It has become common for many people to use their mobile phone for both private and work purposes. This can pose risks for companies, as it becomes less clear who owns what information. Martin Brodin is an externally employed doctoral student at the University of Skövde, and he has conducted research into secure information management with a focus on mobile devices.
Mobile devices play an increasingly large role in modern business, and today practically everyone has at least one mobile for private use, and most also have another mobile for work purposes. In many instances, the same device is used both privately and for work. This development has taken place very quickly, and organisations’ security policies and procedures have often lagged behind. This results in several unnecessary – and sometimes unidentified – risks. Martin Brodin is an externally employed doctoral student at the University of Skövde’s School of Informatics, and he has conducted research into secure information management with a focus on mobile devices.
– When strategies for IT security were first developed around twenty years ago, mobile devices as we know them today did not exist. Back then, you had a mobile that you could use for telephone calls; later it became possible to use them to send emails, which eventually led to the rise of work mobiles that people also began to use for private purposes. This makes it difficult to know exactly who owns what information, explains Martin Brodin, when we meet him for an interview.
New framework for the resolution of problems
Martin Brodin’s thesis describes an Action Design Research project involving the development and testing of a framework for small and medium-sized businesses. The objective of the framework is to improve the secure management of mobile devices. The project is being conducted in collaboration with a small Swedish consultancy company, and the framework is being evaluated in several other companies.
– In order to prevent the leaking of information from a company, I have examined their strategic work and have developed a framework whereby I have identified which analyses need to be performed. This often results in the need to develop new policies or guidelines, which must then be implemented by the company, continues Martin.
The result of the research shows that simple theoretical models can be integrated with well-established analytical technology in order to support company management and to provide practical help for small and medium-sized companies to improve their mobile security. From both a scientific and an industrial perspective, the most important contribution is a structured managerial approach to the organisation of strategic work concerning mobile devices.
Back to work
Before Martin Brodin began his doctoral studies at the University of Skövde, he worked at Actea, which has also been involved and funded his studies.
– After my thesis, I will return to Actea Consulting, where I work as an expert in information security. There, I will continue to work with information security and will be able to benefit from the knowledge I have gained during my time at the University.