VSJ – April 2006 – Sounding Board

Robin Jones writes (eventually) a short memo to the IT industry in three S’s.

There is an old story about a telegram interchange between a foreign correspondent, variously quoted as Evelyn Waugh or Ernest Hemingway, and his editor, who had received no copy, which went:





This story gets its mild humour from the fact that telegrams were hugely expensive and charged by the word, hence the invention illustrated above. My point is that, only a matter of decades ago, the simplest communications were beyond most people’s budgets and even major companies thought hard about their use. Not true now, of course. And yet it’s still the case that, in the words of the Dad’s Army theme, “Mr Brown goes off to town on the 8.21” every working morning. In doing so, he uses his time – and precious global resources – largely unnecessarily, because much of what he does can be achieved at home with email, conferencing software, a VPN and so on. Things are gradually changing. A recent IDC report predicts that the mobile workforce will increase from about 650 million world-wide (two years ago) to more than 850 million in 2009. This would be over a quarter of the global workforce.

There is a view that a major bar to even faster change is the innate conservatism of managers who want to be convinced that a home-based Mr Brown is really working for them from 9 to 5 and not walking the dog. While it may be possible to find examples like this, I think it’s probably an unfair slur with which to paint ‘the management’ in general. A much more serious problem for managers, and everybody else, is how security can be guaranteed in an exploded workforce. As it is, there are regular reports of USB flash drives containing unsecured confidential data left on buses or notebooks consigned to pubs. This is as much about education as it is about technical fixes. It doesn’t matter how good the cryptography is if users don’t encrypt the files. But it’s at least arguable that having staff distributed at all points of the compass makes effective training more difficult. And what about deliberate data theft? It’s difficult enough to ensure that employees aren’t smuggling company databases out of the building on their iPods. What if they’re not in the building in the first place?

I’m not sure that the industry has fully grasped the significance – or market opportunity – of these developments. Why, for example, can I buy a wireless router that not only allows me to set it up without encryption but also makes it easiest to do so? Worse, its ‘quick set up’ guide will probably ignore password-protecting the router itself, so anyone who knows the manufacturer’s default can control it! And once the user has heaved a sigh of relief that the damned thing actually works, just how likely is he or she to tinker with it further?

Memo to manufacturers: Security should be Simple and Standard.

[Something you’d like to get off your chest? Email me (Robin Jones) at eo@iap.org.uk.]

Comments are closed.