UK stats: An alarming lack of concern for work data on personal devices

Today a research survey was published by the Information Commissioners Office, conducted by YouGov that shows an alarming lack of concern for business data kept on personal phones and laptops, that people regularly simply throw devices away and do not fully ensure that the confidential information is deleted properly before doing so, potentially allowing data to be accessed by someone else.


Work documents on personal devices

The survey showed that 34% of the UK have work documents on their personal computer, laptop or mobile phone.

Data deletion on old devices

In the same survey, people were asked what they do about the data when disposing of phones and computers.  10% said that they never delete the data on them, 13% said that they simply ask a friend and 29% say that they use the standard delete tools, (7% said that they didn't know - I think we can assume that if you don't know, you are not making sure that all data is deleted).

Disposal Options

28% have simply put devices out with the rubbish, 44% give it away to someone else and 21% of people sell devices, such as via eBay.

So, if we take these three sets of statistics together, we can see a major issue where confidential business information could easily be found on phones and computers.  Of course, in the last few years, the amount of data carried on phones and other mobile devices has exploded - so this survey is probably mainly concerning dumb phones being traded in and the problem is therefore likely to worsen unless employees and employers understand the risks and ensure that data does not stay on devices that are no longer in use.

The report and full statistics are available in this Excel file.

The press release (that also covers what was found when the ICO bought second have disk drives) is here.

All figures, unless otherwise stated, are from YouGov Plc.  Total sample size was 2031 adults. Fieldwork was undertaken between 22nd - 24th February 2012.  The survey was carried out online. The figures have been weighted and are representative of all GB adults (aged 18+).

Is your data just walking out the door?

In November my team and I ran a series of 36 events in 29 countries for IT management and IT resellers, I asked two questions of the audience of those I attended.

1. Do you have your own phone, iPad or PC that belongs to you that you use to access your employers information?

2. Does your employer have systems in place to control and manage those devices and the data on them?

Around 75% of the people I asked responded with yes to question one, but virtually no-one had a positive answer to question two.

Meanwhile, sales of iPads keep accelerating and Gartner's recent report is predicting a doubling of sales of tablets in 2012 compared to 2011 and sales of 369M tablets in 2016.  Gartner's report reiterates that Apple will continue to be the dominant player, but that Microsoft, RIM and Android devices will all be taking market share with expectations that Microsoft will have greater success in the corporate space.

So, the numbers are huge and growing fast, but even these are just sales and not the installed base of devices.  See the graphs below - the left-hand one shows iOS tablet sales (blue) and the rest of the market (green) for prior years and the Gartner predictions, but the right hand graph shows total in use - rising near to 200M this year and above 750M by 2016, around a doubling of the installed base each year.




As I see it, most new employees in IT companies come along with their favourite devices so as employees change jobs, it is even more difficult for IT to hold to a single corporate standard (if that hasn't already died).

And, I haven't even spoken about phones - where the numbers are larger, the number of different devices even greater and the product life-cycle shorter, meaning more churn, more devices to manage and therefore additional complexity.

So, in your organisation, how many employees have access to your data on their devices now and what do you predict for the future?  What happens when they leave the organisation, can you remotely wipe the data? What happens when they lost it or it is stolen?  Is the data encrypted?  How do you ensure that no-one brings in a device that has been infected when outside the organisation?

In the last decade, corporate IT recognised that everyone needed web security as well as desktop security such as anti-virus.  Now, every organisation needs Mobile Device Management and it needs it fast, it needs to be able to cope with many different demands and grow as the company grows.  In the same way that Websense, Secure Computing and Blue Coat grew to share the web security market, another set of new companies are delivering exciting technology to manage mobile devices.

The elements of MDM include policy enforcement, device inventory, security and software distribution.  IT departments need to find someone to lead this project, perhaps the job title is Chief Mobility Officer and that person needs to look at the various vendors carefully - the latest Gartner Magic Quadrant from April last year lists over twenty vendors in the space with another 25 listed as providing some features.

If you haven't seen it - one of the vendors in the Leader's Quadrant - MobileIron - has the document available on their web site.  Happy reading, let's keep our data and devices safe, before all our information walks right out of the door.

Existing sales from Apple, NPD Research and forecast from Gartner Inc.

UK government snooping - who is lobbying and why now?

Yesterday was a Sunday, an unusual day you'd think for a major government announcement to be publicised.  There have been a lot of news stories on the government's new (looks familiar to me, but we'll get to that) ideas about forcing ISPs to hold data on all emails, text messages and phone calls of all UK citizens over the last day, I was planning to write what I thought about the proposals themselves, but that has been done so well that I have decided to go in two different directions.

BTW: Two of the best articles about this are here and here - feel free to read and come back...

