There is a tacit agreement in many offices that suggests security and performance are mutually exclusive goals in the realm of business technology. To keep data and networks safe, there is often the expectation that certain freedoms and features may have to be sacrificed. But as BYOD (bring your own device) programs begin to dominate the landscape, this quiet conversation has turned into a heated debate over how much access and control IT administrators should have on their colleagues' personally owned smartphones and tablets.
The growing divide between IT and the rest of the workforce was brought to the fore in a recent survey of network administrators conducted by email archiving specialist Mimecast at the DevConnections conference in Las Vegas. The majority of industry professionals indicated that the consumerization of IT was an important issue that needed to be addressed with their organizations, and approximately half conceded that access to personal mobile devices was a "productivity necessity." In fact, just one in four indicated that their firms explicitly ban the use of employee smartphones and tablets for business tasks.
These findings suggest that many IT decision-makers are giving credence to the functional advantages of BYOD often cited by their co-workers. However, an awareness of the potential data security risks is also shading their perspectives.
Three-quarters of respondents to the Mimecast survey labeled information security as the enterprise's leading challenge in mobile device management. More than 20 percent singled out BYOD as a clear risk to business priorities.
These conflicting opinions seem to be putting a number of IT managers in a difficult position.
"Employee support for consumerization of IT is in full swing, whether business leaders are ready to admit it or not," Mimecast spokesman Orlando Scott-Cowley explained. "These results show a massive divide between employee sentiment and what the enterprise is actually willing to support when it comes to personal devices. It's time enterprises fully enable their employees' productivity by not only supporting the range of mobile and tablet devices, but also providing the solutions that ensure corporate data remains secure."
Securing the contents before its container
As InfoWorld's Robert Grimes recently noted, mobile device management strategies tend to break down along the lines of two basic schools of thought: focusing on protecting each individual device through policy and software versus safeguarding the data itself regardless of where it travels. As it stands, the data-centric approach is becoming the method of choice while companies await technological innovations that can bolster the efficacy of device-based protocols.
"I believe this focus on data security is the best strategy for many reasons, not the least of which is that keeping unmanaged devices off your network would stifle productivity. BYOD is inherently unmanaged, and in trying to control it, you'll always be putting a square peg in a round hole," Grimes wrote. "At the same time, you don't want end users connecting to highly sensitive data via systems that are at major risk of being compromised, without any offsetting controls."
These objectives have traditionally been accomplished by establishing separation between data and device through virtualization that instills remote management capabilities. This paves the way for an increasingly common technique known as "sandboxing," which essentially keeps at-risk data in a safe container away from low-risk or personal data and applications. Unfortunately, according to Grimes, most administrators are still figuring out the delicacies of this strategy to ensure they don't accidentally provoke the ire of colleagues by tampering with or accidentally deleting personal mobile assets.
Another basic-yet-effective complement to data protection strategies is encryption. By building this unique layer of security around mission-critical data, the risk of that information being compromised should it end up in the hands of unauthorized users is greatly reduced.
Data Security News from SimplySecurity.com by Trend Micro