For BYOD Best Practices, Secure Data, Not Devices
IT organizations are justifiably concerned about the security risks inherent in bringing your own device (BYOD). Many are turning to mobile device management (MDM) products and services to address the problem. But a number of mobile security vendors believe organizations are focusing the device when they should be focusing on the data.
Tue, July 17, 2012
CIO — When it comes to things that keep CIOs up at night, mobility, particularly bring your own device (BYOD), is at the top of the list or near it. Mobile device management (MDM) products and services are often the reflexive response to the need for more secure mobile computing, but in many ways that's like using a chainsaw rather than a scalpel to perform surgery. A growing number of secure mobile solution providers say the answer to BYOD is not to control the device, but to control the data.
"It's appropriate to manage the device if you own that device," says Alan Murray, senior vice president of products at Apperian, a provider of a cloud-based mobile application management (MAM) solution. "If the corporation owns the device, it should manage that device. When is it valid to manage the application? Always."
BYOD Sparks Data Loss Fears
Smartphones are now in the hands of hundreds of millions of employees around the world, and other mobile devices like tablets are a growing phenomenon as well. This influx of consumer-owned devices into the enterprise environment has sparked data loss fears within many IT organizations. And if you think it's not happening in your company, think again.
"Even if you don't think you're doing BYOD, you're doing BYOD," Murray says. "It's a matter of whether you're doing it formally or like an ostrich."
For the most part, organizations are adjusting to the new reality. According to the State of Mobility Survey 2012 by Symantec, 59 percent of the 6,275 respondents reported that their organizations are making line-of-business applications accessible from mobile devices, and 71 percent said their organization is looking at implementing a corporate "store" for mobile applications.
It's not hard to see why. Organizations believe embracing mobile computing increases the efficiency and effectiveness of their workforces. Symantec's survey found that 73 percent of respondents expected to increase efficiency through mobile computing, and all of them did realize that increased efficiency.
"Four or five years ago, it was all about the mobile elite," says John Herrema, senior vice president of corporate strategy for Good Technology, provider of secure mobile solutions.
"They had company-owned devices to do some pretty basic things around email, browsers and PIM," says Herrema. "Apps never really took off on that platform for a variety of reasons. But what we're seeing now is these BYOD devices have a ton of corporate use. Users are self-reporting that they're doing the equivalent of an extra week of work a month on their mobile devices by doing things like checking their email before they go to bed. The devices are out there. The users want this access. The more you give them access, the harder and longer they work. If you can't find a way to overcome [the security concerns], you are leaving massive amounts of productivity on the table."