Driving taxis has become a high-tech business: in the second half of 2004 alone, Sydney drivers cleaning out their cars found 13,280 mobile phones, 1725 PDAs and 977 notebook PCs - all left behind by hurried travellers.
Even worse, only 18 percent of those notebooks were ever returned to their owners. The remaining 82 percent - and all the sensitive corporate information they contained - were simply lost to the four winds. Similar mystery surrounded the fate of the more than 500 laptops that disappeared from government agencies between 1998 and 2003, prompting a parliamentary enquiry that unearthed many horror stories but has failed to stem the disappearance of mobile equipment.
At the risk of overstating the obvious, the problem with mobile devices is that they are mobile devices. That has made them a growing source of headaches for corporate information managers, who are battening down the hatches to secure fixed corporate networks but often find that mobile devices remain an unprotected and significant potential exposure. With research firm IDC predicting today's 2.8 million-strong population of notebook and handheld-wielding Australians will grow to 3.4 million by 2008, the problem is only set to get worse.
Growing use of notebooks as desktop replacements has meant that the data notebooks store is increasingly important - and increasingly likely not to be backed up on the network. For this reason, efforts to improve mobile security have tended to address both the security of the device itself, and methods for getting crucial business data back from the field to be stored somewhere safe.
A range of innovations has provided major improvements in the former category. Biometric scanners, now built into notebooks from a range of vendors, restrict access to the devices, as does hardware-level password protection. Built-in hard drive encryption strengthens the protection by ensuring that data cannot even be read if the hard drive is taken out of the notebook. Newer systems feature motherboard-based trusted platform module (TPM) chips that store authentication data, preventing security measures from being bypassed.
Such technologies ensure that lost data cannot be exploited by others, but they do little to help businesses get crucial data back. In that area, however, vendors are starting to make some improvements. For example, HP's latest notebooks include Absolute Software's Computrace software within their own hardware, providing a permanent homing beacon that is active whenever the system is connected to the Internet.
"The real cost of a computer is the value of the data on it," says Laurie White, market development manager for notebooks with HP Australia, who claims a 30 to 40 percent recovery rate for the technology. "With this kind of protection, even if the thief wipes the hard drive, the system will still be able to be tracked down."
In a worst case scenario, Computrace can also be used as a self-destruct tool to wipe sensitive data clean. Leaving lost notebooks for dead may be expensive, but it is promising from a risk management perspective: at least sensitive corporate data will not fall into the wrong hands.
To avoid a total catastrophe in the event of a lost device, it is advisable to implement network-based backup of remote devices. Aiming to improve on relatively slow earlier options, companies like Tacit Networks, Expand, Riverbed and McData are exploring use of Wide Area File System (WAFS) technology to speed notebook backups. Tacit, for one, recently bought notebook backup company Mobiliti, whose technology automatically replicates data back to the data centre whenever the notebook is online. Online backup is also winning supporters in the US, where services from the likes of NovaStor, LiveVault and StorageTek automatically replicate notebook data to a secure, hosted storage server.
Even More Mobile
Notebooks are not the only problem when it comes to unfettered data movement, however. Particularly since the new breed of Symbian and Windows Mobile-based smartphones reinvigorated the ailing PDA market, tech-hungry workers are increasingly bringing such devices - along with myriad USB memory keys, iPods, and other storage-capable devices - into the workplace.
The potential security profile of such equipment may not be immediately obvious to many IT executives, but a recent customer audit by local security developer Lync Software provides food for thought. Over just 10 days, Lync found, the 768-user "large Australian organization" noted more than 1800 incidents where data was copied from work computers onto portable devices; 1805 files were taken via mobile device to destinations unknown. Fully 39 percent of the company's users utilized USB storage during the audit period, with a count of 154 different types of devices highlighting the enormity of the monitoring task.