Government // Mobile & Wireless
Commentary
3/15/2012
04:53 PM
Steve Duplessie
Steve Duplessie
Commentary
Connect Directly
RSS
E-Mail
50%
50%

IT's Consumerization Compliance Conundrum

Users are already bringing their own devices onto the network, and IT can no longer control where corporate data resides. What should you do to cope?

By default, endpoints are mobile devices at the fringes of IT's reach, leaving them exposed and difficult to protect, at best. Worse, they contain stuff that competitors and bad guys would love to have.

You can't just talk about backup to protect these devices. You have to talk about security.

You need to deal with encryption. You need to be able to remotely wipe out a device that falls into the wrong hands. You need to ensure that you have Apple-like "find my device" functions for all your devices.

You can't have a billion files on a million devices out there and think that you can only spend your time and money on a search function within the enterprise. There is no more enterprise. The enterprise is everywhere--and it moves. Stop thinking that you can contain any of these problems within four walls. You need to know everyplace a file or object exists--right now. If you don't believe me, go ask your lawyer.

It will get worse long before it gets better. You will need to know who has it, who had it, what they did with it, and when. Can you identify that today? No. But you are going to have to--it's only a matter of time.

You will be responsible for knowing everything about a data object, throughout its lifetime. You will not have the excuse of complexity or difficulty. Consumerization is just a fancy term for the acceleration of bad IT habits, but it is a problem that will rain down upon you.

So forgive my rant of terror. There are solutions beginning to emerge--but they are not your granddad's way of doing things. You should prepare yourself to deal with new ways of thinking. Stop looking to your traditional vendors to solve non-traditional problems. Find integrated solutions that solve real issues--like some of the ones I just raised.

Build a checklist of must-have functions--simple ideas, such as: "I must have the ability to control access to the data." Therefore, it seems logical that IT needs to be the one who sets up a Dropbox account and assigns users their locations. Thus, when the user quits, we shut down their access. Seems entirely logical, yet I don't think I've met anyone in corporate IT that does it yet. More complex ideas are things such as: tag the data and apply policy at the data object, such that I can at least know where it goes, and when. Ideally, I'd be able to kill access to or wipe out a piece of content on a specific device.

The list can get complex quickly, but if you focus on core issues, you will find you can start to get a handle on them. Don't bother trying to mandate (let HR do that), as it doesn't work. Instead, be that happy service bureau your users love--"We're happy to announce that we support Dropbox for those users and groups who want to use it!--Click here to automatically create a workgroup account." But the account is yours, and you control it. User goes, account stays. Permission denied. Conundrum avoided.

Steve Duplessie is the founder and senior analyst at the Enterprise Strategy Group, a leading independent authority on enterprise storage, analytics, and a range of other business technology interests.

The effort to achieve and maintain compliance with Sarbanes-Oxley requirements remains one of the primary drivers behind many IT security initiatives. In our Security Via SOX Compliance report, we share 10 best practices to meet SOX security-related requirements and help ensure you'll pass your next compliance audit. (Free registration required.)

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tonys3kur3
50%
50%
tonys3kur3,
User Rank: Apprentice
4/20/2012 | 6:45:43 PM
re: IT's Consumerization Compliance Conundrum
I would look at this from the other angle like this article spells out: http://www.pcworld.com/article.... Sound security and data protection is sound security and data protection, and if companies focus on implementing and enforcing sound security and data protection, the compliance will follow. The problems come when companies *try* to be compliant instead of trying to be secure.
pcalento011
50%
50%
pcalento011,
User Rank: Apprentice
3/25/2012 | 10:32:59 PM
re: IT's Consumerization Compliance Conundrum
One of the challenges with consumerization is that so many organizations look at dealing with the implications of BYOD (and creating necessary strategies) after the fact. Most don't probably have a checklist, like advocated in the article. Perhaps one way to deal with this is to have cloud applications & infrastructure already in place. In that case, it becomes a matter of protecting the app and the data ... and (merely) connecting with the device. --Paul Calento http://bit.ly/paul_calento
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 23, 2014
Intrigued by the concept of a converged infrastructure but worry you lack the expertise to DIY? Dell, HP, IBM, VMware, and other vendors want to help.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.