Our survey shows we're moving at a breakneck pace toward pervasive mobility. Here's how to stay safe.
Moving from Lotus Notes to Google Apps propelled one global nonprofit organization head-on into the law of unintended consequences. "It has caused an explosion of users bringing their own devices for accessing their work email," says the project's manager. "Most to all MDM solutions rely on some type of ActiveSync connection to manage devices. In our Google Apps environment, with IMAP services open--a business requirement--and without a single-sign-on policy and system in place, we're unable to control who has access to their work email on personal mobile devices."
The organization is now evaluating several mobile device management (MDM) systems. Problem is, in order for this shop and others like it to regain control, Google must expose an API to take the place of ActiveSync, and Google won't confirm when, or even if, it will make this API available.
Welcome to the wild new world of mobile device management.
If you're a glass-half-full kind of person, you may see improvements in the manageability of consumer-class mobile devices as coming just in time to offset battered budgets. But any savings realized by letting employees use their own phones for business can be wiped out if just one Droid containing customer information is lost and you can't nuke it remotely. And that's not a given with MDM products, whose capabilities vary widely, as we'll discuss.
The 323 respondents to our August Mobile Device Management and Security Survey, all of whom are involved with their organizations' mobility strategies, are running into other problems, too. The IT director for a multibillion-dollar U.S. construction firm is using ActiveSync to manage smartphones as he waits for management to pull the trigger on a new strategy. "Only phones that can be encrypted, PIN'd, and wiped by us are currently allowed," he says. The company plans to move to a personal-liability model, where employees buy their own wireless devices and services and may be reimbursed for some or all expenses, and expand the variety of phones and tablets that can access the network. To that end, IT is piloting Good's Enterprise for security, while also crunching numbers for expense reporting vs. stipends. "Good creates a container that holds all interactions with the company network," he says. "We feel that addresses security. Now the sticking point is reimbursement."
There are a lot of moving parts, and the "bring your own device" movement is gaining momentum, with 65% of our survey respondents predicting an increase in the number of employee-owned smartphones and tablets accessing business data and networks. It's time to develop a policy describing how mobile devices are to be provisioned, managed, secured, and disposed of, and to put in place technology enabling IT to enforce that policy.
Remember, the name of this game is managing the component pieces--email profiles, on-premises and software-as-a-service applications--in a way that makes it easy for people to work while also giving you the confidence to look an auditor in the eye and say you're comfortable with the potential loss of any device. If you can't do that, you have a problem.
We're also in the midst of huge platform shift. How huge? As of July, Google Android owned almost 42% of the 82.2 million-user U.S. smartphone market, up from 36% in April, according to ComScore. Its gains come mainly at the expense of RIM's BlackBerry, which was at 22% in July, down from 26% in April. Apple's iPhone market share was at about 27%, with Windows limping along at around 6%.
Now compare those percentages with the fact that, among respondent organizations with standardized mobile platforms dictated by the company, 68% use BlackBerrys. If IT were still running the show, Research In Motion's market share numbers would be a lot healthier, its recent network outages notwithstanding. That's because consumer devices scare the heck out of many IT pros, who assume they aren't "enterprise-ready." For example, we asked in our survey whether each platform provides effective authentication, encryption, and management controls. BlackBerry, cited by 74%, is the undisputed poster child for "enterprise class."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.