Managing mobility: How to secure corporate data and keep users happy
Today, enlightened client management means dealing with a plethora of tablets, smartphones and netbooks, along with applications running on operating systems, such as Android™, Windows, iOS and Symbian. Add to that employees' desire to use their personal devices at work — called BYOD for "bring your own device" — and managing becomes a complex job. "The locked-down model of mobility is easy to manage, but multiple apps running on multiple devices can very quickly overwhelm the IT department of a midsize company," says Kevin Benedict, founder and principal analyst at Netcentric Strategies.
Still, a high percentage of companies allow employees to use personal devices for work-related activities. "Our research shows that 50 to 60 percent of organizations have some level of formal BYOD program or are in the process of formulating one," says David Krebs, vice president of Mobile and Wireless at VDC Research. They have good reasons for doing so. A recent study by Decisive Analytics prepared for Trend Micro suggests that permitting BYOD provides a competitive advantage, is an employee benefit that is useful for recruitment and retention, and can boost user creativity, productivity and innovation. In terms of cost, the study showed that BYOD either decreases or has no impact on overall expenditures.
Significant security risks
The security risk, however, is significant. According to the study, nearly half of the companies with BYOD programs experienced one or more security breaches. Interestingly, the security threat is different from what you might expect.
"Most IT executives think the main threat is lost or stolen devices that contain company information," says Sean Wisdom, global leader, Small and Medium Mobility Solutions at Dell. "But cell phones and tablets have become like our keys, they are seldom lost or stolen. This causes IT staff to underrate the security threat."
What, then, are the real dangers? The most popular mobile devices run either iOS or Android operating systems, which offer little inherent security. What's more, most companies allow such devices to access the corporate network, without deploying robust security. Once sensitive data such as contracts, price lists and customer contacts reaches the device, it can easily be copied to iTunes, Gmail™ or Facebook®. And it is out of IT's control when a user quits the company or is fired.
To address this challenge, experts advise analyzing your current situation and carefully devising a mobility strategy, perhaps in concert with a solution provider with deep mobility expertise.
Mobile action items
Action items would include taking inventory of mobile devices currently in use, and devising a plan that could include a mix of company-owned devices and approved user-liable devices. It's also important to institute policies on which apps can access the corporate network, and how you will secure corporate information and manage mobile applications. Delivery of your apps and management tools requires some thought — will they be on-premise, from a cloud service, hosted or some combination of these?
Remember that when devising your plan, BYOD changes the emphasis from managing the device itself to managing the corporate asset. "With BYOD, the issue is not what device users have. They bought it, and if they break it, who cares?" says Benedict. "You're only concerned with protecting the business data and apps that reside on the device."
Software solutions can help
As an example, imagine a company that needs to secure only email and related content. Mobile device management (MDM) software is available that offers full email control, as well as encryption of data in transit and on the device. You can control the endpoint itself via a container that separates all corporate computing from personal usage. The user cannot cut and paste corporate information or backup emails outside the container, and if need be the IT administrator can wipe the container clean. Such controls ensure there will be no leakage of sensitive data.
Many companies will need to manage and secure multiple applications across multiple devices and operating systems. This puts a premium on mobile application management (MAM), available from a number of software vendors. "Regardless of how sophisticated the organization is with respect to mobility solutions, it will need a centralized platform that supports app distribution, provisioning, version control and policy management," says Krebs.
For company-owned devices, there's also the issue of expense management — how to minimize costs from pricey services such as texting and downloading attachments when roaming. Some MDM solutions specialize in cost reduction by enabling you to set user policies, track behavior and receive alerts when policies are being violated.
By deploying the right policies and technology for mobile device and application management, you can have the best of both worlds — the security typical of locked-down environment combined with the productivity and morale gains when users are free to choose their own device.