All IT departments are confronted with mobile devices today, and the upcoming holiday season will probably bring many technology gadgets such as smartphones and tablets to homes and christmas trees nation-wide. This are surprises both for the end-user (on christmas evening) and for the IT department (after the holiday season). We talk a lot about our customers about the trends of increased mobility, the new way/world of work and consumerization which are reshaping how IT departments work.
The most commonly cited concern for the mobile devices is the security aspect, with two important facets:
Obviously, there is no single answer to this situation, with the role of governance & security within the organization (beyond IT), the level of expertise & creativity of end-users and the business needs which are answered by these mobile devices, all being very important parameters in finding a good mobile device strategy. At Xylos, we believe that the foundation of a good mobile device strategy is based on the complimentarity that end-users see in the mobile device, (as an extension of the desktop), which should be leveraged as much as possible to create a uniform workspace across the desktop and the mobile devices. In that vision, there are two important aspects that require a different approach than what is usually followed by IT departments, and require "thinking outside the box".
First, there is the trivial remark that consumer mobile devices (today) do not distinguish between different user roles; on a regular workstation, it is considered a best practice and highly recommended to deprive end-users administrative rights and leave them with regular user rights, such that the desktops and laptops can remain standardized, managed, patched and secured. In this context, locking down the workstation makes sense both to prevent the end-user from tampering (by installing additional software, accidently contracting malware, ...) and to prevent third parties from retrieving confidential information from such a workstation. It is often said from a security point of view that "physical access" by a person with malicious intentions (end-user or third party) to any workstation should be considered equivalent as that device being hackable or potentially tampered with.
There is no reason why this remark cannot be applied to mobile devices: these devices are much more prone to being stolen/lost than a desktop or laptop, and hence from a security point of view, it makes more sense to assume that such a mobile device will fall in the wrong hands one day. Again, with physical access to the device making tampering with that device perfectly possible, one has to ask themselves whether a complete functional lockdown (with the corresponding user impact) is really the desireable approach? There are security measures, either completely transparent to the end user (encrypting the device and storage cards) or perfect common-sense (requesting a pincode/password before the device can be accessed) which can perfectly mitigate the risk of lost/stolen devices without a strong disruption of the user experience. This has to be combined with a good governance structure (policies & IT processes) to clearly explain users what is allowed on the device, and how to react promptly upon a loss/theft of their devices.
That mitigates a major issue around data loss that exists amongst many IT managers concerning third parties; another concern is that end-users might install & use applications:
In fact, the recent Carrier IQ commotion shows that the risk of malware/unwanted apps can even come from other sources than the end-user itself. Again thinking from within the desktop perspective, it is tempting to use a blacklist or whitelist approach for apps on mobile devices, much in line of software restriction policies which exist in the Windows world (this functionality can be implemented using the many mobile device management packages which exist today). Also here, we advise to proceed with caution and try to think out of the box again:
Again, the question remains whether the reflex of IT to lock down the device, is indeed appropriate, and does not constrain the user in the way they feel the device can help them work more productively. The fact remains that applications such as Google Chrome or DropBox are engineered specifically to bypass IT restrictions, by installing in the user profile (where the user always has write access) or by using standard communication protocols such as HTTPS to make it more difficult to block DropBox traffic (and which open tunneling & proxy opportunities to more tech savvy users). It is not surprising that the question on how to block these unwanted services keeps recurring and apparently cannot be answered definitely given the very fast pace at which similar (cloud) services appear & disappear every day.
Therefore, to conclude, when devising a mobile device strategy, we recommend our customers to think out of the box and investigate not how to block applications or services, rather on how these services can be embraced and perhaps (partially) managed from an IT perspective. Obviously, this does not work well in all environments, but for many, it might provide a fresh and pragmatic perspective to relieve the phone & tablet consumerization pressure on the IT departments.
Your email address will not be published. Required fields are marked.