This audio interview with the CEO of ADV-Group, a software partnership consultancy displays a rare bit of brilliance around explaining how mobile devices exacerbate the "10,000-social-security-numbers-on-a-laptop" problem to a very high degree.
"The proliferation of these devices and the software like IM, SMS, all of the things that the users really want to do with those devices'¶ and mind you, mobile devices aren't just handhelds. I use handheld as an example because they're so common, but laptops are mobile, tablet pc's are mobile, etc. So all these devices have the kinds of applications that users really want, that you're describing. It is certainly the case that it goes directly against the best interest of IT and sometimes the best interest of the company to assert and prove to an auditor that they've got all this under control. Well, how do you do it? Again, it really goes back to good communication about why this specific program works. Here's the business that we are in and here are the consequences of being out of compliance and the cost to us and the impact to you, the employee. So that's a big part of that. You can certainly bring down a very heavy-handed technology solution to bear to try to detect programs like that. It's also the case that you can bring down a very heavy-handed (or a light touch if you'd like) audit program."