I want to go in two different directions - firstly who is lobbying for it and secondly why did it come out yesterday (and do the government really mean it).

1. Who is lobbying for it....

As shown in the Telegraph article - this seems a bit like a sledgehammer to crack a nut.  But is is clear that there's been behind the scenes lobbying and as with the previous government, it looks like every new administration says before they come in that they will roll-back laws that attack citizen's rights (see articles on statements about repealing the Digital Economy Act before the last election), after a short-time in power that commitment is forgotten (too busy passing new laws to kill old ones) and after around two years of lobbying before they decide that the best thing is to introduce new ones (and its for your own good, you silly citizens, don't you realise how hard this governing job is, we need more options to check up on everyone).

Smart terrorists and major crime figures would also be intelligent enough not to be caught with it.  Send your texts to throw-away mobile phones, don't actually send emails - just edit a web page and let the other person look at it, or use the many different methods of encryption or don't use electronic communication at all.  So, who would it possibly catch?  The dim or the unorganised - though again as the article from Tom Chivers says we seem to be doing OK at catching the unorganised.

So, the first possibility is that someone in the security services who doesn't realise how easily the technology can be circumvented is lobbying for it.  If this is the case, then they need some independent IT people that can show them the holes in the proposals, ("independent" meaning not someone who might benefit from installing it - yes, really, that does need to be said).  Having had a few meetings with people like senior members of government bodies to regulate the Internet, I have seen government's cluelessness and lack of understanding first-hand, so I could believe this one.

Secondly, it could be the police.  Not looking for initial security problems, but as soon as someone is found who is "of interest", then sweeping up all their friends as possible co-conspirators.  I can see that having some merit, though again only catching those who aren't very clued up on technology themselves.

Thirdly, perhaps they want the technology installed, then its remit can be widened (the slippery slope argument).  But who is the shadowy "they"?  Not sure myself, again I guess the security folks.  Perhaps its simply a game to get more resources, along the lines of "if the government give me more responsibility, I'll have to have more staff and a higher budget".

Fourthly, the vendors.  Let's be honest, they have something to sell and they'd get a huge windfall if the government can be persuaded to introduce another law forcing ISPs to install more monitoring equipment in their offices.  I can hear the sales-people now saying to the government "and just think, if you want this data and don't want to pay for the equipment, all you have to do is force the ISPs to do so.  people will have to spend a few quid more a month on their ISP connection, but you don't have to".

2, Why now?

Answer this question and maybe, just maybe, we'll know that question 1 is irrelevant.  Why now?  Why the day after probably the worst PR ten days for the government?

Now call me cynical - but after the granny-tax, reduction in income tax for those over £150,000, pasty-tax and petrol-in-a-jerry-can wheeze, did someone on Friday night wonder to themselves if they could change the story to something else?  As this proposal has been floating about for years (6 years ago, the Labour Party introduced the same thing), the discussion documents to promote it are ready and allowing it to slip out will change the political football from the series of embarrassing discussions to one that looks, at first glance, to be more significant.

But do the government really care?  Are they really interested if this bill passes or fails or under heavy pressure, will they, like the labour Party before them, just sideline it as too much bother to worry with?  In the meantime, we've all swallowed the bait, have started discussing a topic that will go on for a year and moved on from all the previous stories.  Meanwhile, the government can tell whoever is lobbying for it "see, we've done what you asked, sorry it didn't work out".

I guess we'll see if they really push this one through.  My bet is that it will die, but it will take a lot of effort to kill it from privacy campaigners and Internet experts.  Then, a new election and two years later we'll all be back.

Ten cities for Wi-Fi MANs

The UK chancellor announced in his budget today a commitment to funding wifi in the ten largest cities in the UK.  Of course, at this point there's no details on when and how users will get access to these MANs (Metropolitan Area Networks) - note he didn't say "free wi-fi" - however I think this should be applauded as a powerful investment in the IT infrastructure of the UK and is another boost for WiFi itself as the future of wireless networking, especially as discussions over 4G carry on their slow path (see previous blog entry "WiFi Nearly Everywhere" http://wheresnigel.blogspot.co.uk/2012/02/wi-fi-nearly-everywhere.html ).

Of course, I could moan that they are ignoring the rural areas (and, no doubt I will), but honestly where did we expect them to start? It has to be the largest cities.  Though he offers £50million for smaller areas too, so no doubt rural areas can bid for a part of that.

So, good work Mr. Chancellor.  Vendors - let's get this stuff installed.

Other cities/towns and yes even villages take note and its time to consider investing in Wi-Fi like you do in street lights and pavements, what about a solar-panel and wind-powered unit to sit on the top of all of our churches "surf and pray"?  The rest of us should keep buying Wi-Fi enabled devices, use our devices wherever we can, applaud those organisations that offer Wi-Fi services and march together to the always-on community we know is the future.

