It's an incredibly exciting time to be in IT. And that's part of the problem.

Grant Moerschel, Co-Founder, WaveGard

April 29, 2011

3 Min Read

I dropped by my local Verizon store the other day to check out the Apple iPad 2, as I had seen it only from a distance. Hey, it's hard to get your hands on one right now. I spent a few minutes experimenting with the Droid 3.0-based Motorola Xoom, and look, there's a Samsung Galaxy Tab, too. The store was full of enthusiastic consumers salivating over these and other marvels, including the HTC Thunderbolt, iPhone 4, BlackBerry Bold, Droid 2 Global, and HP Palm devices, to name just a few.

As one customer fondled the iPad, I heard him say to his wife, "I don't know why we even need a desktop anymore." Later, the gentleman told the salesman he wanted to use a tablet to do construction estimates at customer sites, and print the quotes then and there.

Point is, the energy in the store was simply amazing, and I'm not talking about the RF waves that were shooting through all of us. Never before in my two short decades in technology has there been more flux, uncertainty, and experimentation. The tablet wars make the cola wars look tame, with big money at stake for the winners (and yes, there will be more than one). The business possibilities for these myriad and varied platforms are exciting, especially for small companies looking to increase productivity and deliver customer service on par with larger competitors.

But are you sacrificing data security in the process? I work with many companies whose employees are bringing their devices to work and asking to connect them directly to the company network via Wi-Fi or VPN, or to have them configured for email access. Yes, it's a nice budgetary upside that employees are using their own hardware and data plans for work, but before saying yes, consider all possible downsides -- particularly if your business is a custodian of sensitive customer data. And really, whose isn't nowadays?

Think about the risks (a device carrying R&D info may be lost, or someone could download your customer list onto an iPhone and carry it home), then write down how you'll handle mobile data connectivity. Get the policy accepted by management. Incorporate it into your overall security plan.

Yes, that's a tall order, but technology can help. I'll discuss specifics at my InformationWeek Analytics Live session at Interop, titled How IT Makes A Difference To The Midmarket Company: Mobility & Security.

Today's mobile device management (MDM) platforms let you control access to data; these suites can be hosted by your organization or within the cloud as software as a service. Decisions to be made include user-to-device authentication, hardware control, and permitted applications, but the ultimate goal is that if a device is lost or gets into the wrong hands, you can confidently state, whether to customers or an auditor, that you're not worried because of the technical controls you have in place.

We are indeed at the dawn of a new type of work environment, one that goes beyond simple email and Web browsing to include specialized application access and virtualized desktop connectivity, regardless of employee location. The vendors and platforms will continue to play leapfrog. This innovation is good, as long as you spend the time to separate marketing hype from reality and have a plan to secure the information that may live on these devices.

Grant Moerschel is co-founder of WaveGard, a vendor-neutral technology consulting firm. Come meet him at our "InformationWeek Analytics Live session at Interop Las Vegas on Thursday, May 12.

Recommended Reading: Interop Special Report Consumerization Of IT: How To Support All These Gadgets Phones Are Getting Thinner, Heavier, Large Motorola Xoom To Get Software Update How To Sort Through Enterprise Mobility Challenges Three Mobility Trends That Will Change Your Business White House Sets IPv6 Transition Deadlines

About the Author(s)

Grant Moerschel

Co-Founder, WaveGard

Grant Moerschel is co-founder of WaveGard, a cybersecurity consulting firm that empowers clients in a quest to reduce sensitive data risks. His 24 years of experience encompasses network engineering, IT risk management, and next-generation security controls. In past lives, he worked at PricewaterhouseCoopers and Tetra Tech. In addition to his writing for InformationWeek, he authored a WiFi security book for McGraw-Hill, a Cisco security technologies book for Cisco Press, and (ISC)2 courseware. He loves hanging out with his family, running, cooking, and building projects and gadgets. He earned his BS from the University of Delaware.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights