Posted by: Arun Gupta
BYOD, CIO and agile security, information security, mobile explosion, mobile security
Not too long ago, IT departments faced the challenge of integrating a new consumer device into the corporate infrastructure; this was the iPad which took the fancy of every CXO and techno-affiliate with its cool factor. It did not matter that the tablet was another appendage to do everything that the earlier devices did well enough while ensuring that the information assets of the company stayed protected from nefarious elements. The tablet toting executive would simply declare: “I want it; security is for you to go [and] figure [out].”
The starting point though, was the iPhone, which was contained to some extent. The tablet was something different; it was a wave that swept away all opposition. Developers mushroomed all over, creating applications to do everything that mattered, and some that did not. IT had no clue what kind of vulnerabilities these apps created or introduced on the device. Faith in mankind was one of the strategies promoted by many to allow the devices to connect.
Compliance vs. convenience
In another part of the world, employees went up in arms against the corporate-issued compute devices—laptops and desktops—citing their home computers’ superiority over the standardized and locked corporate devices. Thus started a trend that is gaining momentum now: BYOD or Bring Your Own Device. BYOD frees up financial resources for companies, it can even free up the support costs if the employee fends for herself. And there are no hassles of managing the refresh.
But what about information on the device? Confidentiality or sensitivity of information, especially when the employee leaves?
Now extend the same to the mobile, which is a lot more like a consumable, gets changed every year on an average (and in some cases, even faster). With the category evolving, this multi-polar, multi-version world of IOS, Android, Symbian, Blackberry, and Windows has brought in unique challenges that are getting out of hand for CIOs.
In a world where every corporate employee expects all kinds of information on her fingertips (read, mobile device), the security framework looks worse than a coarse sieve.
Mobile device security
Mobile device security is an evolving subject; vulnerabilities on the mobile are being discovered every day and they are attaining critical proportions with multiple applications vying for users’ attention. In a 24X7 world, the definition of acceptable risk has changed. CIOs are expected to create visibility of the potential compromises and keep the critical information assets secure at all times. The change in the security stance, thus, creates new challenges and opportunities, requiring higher agility to respond.
Abstraction of applications and information layers from the device is one of the strategies that helps and many frameworks are emerging in this space. The only thing that a CIO can do is to keep abreast of these developments and experiment before business forces change.
It’s expected that the dependence on the big computer (including laptops) will dramatically reduce in another couple of years. The CXO will carry a few devices—personal, corporate, and function-specific—and all these devices will require management and access to corporate information assets.
Start preparing now!