+++

See below for the chancellor's statement:

To be Europe’s technology centre we also need the best technology infrastructure. 

Two years ago Britain had some of the slowest broadband speeds in Europe; today our plans will deliver some of the fastest – with 90 per cent of the population having access to superfast broadband, and improved mobile phone coverage for rural areas and along key roads across the UK.

But we should not be complacent by saying it is enough to be the best in Europe when countries like Korea and Singapore do even better.

So today we’re funding ultra fast broadband and wifi in ten of the UK’s largest cities.

Belfast, Birmingham, Bradford, Bristol, Cardiff, Edinburgh, Leeds, Manchester, Newcastle and London.
My HF for Brighton Kempton asked me to help small cities too – no doubt with his own city in mind.

I agree. £50m will be available for smaller cities too.

http://www.hm-treasury.gov.uk/budget2012_statement.htm 

Banks - the next victims of the Internet?

Quiz of the Day:

What did eBay do for local newspaper small ads?
What did Amazon do for bookshops?
What did Amazon do (again) for music shops?
What did Wikipedia do to Encyclopaedia Britannia?
What is YouTube increasingly doing to TV broadcasters?
And when musicians can sell their music directly to the fans, who needs record companies?
How about the Internet generally shining a massive light beam on any organisation that is inefficient and charging its customers more for a product with little differentiation from their more efficient competitors?
You could add Google and Facebook compared to the advertising model of TV companies and, of course, the news web sites are busy eating their own lunch and killing their paper-based parents.

OK, so you've read this all before; the Internet is great, Nigel's loves it, it changes everything, no old business model is safe, be aware and either embrace the new reality or be run over...

Meanwhile, in retail banking it seems nothing has much changed for hundreds of years.  We trust our banks to take our salary each month, they hold it for us and pay us a pittance while if we want to borrow they charge us a high interest rate and pocket the difference.  As I know people who used to or still do work in the banking industry (and having had a recent debacle with my own bank that took 3 hours on the phone before they grudgingly admitted they had lost some of my money), they seem blind to competition at the moment, paying each other nice fat bonuses, annoying almost everyone in the world in the process - will the Internet run them over?

Some people think so.

Just think - you might be sitting with money in your account earning 1% in interest and next-door to you lives someone else who wants to buy a car and is about to pay 15% to borrow your money from the bank you've just deposited in.  Could we do something more efficient than this?  What if someone can connect you and your neighbour together more efficiently?

For a few years, there have been a few peer-to-peer lending organisations, basically doing to banks what eBay has done for unusual items - if the seller and buyer can find each other and cut out the middle-man then it should be cheaper (a smaller spread between lender and borrower), so the borrower pays a lower rate of interest, the lender gets a higher rate of interest and everyone wins (except the banks).

Distintermediation wins again.

So, I tried it.  Now I'm not going to say whether I am a borrower or lender, however I have joined the ranks of the largest UK-based P2P lender - Zopa and have to say it seems to be working a treat.  This will be a new market to watch; like eating the first oyster, whoever was first to lend was a brave person, but Zopa has now been trading for 7 years, has lent over 178Million pounds and claims to have 2% of the UK personal loans market.

The clever bit is that even though they make the underwriting decisions, the money is actually lent from the  lender to the borrower, so if Zopa were to fail, they don't take the money with them.  The danger, of course, is if their underwriting decisions are not robust enough it is your money that they are lending.  On the other hand, they publish all their previous history on their web site (ask your bank about its lending to the sub-prime market, Greece etc. and see if they give you a spreadsheet of their losses - No? Somehow I thought not), so if they publish everything and have nothing to hide that in itself should give us confidence.

So, I guess I should add in the disclaimer that I am not a financial advisor and am not making any representations on behalf of Zopa or anyone else (the next two P2P lending companies in the UK are Funding Circle and Ratesetter and there are a few others too), but hopefully they will be successful and challenge the banks to be more efficient in their lending, who knows - we could see the gap between borrowing and lending rates fall and the world will be a better place for all.

The odd thing for me is that the people protesting about the banks behaviour over the last few years just seem to be waving placards and not promoting something to take the place of the banks, though perhaps I have missed it.  Not that this is a political blog, but if they wanted to make an impact, perhaps they should put their financial affairs in this type of place and either borrow or lend to Zopa or other P2P lenders themselves.

