It's an incredibly exciting time to be in IT. And that's part of the problem.
I dropped by my local Verizon store the other day to check out the Apple iPad 2, as I had seen it only from a distance. Hey, it's hard to get your hands on one right now. I spent a few minutes experimenting with the Droid 3.0-based Motorola Xoom, and look, there's a Samsung Galaxy Tab, too. The store was full of enthusiastic consumers salivating over these and other marvels, including the HTC Thunderbolt, iPhone 4, BlackBerry Bold, Droid 2 Global, and HP Palm devices, to name just a few.
As one customer fondled the iPad, I heard him say to his wife, "I don't know why we even need a desktop anymore." Later, the gentleman told the salesman he wanted to use a tablet to do construction estimates at customer sites, and print the quotes then and there.
Point is, the energy in the store was simply amazing, and I'm not talking about the RF waves that were shooting through all of us. Never before in my two short decades in technology has there been more flux, uncertainty, and experimentation. The tablet wars make the cola wars look tame, with big money at stake for the winners (and yes, there will be more than one). The business possibilities for these myriad and varied platforms are exciting, especially for small companies looking to increase productivity and deliver customer service on par with larger competitors.
But are you sacrificing data security in the process? I work with many companies whose employees are bringing their devices to work and asking to connect them directly to the company network via Wi-Fi or VPN, or to have them configured for email access. Yes, it's a nice budgetary upside that employees are using their own hardware and data plans for work, but before saying yes, consider all possible downsides -- particularly if your business is a custodian of sensitive customer data. And really, whose isn't nowadays?
Think about the risks (a device carrying R&D info may be lost, or someone could download your customer list onto an iPhone and carry it home), then write down how you'll handle mobile data connectivity. Get the policy accepted by management. Incorporate it into your overall security plan.
Today's mobile device management (MDM) platforms let you control access to data; these suites can be hosted by your organization or within the cloud as software as a service. Decisions to be made include user-to-device authentication, hardware control, and permitted applications, but the ultimate goal is that if a device is lost or gets into the wrong hands, you can confidently state, whether to customers or an auditor, that you're not worried because of the technical controls you have in place.
We are indeed at the dawn of a new type of work environment, one that goes beyond simple email and Web browsing to include specialized application access and virtualized desktop connectivity, regardless of employee location. The vendors and platforms will continue to play leapfrog. This innovation is good, as long as you spend the time to separate marketing hype from reality and have a plan to secure the information that may live on these devices.
Grant Moerschel is co-founder of WaveGard, a vendor-neutral technology consulting firm. Come meet him at our "InformationWeek Analytics Live session at Interop Las Vegas on Thursday, May 12.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.