Today is Thanksgiving here in the United States. It's supposed to be a day off, yet somehow I found myself in front of the computer most of the day playing catch up on various things. In any case, seeing how I have been playing catch up, and it's actually time for me to enjoy this wonderful holiday with my family, Let me leave you all with a piece I recently penned on the importance of secuirty in the context of enterprise mobility. Happy Thanksgiving everyone!
Enterprise mobility is one of the most exciting areas within IT these days – especially given the current state of the economy. All sorts of organizations – whether in finance, or healthcare, professional services, or manufacturing (among others) - are looking to understand how they can empower their workforce by deploying mobility solutions to either increase revenues and/or reduce costs. There is however one issue that still requires more exploration and thought leadership, regardless of one’s role within the enterprise mobility ecosystem: security.
Security, particularly in the context of enterprise mobility, takes on a number of different nuances that are very much unique to this technological environment. Traditional security (in the context of non mobility solutions) is based primarily on anti-virus, firewall solutions and VPN. While these issues remain paramount within the context of mobility, there are many more issues that come into play because of the fact that (by definition) so much of the work and “computing” takes place outside the confines of the four walls or the “behind” the firewall.
However, there are many issues that come up in the world of enterprise mobility that organizations must take into account, including: authentication/authorization of the device, authentication/authorization on applications, as well as making sure that the data that is either being stored on the device or accessed through the device is secure. Beyond this, IT managers need to make sure that they can either lock and/or remotely wipe a device that may have been lost or stolen.
But again, this is frankly “table stakes” for mobile device security. There’s no question that the data that is being accessed or (temporarily) stored on a mobile device needs to be secured and encrypted. There are, however, much greater implications in the context of governance, risk and compliance. At the base level, organizations need to consider how their eDiscovery strategy plays into their mobility strategy.
Governance, Risk and Compliance will be an increasingly top of mind issue for CIOs and CTOs in the context of mobility as more and more employees either are provided or acquire their own smartphones. Individually liable devices, if not proactively managed, will only create a feeding ground for corporate risk and liability. While there are both pros and cons to an organization allowing individually liable devices, these devices must always be managed…and secured.
Mobile security is an incredibly multi-faceted conundrum. Authentication, authorization, mobile VPN, two-factor authentication, remote lock, remote device wipe, remote data card wipe, remote “kill pills,” as well as authentication management (e.g., policy management through solutions such as Active Directory). Let’s not forget the number one rule about IT management. Security can never be so strong and complicated that employees struggle to jump through the hurdles where it impacts their effectiveness and “productivity.”
With all the questions that exist in the world of “mobile” security, there are still few straight forward answers. That said, CIOs and CTOs should consider mobile security top of mind as they consider their overall mobility strategy, all the while ensuring that whatever mobility solutions that are implemented are not overly burdensome to the workforce that is supposed to gain most from these mobility solutions.
