Government // Enterprise Architecture
Commentary
3/5/2012
02:48 PM
Larry Seltzer
Larry Seltzer
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

The Chasm Between BYOD And Security

There's just no good intersection of sound device security and a bring-your-own-device policy.

One of my big takeaways here at RSA 2012 in San Francisco is the dichotomy--nay, the chasm--between the dual business imperatives of security and mobile device support, especially in a bring your own device (BYOD) setup. This problem is core to the consumerization of IT and it's not a good situation out there, folks.

Most of the press going into the show indicated a focus on "big data" and privacy issues and there was a lot of that. But I think that by far the biggest problem on people's minds was that of data breaches.

You don't hear big news stories often anymore about massive breaches of, for example, credit card data. But breaches do happen. In fact, it's likely that we only find out about a minority of them. The really successful ones go undetected. And there are weaknesses enough in corporate networks without adding mobility to the mix.

On one of the panels I saw Michael Dahn of PricewaterhouseCoopers put it this way: The right way, the only real way to protect your data is to begin at the beginning: Identify your data, protect it, and protect all access to it. Unfortunately, very few companies have a clear idea of where all their data is.

Now throw in users with their own devices on mobile networks demanding access to that data you're supposed to be protecting, both because it's your job and because there are laws that require you to protect it. For you to have any real confidence in the data under such circumstances you'll have to have control of the device, the software running on it, and the power to wipe it if necessary.

There are companies that demand this sort of control in a BYOD environment and it's probably still not enough. BYOD itself is an outcome of the fact that convenience will almost always trump security. We pay a lot of lip service to security, but in the end we don't want ourselves inconvenienced by it.

There are solutions out there that hold out some hope for IT to meet their obligations without their users hating them too much. Good Technology, for example, has a mobile app environment that is isolated and secured. Good got a bad reputation for apps that were unpleasant to use, but the latest versions look great to me.

But for now, it appears that our systems are disturbingly open to attack and our data subject to breach. BYOD makes this worse by taking it all outside the control of IT. If I were rolling out mobility at a company I'd want to do it as slowly and carefully as possible.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.