Regulating The Dark(er) Side Of Consumerization - InformationWeek
03:14 PM
Elias Khnaser
Elias Khnaser
Connect Directly
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Regulating The Dark(er) Side Of Consumerization

Think an influx of shiny tablets is the main worry? Sorry to break it to you, but hardware is the least of our problems.

The consumerization of IT is forcing IT departments everywhere to rethink their policies, processes, and support procedures. But device diversity isn't all you need to worry about. Consider the applications that users now have free access to--and that allow them to circumvent all those policies and procedures you've so painstakingly put in place.

Take Dropbox, the bane of every BC/DR and content management admin. Sure, you could block Dropbox, but what happens when an end user walks down the street to her favorite mobile device store and picks up a wireless 3G card, which she can then plug into her laptop or desktop and use to gain access to the Internet uncensored? You see where this is going, right? Whac-A-Mole isn’t a long-term strategy.

I think this problem will eventually reach the point where IT will demand that a regulatory effort be launched. The goal would be to enforce criteria around how software-as-a-service (SaaS) applications are developed, ensuring that capabilities that will empower IT to protect the integrity and security of corporate data and access control are built in.

The big question, of course, is what body would have the power to enforce such regulations. The government is too inflexible and slow, not to mention the outcry that would result. A better route would be a standards body that has in its membership both SaaS vendors and enterprise security pros. That's one option; another possibility, likely more effective and faster on the uptake, would be for OS vendors to require certain criteria for applications that are going to run on their operating systems. But for that to happen, customers of those platforms would need to demand this change.

My bigger point is that, as technology companies stop marketing to IT departments and start marketing to your end users, smart shops will think differently and push the ecosystem to invent solutions for today's reality, instead of trying to make yesterday's tools fit a changed world.

One promising technology that we could base such new thinking on is location awareness. If SaaS applications are required (by the standards body we discussed earlier) to have functionality for location awareness, we can then develop tools to allow IT to enforce policies and procedures on the use of consumer services when devices are located within the organization. Think about it this way: If Joe is trying to move some files from the server to his Dropbox account, and location services track that he is in XYZ building, where IT has subscribed to the location service and specified a policy, then Dropbox would enforce your regulations based on location. When Joe goes home, he can do whatever he wants. At work, rules apply. And not to pick on Dropbox--Amazon Cloud Drive and Apple iCloud present similar challenges.

Take this approach and apply it to all applications, and we regain a reasonable level of control.

Right now, location awareness is completely optional, which means some software developers will build it within their applications, others will not. Similarly, some operating systems may have this framework, while others don't. But it's one way we could get a handle on the consumer applications that are threatening to unravel years of data management and security efforts. Would you get behind such an approach, or do you have a better plan? Let me know.

Elias Khnaser is the technology officer for integrator Sigma Solutions. Follow Elias on Twitter: @ekhnaser

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/13/2011 | 2:05:13 PM
re: Regulating The Dark(er) Side Of Consumerization
I would expect that given all of the various tablet and OS makers trying to carve into a slice of this market, one vendor would realize that consumers aren't the only target market (even if it's largest), and design a device aimed at enterprises with these built in controls, or yes virtualization.

Manufacturers have already gotten the users familiar with the form factor, touch UI, and model of deployment. Now if they provide devices able to be locked down systemically, not just per app, then there's a use for that in my business: provided for workers - to work with.

I'm not so interested in allowing a user to bring in his shiny toy. Use your toys outside of work during playtime. At my work, we use tools, and we buy what's needed for our employees. I'm more interested in a (rugged) tablet device that I can deploy at a design office/manufacturing environment that does not leave the facility. If it has location controls baked in, instead of freeing it if it leaves, I can automatically brick it until it returns (displaying "Please return this device to Company Name, Address" - reward optional).

Not that a market leader has to actually *lead*, but I'd be impressed if Apple produced an iPad Pro, intended for at-work productivity and mobility within a building, not necessarily mobility throughout the rest of a user's world. I'm not so concerned with completist fanbois complaining about a product not intended to suit their individual needs. That's why it'd be a separate product. I could see Lenovo (or used to consider HP) differentiating itself for business purposes this way before Apple would change its paradigm. The first OEM to accomplish this well will take a considerable lead in creating a new niche market.

I'm certain that the device I'm thinking of would have similar enterprise applications in executive offices, facility management, intra-office communication (mail room), quality control, inventory management, and even security or loss prevention. I can already imagine Pro apps designed to facilitate these common specialized tasks, such as a GPS-type or enhanced reality routing for the mail boy to make his rounds similar to UPS's truck-based GPS solution.

Next step: replace us all with robots. Just kidding.
User Rank: Apprentice
10/12/2011 | 1:35:17 PM
re: Regulating The Dark(er) Side Of Consumerization
Interesting thinking and yes this is becoming a big problem but the solution is not going to work. As whenever there are restrictions, especially technical ones then people will find a way around. I know I am one of those kinds of people.

Now add that you have Windows (at least three maybe five versions), OSX, iOS, Android, Linux, Blackberry, and a hodge podge of other OS's. Lets not forget the 100's of thousands of little app's. As I said I would bet the smart user will find a way around.

Going home, sure I can do what ever I want at my house. USB drives makes it easy to transfer and my auto backup makes a copy too.

I don't claim to know the answer but can tell you when you lock down people find a way around.

The virtual PC may be the answer at least for corporate data. And by-the-way it cuts PC support by about 80%, so now they can chase data security versus trying to fix PC's.
User Rank: Apprentice
10/11/2011 | 5:25:27 PM
re: Regulating The Dark(er) Side Of Consumerization
"When Joe goes home, he can do whatever he wants." Thus, the glaring hole in this otherwise reasonable approach. If I by-pass my VPN to get to the Internet then my laptop-based files can readily be moved anywhere.

A different approach? Migrate towards a virtual desktop environment. All data stays in the data center. In theory.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll