Security is Not a GivenBy Ericka Chickowski | Posted 01-29-2009
Smartphones in the Oval Office
The debate over security or productivity inspired by President Obama's desire to bring a BlackBerry into the Oval Office should make companies think hard about their own mobile devices, says former White House Deputy Chief of Staff Joe Hagin.
In the end, the argument for productivity (not to mention the desires of the newly-elected president) won out, but security hasn't been completely left by the wayside.
In late January, the White House staff announced that the president will in fact get access to a smartphone, but with some limitations. First of all, it won't be a BlackBerry--he's trading up for a rugged device chosen by the National Security Agency. He'll be limited in who he communicates with and what they discuss, and customized software will prevent the forwarding of presidential messages
The publicity around this presidential smart-phone balancing act may be a great thing for private-sector leaders who don't even know there's a balance that needs to be struck, says Hagin, who served the George W. Bush administration.
"I think that the focus on the president's BlackBerry is doing a good service, because I think that the corporate world and the business world in general has kind of been asleep at the switch on these issues," Hagin says. "It is extraordinarily important that private industry in the United States wake up to the vulnerability and the challenges of using these devices.
Perhaps better than anybody, Hagin understands the security challenges of placing smart phones in the hands of power players. In his role, Hagin essentially served as President Bush's COO from 2001 to mid-2008 and was the senior staffer responsible for deciding on the first White House BlackBerry security debate.
Back when Bush took office in 2001 the White House had a policy banning the use of smart phones by any White House staffers, upon recommendation of senior intelligence and security staff. They stuck with the recommendation, even as they looked enviously at other workers on Capitol Hill aided by the technology
Then September 11th hit.
9/11 Changes Everything
Hagin was in New York at the time at the UN Headquarters with the Deputy Director of the White House military office, a senior secret service agent on the president's detail and one of the president's five military aides -- all people absolutely critical for leadership in such a crisis scenario. As Hagin and the others struggled to help evacuate the city and head west to rendezvous with the president, they found it near impossible to communicate using the clogged cellular networks.
"Here we had this very senior experienced group of people who had a lot of responsibilities in a crises like this and we were, for all intents and purposes, out of touch," he says. "I was so frustrated by it."
Hagin found out later that those on Capitol Hill equipped with BlackBerry devices were able to communicate via e-mail because those messages were being sent over different networks than the overloaded cellular networks.
"It took something like September 11 to really break the log jam. We basically made the executive decision to overrule the security services and get BlackBerries for the White House," Hagin says, explaining that most private sector executives can relate with his thought processes. "Anybody who's working for a large organization, who has a critical role in the operations of that organization, has to make these judgments. What's worse, having some data stolen or being unable to do your job in an emergency or in a crisis?"
Security is Not a Given
Of course, then as now, the use of these devices came with security provisions, technology and policies. For example, his staffers were never allowed to bring the BlackBerry devices on international trips and they were always limited in the types of information they could communicate over the devices.
The lesson learned, he says, is that organizations need to take a measured risk-management approach to implementing mobile devices.
Now that he's back in the private sector as CEO of Chicago-based Jet Support Services, Hagin feels so strongly about this issue that he dedicates some of his off hours to the board of directors of SMobile, a device security company he got to know when he was surveying the mobile phone risk landscape as he was conducting his own BlackBerry balancing act.
He urges his fellow private sector executives to pay attention to the risks at hand.
"Business and industry and government (have) got to step up to the plate and start doing a better job of protecting their proprietary information," he says. "It doesn't matter if you're a defense contractor or an investment banker or a small company that's doing specialized sensitive work, you're at risk. The focus needs to be on protecting devices so that you can use all of their functions and remain productive."
He isn't the only evangelizing awareness. According to Paul DeBeasi, senior analyst with Burton Group's network and telecommunications practice, too many organizations play fast and loose with their use of smart phones.
"Once you put sensitive information on the device, it's at risk. At a minimum, I think people should try to get their mobile phones to the same level of security, control and best practices that they use for their laptops, probably even more so because these devices are so easy to lose and they're so easy to have stolen," DeBeasi says. "Mainstream enterprises need to lock them down and take them seriously like they do with laptops, be really consistent with policies and enforce them."