6 | 2010

Given the unabated trends toward continued miniaturization, connectivity, and battery longevity, it is undeniable that mobile security and privacy are only going to grow in importance."

— Gabriele Piccoli, Editor

In this issue of Cutter Benchmark Review, we focus at the intersection of three topics discussed previously: mobile technology (Vol. 9, No. 3) on the one hand and privacy (Vol. 6, No. 1) and security (Vol. 5, No. 12) on the other. We do so because we feel that these topics, interesting each on its own, take on renewed relevance when combined. It is undeniable that mobile form factors, from the laptop to the smartphone to the iPad and who knows what next, will continue to gain prominence in the personal and organizational technology arsenal. As they do so, the importance of securing the mobile platform while ensuring the privacy of its users will continue to increase commensurably. In short, given the unabated trends toward continued miniaturization, connectivity, and battery longevity, it is undeniable that mobile security and privacy are only going to grow in importance.

Those (few I would guess) who need convincing of the importance of this topic may not have heard all the hoopla stirred up by the recent launch of a Web-based service by the telling name of Please Rob Me with the tagline, "Showing you a list of all those empty homes out there." The mission of Please Rob Me, as the site's own subtitle reads, is about "raising awareness about over-sharing." The site was started to publicly demonstrate how simple it would be to collect information about people's whereabouts and triangulate it to uncover some private, and potentially dangerous, information. As Please Rob Me explains:

The danger is publicly telling people where you are. This is because it leaves one place you're definitely not ... home. So here we are; on one end we're leaving lights on when we're going on a holiday, and on the other we're telling everybody on the Internet we're not home. It gets even worse if you have "friends" who want to colonize your house. That means they have to enter your address, to tell everyone where they are. Your address ... on the Internet ... Now you know what to do when people reach for their phone as soon as they enter your home. That's right, slap them across the face. The goal of this Web site is to raise some awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz, etc. Because all this site is, is a dressed up Twitter search page. Everybody can get this information. 1

Today, Please Rob Me has declared mission accomplished and no longer broadcasts Twitter feeds from location-aware services. However, securing the mobile platform -- and ensuring privacy of the content that transits on it -- is all but mission accomplished. Thus, we tackle this challenge in this month's issue. We do so by deploying our new format, allowing our authors to simply leverage their experience and knowledge in this area. Our academic contributor is Katia Passerini, Associate Professor and the Hurlburt Chair of Management Information Systems in the School of Management at the New Jersey Institute of Technology (USA). Katia has been a past CBR contributor, with the March 2007 issue on e-learning (Vol. 7, No. 3) and the March 2009 issue on the mobile platform (Vol. 9, No. 3). She will also be Guest Editor of a future Cutter IT Journal on mobile technologies. Other accolades include her position as Program Chair for the Wireless Telecommunications Symposium in 2007 and serving on the board of several journals in this area. Our practicing contributor is Lanse LaVoy, Director of Information Protection and Security at DTE Energy, a Detroit-based diversified energy company involved in the development and management of energy-related businesses and services nationwide, where he leads an organization that provides information security, risk, and compliance services to the enterprise.

Katia begins by contextualizing her work as a follow-up to her CBR survey contribution last year on mobile technologies (Vol. 9, No. 3). She focuses mostly on the privacy side of the problem, thus providing a piece that is complementary to Lance's focus on securing the mobile platform. While privacy is not an issue that is unique to mobile technology, Katia paints a picture of the particular challenges engendered by the pervasiveness and always-on characteristics of mobile IT. With this as the backdrop, she provides general principles for safeguarding privacy and adapts them to the unique challenges posed by mobile devices. She concludes her contribution by providing three design principles that can help ensure appropriate privacy protection once embedded in the design of applications for mobile devices. Namely, participant primacy, data legibility, and longitudinal engagement. Finally, she offers a set of action points to help you enable privacy in your organization.

Lanse begins his piece relaying a prediction that smartphones, the ultimate mobile computing device (for now!), will outnumber PCs by 2011 and provides, as way of an introduction, an interesting reflection on how we got to the current level of power and adoption of mobile technologies. With this as a backdrop, Lanse takes a deeper look at IT security (a complementary focus to Katia's) for the mobile landscape and discusses how the challenge of securing IT resources is changing along the proliferation of powerful mobile devices. In true CBR style, he then gets pragmatic, providing tangible guidelines and solutions -- organized around technology, people, and process issues.

Securing the mobile platform -- ensuring the privacy of those who use it as well as the data of organizations that increasingly need their employees to employ mobile devices -- is no easy feat. There are no simple answers in this area because we are constantly challenged to strike the right balance between security and constraints, privacy and isolation. While there are no silver bullets, there are certainly guiding frameworks that can help organizations think through these tradeoffs. We hope you will find that this month's CBR contributes in this effort.

ENDNOTE

1"Why." Please Rob Me (http://pleaserobme.com/why).

ABOUT THE EDITOR

In this issue of Cutter Benchmark Review, we focus at the intersection of three topics discussed previously: mobile technology (Vol. 9, No. 3) on the one hand and privacy (Vol. 6, No. 1) and security (Vol. 5, No. 12) on the other. We do so because we feel that these topics, interesting each on its own, take on renewed relevance when combined. It is undeniable that mobile form factors, from the laptop to the smartphone to the iPad and who knows what next, will continue to gain prominence in the personal and organizational technology arsenal. As they do so, the importance of securing the mobile platform while ensuring the privacy of its users will continue to increase commensurably. In short, given the unabated trends toward continued miniaturization, connectivity, and battery longevity, it is undeniable that mobile security and privacy are only going to grow in importance.