For more info, see for yourself here:  http://www.zopa.com/member/nhawthorn

A personal example of Big Data crunching

I saw Stephen Wofram's blog entry where he published analytics of his life for the last 33 years of emails, telephone calls, calendar entries etc.

http://blog.stephenwolfram.com/2012/03/the-personal-analytics-of-my-life/

At first, some people may wonder whether this has any benefit and what the data analytics are for, but I think it shows firstly the sort of data that can be graphed and (having always loved graphics more than text myself) the greater benefits are from seeing visually any long-term trends and allow the individual to decide whether to change some things that they do (emails on a Friday night, perhaps).

For the rest of us, it has information too.  For example, there have been discussions on when to email or tweet for maximum impact, with a large dataset we could see when users tend to be at email already and also when other emails aren't being sent, perhaps both can help show the most productive times.

We can see when meetings are set - knowing a target's norms allows you to fit in with them.

Changes in behaviour over time can also be shown - personally I'd love to know what percentage of emails I bother to open, what number I read on a mobile device and whether I do or don't download the images - I am sure the percentage of fully-read emails has reduced over time.

I think in the workplace one very useful piece of data could be the ratio between meetings and "non-meetings", I wonder sometimes how some people manage to achieve anything at all if they have 6 back-to-back meetings each day, as there's so little time to actually perform the actions agreed.

So, though reading his blog may at first make you wonder whether it is useful, I think its a great indication of what can be gleaned and if we multiply that data by every individual in an organisation, it can show the best time for internal meetings, the best way of communicating, the types and methods of communication being used - first get the data, then analyse it, then look for patterns and make the difficult jump between facts, data and information.

Of course, he has the benefit of using the same systems for many years - for most of us bouncing between jobs and various email addresses, phones etc. we probably don't have the data itself.  So, step one is to make sure the data is being tracked and archived, even if we can't work out how to extract the value today, that may come in months of year's in the future.

Someone once said, the best way to find a needle in a haystack is to remove all the hay and what you are left with is the needle.  Step two is then crunching the numbers and looking for the patterns that are useful.

Call me a geek, but I think its rather fascinating.

Wi-Fi Nearly Everywhere

The incumbent national operator always comes in for stick, it doesn't matter which country you go to, the poor old national carrier is usually seen as more expensive, slower to roll out new features and therefore less innovative....

Here in the UK, it is no different and poor old BT have been criticised for decades, despite having to provide a universal service across the country, run uneconomic pay-phones, keep different businesses of their network separate and provide the backbone for their competitors while constantly negotiating with the regulator.  (Ignoring that they have been kept out of the mobile market altogether to ensure that they didn't squash the nascent mobile market all those years ago).

They will be happy, I hope, that this blog isn't to knock BT, as I want to praise one thing that they have been rolling out for a few years that may have passed you by, at least until it grew to its current size and they started promoting it on their latest TV adverts ... Their huge installation of Wi-Fi networks that other BT customers can share.

This advert says that that they have 3million Wi-Fi hotspots and these are each delivered by their own customers - though I notice the note below the advert now claims 3.5million.  Whoever thought of this was a genius, at the time they started, Wi-Fi wasn't as ubiquitous as now, but as each of us gather more Wi-Fi enabled devices we all want Wi-Fi access wherever we are and as more location-specific applications are launched, we get more addicted to being always on.  So, congratulations Mr or Ms BT.

http://www.youtube.com/user/BTCampaigns?feature=pvchclk#p/u/0/2sWsKpcUKE0

So, I thought I'd do a bit of maths...

A typical Wi-Fi radius coverage is claimed to be between 46M (indoors) and 92M (outdoors), so if we assume a radius of 75M, then each area of coverage could be around 1,7671squareM.  that is around one fiftieth of a square km

The UK's area is 243,610 square km - so 12 million hotspots all placed equidience apart would cover the whole country (countries), so if only the 3.5 million spots they have now were spread around, BT customers would have free Wi-Fi access in a quarter of the country.

Of course, its not like this - if you look around in built-up areas you'll often find multiple hotspots, but still its pretty impressive and with the local areas putting up free services (Westminster for example) and free services in restaurants and hotels - the coverage model is constantly growing.

Now, if only the devices would connect without any user intervention, default to Wi-Fi before 3G and 2G and the confusion in my head about the different between BTFON, BT-Openzone and BT-Openzone-H was cleared up, we'd all be able to have Wi-Fi "nearly-always-on".

I have an iPad that is Wi-Fi only and it has been a very rare occurrence that I've wanted access outside a hotspot and thought I wish I'd bought the 3G version - and each day as another bunch of hotspots gets installed, that will get less and less frequent.

Will there come a day when many of us use mobile phones that are Wi-Fi only? Just designed for data services, the user then uses Skype or equivalent for phone/video calls and the need for 2G, 3G and even 4G services goes away altogether? I think so, and I think it is closer than some people may think.

Here's one from Samsung, I wonder how many they sell and the growth that they are seeing -

Galaxy S