Home » Data Protection » Wireless/Mobile

Winning the Consumer Gadget Wars

CSOs will need smart policies, good awareness programs and judicious enforcement to manage risks presented by USB drives, camera phones and other consumer gadgets

"Information about people [photographic or personal data] is way more valuable than information about anything else," says Stephen Cobb, author of Privacy for Business (Dreva Hill, 2002), a book that offers executives advice on safeguarding privacy of customer data. "Companies often focus on protecting financial secrets, but information about people can cost the company more."

At First Data, which specializes in money transfers and credit card processing, CISO Phil Mellinger has an employee dedicated to examining mobile devices and other technologies that employees want to bring into work, and who gives written approval from security where appropriate. Without that approval, the device is banned. "We used to approve general security configurations," says Mellinger. "For example, if someone used a wireless device, there were two approved configurations for security. But now each device has its own security configuration, so we have to get down to the device level." Mellinger also notes that camera phones are not just a security issue but an HR issue and a procurement issue as well. "You have to get so many different entities in the company focused on the problem and approach it from different perspectives, but it is a massive problem," he says.

According to industry sources, the Pentagon and defense contractors have long had cellular detection equipment, but that kind of technology is now going mainstream. Companies that offer cell phone detection technologiesâ¬such as Phoenix-based Cellbustersâ¬are gaining traction in corporate markets. The CellBuster device can detect a cell phone that is switched on (even if it is not in use) within a range of 90 feet, and it issues an audio alert that tells the user to shut off her phone. It can also operate in a silent mode, alerting security personnel with a flashing light. This kind of product is ideal for companies that have certain targeted areas within their facility that should be camera phone-free, whether it's the boardroom or the locker room.

Keychain Storage Drives Data A-Go-Go. The threat posed by USB mini-drives has burgeoned during the past year. Plug one of these keychain-size storage devices into a USB port and any information you can access just became portable. Employees can download gigabytes of data off your network and simply walk out the front door. Just 1GB of data is roughly comparable to a pickup truck loaded with documents, notes Dan Geer, vice president and chief scientist at data security vendor Verdasys. Some of these devices can hold up to 60GB. But thumb drives aren't the only form of digital storage media giving security executives heartburn. MP3 players and even iPods, the ubiquitous cool gadget of the moment, can be used to download and store any kind of file (not just music).