The now popular bring-your-own-device mobility model now employed by many companies is certainly no walk in the park for chief information officers. With employees utilizing their personally owned technology, there is a lot for IT executives to think about.
Not the least of these worries is the security of enterprise data stored on such smartphones and tablets. When employees first bring their devices from home, CIOs can't help but feel blind. They have no way of knowing what has been installed on the device, and whether or not its use will put company information at risk.
That's why, according to a recent report from InformationWeek, every BYOD mobility model should be accompanied by a data-centric approach to security. Contributor Art Wittmann said that, because companies have little to no control over the personally owned devices themselves, IT should instead strengthen the data security measure on the information they access and store.
"The thing is, device management and data security have never been the same thing, and in this era of BYOD, they really need to be treated as completely separate issues," Wittmann wrote.
"Device management is something IT does for its own benefit to economically ensure delivery of apps to its constituents," he continued. "When it's not the company's phone or tablet or laptop, that's no longer IT's problem. But appropriately securing sensitive data always is."
Even with a BYOD model, the company still has ultimate control over it's own data, no matter what type of device uses it. That should be exploited to the fullest to ensure that the company remains protected.
After all, such an approach may become more common as the use of personally owned smartphones and tablets increases among mobile professionals. According to a recent Network World report, the flood of consumerization will only continue as technology improves. Between mobile devices and the cloud, there is no more consumer technology than ever that has proven its worth for the enterprise.
To deal with the issue, Networld World's advice was simple – adapt.
"Embrace the change," contributor Mark Gibbs wrote. "Be flexible. It's like you're tied to the tracks of the enterprise and the freight train of the future is coming at you and it's not only got no brakes, someone has jammed the throttle full on."
According to the InformationWeek report, practicing an effective mobile security strategy that is focused on the data level is both inexpensive and relatively easy to accomplish. For starters, Wittmann wrote, companies need to change the culture of protection to focus on the "native-use level." This means altering the approach to both training and investment.
Passwords, encryption and employee education should all be utilized to enhance the security of enterprise data. The latter especially, Wittmann said, will go a long way in achieving such goals.
"Educate your users," he recommended. "Make them aware of the ways they can access and use data safely, and how they should protect sensitive information."
And new reasons for companies to embrace data security for BYOD mobility are cropping up all the time, though they may not help CIOs sleep at night. For example, it was recently revealed that the previously believed impenetrable iOS mobile operating system from Apple has a concerning flaw that allows third-party applications to access personal data.
Information security expert Charlie Miller will present his findings at the upcoming SysCan conference in Taiwan. He discovered a way to sneak malicious malware into the highly regulated App Store, a vulnerability that was previously only known for Google's Android Market.
Consumerization News from SimplySecurity.com by Trend Micro
