Ever have one of these conversations?
Me: OK, Mr. CEO Gadgetfreak, we're done configuring your system. It's the best technology at the best price for the business goals you said were most important to you. You're saving big bucks from both ends of the equation. Yay.
CEO Gadgetfreak (looking petulant): Yeah, but …
Me (looking puzzled): But what?
CEO Gadgetfreak (in a rush of excitement): Everything's so … normal. My golfing buddy, Jerry Clueless, told me that his IT guy gave him a PC that has two flat-screen monitors and says "hello" to him every morning, then downloads Alyssa Milano's private e-mails and connects to a secret Webcam in the ladies room despite strict legal and HR policies against sexual harassment and invasion of privacy.
Me (stunned, massaging the bridge of my nose with two fingers while squeezing my eyes tightly shut, hoping I'll wake up -- with blood running out of my ears)
It doesn't matter how good a job you do for some folks' bottom line: You'll eventually run into Mr. CEO Gadgetfreak. He's thrilled with your IT management success on a subliminal level, but what he really wants is as much sleek, silver, blinking stuff on his desk as possible. Until recently this was just a minor pain in the posterior I'd delegate to the technician who bothered me most that week, after I had milked the CEO for as much wacky gadget money as he was willing to spend -- along with my 80 percent annoyance markup, of course.
Unfortunately, the time has come when this once minor speed bump has turned into a big red stop sign. The problem is those smartphones I was gurgling about in my previous column. They're sure cool, and every week sees the debut of an even cooler one, which Jerry Clueless will get and Mr. Gadgetfreak will thus immediately desire. These smartphones have cameras, Web browsers, MP3 players, little SD cards you can stuff with important data, and all kinds of attachment gizmos that guarantee you avoid female companionship in almost every social setting.
You can give Mr. Gadgetfreak as many multihead, HDTV-capable displays as his desk will hold, but cool cell phones have become security targets -- right as Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA, Basel II, and other laws with fun names are starting to become aware of them. The last thing you need is a boss or a client dragging your name into a failed compliance audit ("But our IT guy said it was OK ….").
If mobile devices are a part of the business environment, then you need a PDA, smartphone, and even cell phone security policy. Not only because Mr. Gadgetfreak will store his most personal contact and schedule list on a mobile device, but also because he'll probably download any number of sensitive corporate memos or other correspondence. Not to mention a good chunk of his e-mail inbox. And don't forget that many of these devices now support 802.11x, so he'll want true client connectivity back to the corporate network, even though in reality the thing won't come out of his briefcase while he's out of the office. That's another potential clear text authentication violation unless you're careful.