Mobile "Rubik's Cube"
It's interesting, not long ago there were a lot of discussions around general mobile device security. Now it seems to be making a shift to verticals as more and more records become electronic and organizations in those vertical industries are adopting mobile devices- particularly the healthcare sector: According to American Medical News in the February 22 edition of their newspaper, one-third of health professionals store patient data on laptops, smartphones and USB memory sticks and only 39% of health care organizations encrypt data on mobile devices. Mobile email represents yet another security headache for administrators with encrypted attachments crossing the firewall, making inspection difficult or impossible. Once the data is on the mobile device it can be easily compromised through loss or theft. Since mobile email devices are being adopted by almost every healthcare organization, the lost data is likely to be very sensitive, raising major questions of compliance and protection of intellectual property. The simplest security approach is password protection on the device. This is fine, but it should be realized that if the data files are not stored in an encrypted form, then it is possible to physically target the flash memory. Even where encryption is built in, this does not overcome the problems of password management. At the end of the day, there are a lot of complexities surrounding data in mobile environments as this HIPPA Compliance Journal piece points out. Security doesn't have to be one of them if you lock down the data at the source. And when it comes to ensuring compliance with regulations (and not to mention giving peace of mind to patients), it's in a health industry-related organization's best interest to take steps beyond encryption for data in both production and non-production environments. In reality, an encrypted device is nothing more than a "mobile Rubik's Cube" that provides a false sense of security- a skilled hacker will be able to decrypt the device's contents. With mobile devices and removable storage becoming the norm, the risk of losses and theft is on the rise.