This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners: Simply the best."
Download it now to read this article plus other related content.
Rising gas prices and maturing technology are sending the numbers of telecommuters and mobile workers skyward. Security professionals like AARP director of IT operations and security Suzanne Hall have to figure out how to meet that need safely.
Where are AARP's challenges when it comes to mobility and security? Keeping member data private and staying out of the headlines becomes more challenging as my [users] want more mobility. Keeping an enterprise on the move is not just about technology, it's working with user security and behavior, which is a lot harder to standardize. The challenge is perpetually balancing how to use and secure systems and data.
What kind of technology does AARP use to help users be more mobile? Users want lighter-weight tools and more intimate data on customers so we can do business. These threats--the risk of losing any of our personal member or staff information--make it more challenging. We do encryption on data in flight with SSL; at the perimeter, we have firewalls, IDS, IPS. If the [user is] very mobile, we'll do whole-disk encryption.
How has the spike in telecommuters impacted the way you provide security and enable workers? In the last six to 12 months, the desire for more access in more ways and from more places has grown. The way gas prices are, that's going to continue. The technology is mature enough that business users can do more from home--Web meetings, conference
The majority of our users live in major areas, D.C., Los Angeles, where commuting is an issue. Issues with continuity planning and pandemic planning drive a much more realistic business need for telecommuting on an ad-hoc or permanent basis. It's our job to get the right set of tools in place in advance of business clamoring for it. If we do that, we're going to be more successful.
Is security becoming less of a technology question? Technology plays a huge role in my security program. One of the facets of our security organization is the degree to which we can make security seamless to the end user, and that's done through technology. We deploy a great deal. If I don't have to rely on the user for [policy] compliance, I won't. I want to enable marketing to focus on marketing, not security.
Read the full version at searchsecurity.com/ismag.
This was first published in October 2006