked down. Companies may never be able to stop the "physical" theft of devices, but they can prevent virtual data theft by halting access to unauthorized users at the network level.

In short, enterprise data security is more critical than ever before, no matter what device is used to access the network. By keeping the network safe, a company also safeguards its users -- and, more important, its critical business and customer data. Identity management is the key to that safety -- and to the ultimate success of the enterprise.

About the author: Sara Gates is vice president of identity management at Sun Microsystems and has overall responsibility for driving the Sun identity management vision, strategy and product line. She joined Sun Microsystems in December 2003 through the acquisition of Waveset Technologies, bringing over 15 years of industry experience. Gates holds a BBA from the University of Texas at Austin and an MBA from Vanderbilt University, where she is currently President of the Board of Directors.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.