Government // Enterprise Architecture
02:48 PM
Larry Seltzer
Larry Seltzer
Connect Directly
Repost This

The Chasm Between BYOD And Security

There's just no good intersection of sound device security and a bring-your-own-device policy.

One of my big takeaways here at RSA 2012 in San Francisco is the dichotomy--nay, the chasm--between the dual business imperatives of security and mobile device support, especially in a bring your own device (BYOD) setup. This problem is core to the consumerization of IT and it's not a good situation out there, folks.

Most of the press going into the show indicated a focus on "big data" and privacy issues and there was a lot of that. But I think that by far the biggest problem on people's minds was that of data breaches.

You don't hear big news stories often anymore about massive breaches of, for example, credit card data. But breaches do happen. In fact, it's likely that we only find out about a minority of them. The really successful ones go undetected. And there are weaknesses enough in corporate networks without adding mobility to the mix.

On one of the panels I saw Michael Dahn of PricewaterhouseCoopers put it this way: The right way, the only real way to protect your data is to begin at the beginning: Identify your data, protect it, and protect all access to it. Unfortunately, very few companies have a clear idea of where all their data is.

Now throw in users with their own devices on mobile networks demanding access to that data you're supposed to be protecting, both because it's your job and because there are laws that require you to protect it. For you to have any real confidence in the data under such circumstances you'll have to have control of the device, the software running on it, and the power to wipe it if necessary.

There are companies that demand this sort of control in a BYOD environment and it's probably still not enough. BYOD itself is an outcome of the fact that convenience will almost always trump security. We pay a lot of lip service to security, but in the end we don't want ourselves inconvenienced by it.

There are solutions out there that hold out some hope for IT to meet their obligations without their users hating them too much. Good Technology, for example, has a mobile app environment that is isolated and secured. Good got a bad reputation for apps that were unpleasant to use, but the latest versions look great to me.

But for now, it appears that our systems are disturbingly open to attack and our data subject to breach. BYOD makes this worse by taking it all outside the control of IT. If I were rolling out mobility at a company I'd want to do it as slowly and carefully as possible.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.