Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Source: Gartner

Employees are increasingly gobbling up Internet-connected mobile gadgets: they’ll buy nearly a half billion smart phones this year and more than 50 million tablets, nearly triple the number of tablets sold in 2010.

Employees using such gadgets to connect remotely to company servers and e-mail accounts can boost efficiency; but the practice also creates security challenges. Companies will have to learn how to overcome those challenges for the distributed office of the future to succeed.

Companies have long recognized that mere “perimeter security” around the office network doesn’t work anymore. That security model was killed off by the laptop. But traditional solutions to managing laptops—including running security software on them and setting up encrypted communications channels known as virtual private networks (VPNs)—don’t really succeed. Attackers have learned to customize malicious programs that can remain undetected for days or weeks. And VPNs only protect against eavesdropping. They’re useless against already-infected devices.

The results can be ugly: witness the Department of Health and Human Service’s Wall of Shame, a list of medical-record-related breaches, including 32 incidents this year, of which 18 were caused by lost portable devices or laptops. Such security issues are widely expected to worsen.

The problems have forced information-technology teams to switch tactics: rather than trying to secure the device, they’re coming up with ways to protect sensitive data even if the devices are compromised.

For example, Heartland Payment Systems, the credit-card processing firm—chastened by the loss of 130 million records during a conventional 2009 server breach—now treats all devices, whether mobile phones or remote point-of-sale terminals, as compromised. So these devices only refer to credit-card data using tokens; that is, special codes that correspond to the actual data, which sits in a protected digital vault, says Kris Herrin, the company’s chief technology officer.

0 comments about this story. Start the discussion »

Tagged: Business, Business Impact, The Future of the Office

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me