Archive for May, 2012

BYOD or “Bring Your Own Device” is like a runaway train barreling down the tracks. If you’re the IT Dept you can either jump on board where at least you have a chance to determine which track it rides on or stand in front of the train, hands outstretched yelling “stop!” As you might guess, in that latter scenario, the train always wins.

But that doesn’t mean you just give up and let anyone bring any device they want into the corporate network where sensitive data is kept. The threat these handy gizmos pose is real but so is their value to the organization so you have to recognize both aspects and do what you can to mitigate the risks.

One of those risks is that the phone could be riding around New York City in the back of a cab even though the device’s owner no longer is. According to this article article in USA Today, Americans lost $30 billion (with a “b”!) worth of cell phones last year alone…


With the proper precautions, though, you actually can embrace the trend that has resulted in the proliferation of this ubiquitous computing capability. Here’s a good story from InfoWorld on how IBM is doing it …

How IBM manages 80,000 bring-your-own devices

There are no risk free options here but learning to say “how” rather than “no” at least ensures that you remain part of the conversation. 




Here’s link to the second in a 2-part series of blog posts on cloud computing security I wrote for…

I was asked to write an article for’s Cloudline blog dedicated to cloud computing issues. Here’s a link to Part 1. (Part 2 is scheduled to be posted later this week.)

IBM recently did a survey of 138 security leaders (many of whom carried the title of Chief Information Security Officer) across a range of industries and seven countries to get a read on what’s really going on in the IT security space. Some findings:

  • The good news is that “nearly 2/3’s say senior executives are paying more attention to security issues.”
  • Better still, a similar number expect to have more budget to devote to security over the next 2 years.
  • More than half say that mobile security is their greatest near-term technology concern.

The real value of a report like this, in my opinion, is not so much for the IT security community. They probably already know this. The best thing this sort of information can do is provide an additional, independent proof point to the leadership withink your organization to step up and take similar action where it is needed.

You can read the full report at


I was interviewed recently by Wes Simonds, a freelance technology writer who blogs for IBM Software, on the subject of mobile device security and some of the inherent challenges with “herding the cats” in this space. Here are a few of my quotes from the article:

  • “The form factor has shrunk, but the threat has not. We can either learn how to surf the tsunami of mobile devices or be crushed by it. And since the waters are shark-infested with hackers, the risks of getting it wrong are significant.”
  • “Whereas we used to have the data in some glass house, in some controlled environment, now it’s sitting in somebody’s pocket. Or worse yet, it’s sitting in the back of a taxi cab that you took an hour ago. And it’s still riding around New York City. And you aren’t.”
  • “When it comes to BYOD (Bring Your Own Device), we as IT security professionals have to learn to say ‘how’ rather than ‘no,’’ said Crume. “‘Because if we don’t, users will do it anyway, and in a far more insecure manner.”

Here’s a link to the full article:

Here’s the second half of the interview I did from last week’s IBM Impact 2012 conference with Tom Young from developerWorks

Here’s an interview I did earlier this week at the IBM Impact Conference in Las Vegas with developerWorks Managing Editor, Tom Young, on the subject of mobile device security.