"In the longer term, not necessarily being deployed at the moment, we need to take a different approach to keeping data safe. My personal view is that end users need to take a more personal responsibility for the data they hold," he says.
"The constraints on where data is allowed to go are disappearing and the responsibility has to flow with the data, to the end users and that's fine as long as it's well understood by them," Powell adds.
Part of this process, he says, is to classify data on a much more granular level so that employees have a better understanding of how they should treat each piece of information they hold. Once they have a clear idea of the potential for harm different data has, employees can be held accountable if they are careless with it.
"We need to update our policies and guidelines because again one of our control mechanisms is that we have we have a policy that people sign up to and if they contravene that policy then they are in trouble," Powell explains.
"This is the key thing to me. Security, as much as a technical issue, is also a behavioural issue. It's what people do with data and how people use the computers that they have."
With data routes becoming non-device-specific and corporate information physically roaming off the premises, security has to become more sophisticated than a mere network of firewalls.
Accordingly Powell is moving away from the firewall-based approach to security to one where data is classified according to its sensitivity and the level of protection is set on that basis. He admits that the granularity of that classification is still quite limited, but he hopes that in time he will be able to set a spectrum of security levels for data going out to mobile devices.
Login systems are strictly applied so that no device, whoever owns it, can be switched on without a passcode. All data that goes out to mobile devices has to be encrypted, and all devices have to be set up so that they can be wiped remotely if they are lost.
"Device encryption has been a standard within the NHS for a long time. We wouldn't countenance anything that wasn't encrypted, because things do get left on buses."
On the move
At Aston Martin Callow sees mobility as the key benefit of consumerisation and his main concern is to make enterprise applications available to mobile users. Aston Martin has recently deployed Microsoft Office 365 and this cloud-based Software-as-a-Service application set allows Aston Martin employees to access shared resources - including email and scheduling - from anywhere and on any supporting device.
Sign up for CIO Asia eNewsletters.