Monday, May 09, 2011

BYOD Security Paranoia or Necessity

Not too long ago, IT departments faced the challenge of integrating a new consumer device into the corporate infrastructure; this was the iPad which took the fancy of every CXO and techno-affiliate with its cool factor. It did not matter that the tablet was another appendage to do everything that the earlier devices did well enough while ensuring that the information assets of the company stayed protected from nefarious elements. Said the tablet toting executive “I want it; security is for you to go figure”.

The starting point though was the iPhone, which was contained to some extent; the tablet was something different, a wave that swept away all opposition. Developers mushroomed all over creating applications to do everything that mattered and some that did not; IT had no clue what kind of vulnerabilities these created or introduced on the device. Faith in mankind was one of the strategies promoted by many to allow the devices to connect.

In another part of the world, employees went up in arms against the corporate issue compute devices, laptops, desktops, citing their home computers superiority over the standardized and locked devices. Thus the trend started that is now gaining momentum of BYOD, or Bring Your Own Device. It frees up financial resources, support too if the employee fends for herself, no hassles of managing refresh. But what about information on the device ? Confidentiality or sensitivity of information especially when the employee leaves ?

Now extend the same to the mobile, which is lot more like a consumable and gets changed on an average every year, in some cases earlier too. With the space evolving and a multi-polar world of IOS, Android, Symbian, Blackberry and Windows, that too with many versions, the challenges are unique and getting out of hand. In a world where every corporate employee expects all kinds of information on their fingertips (read mobile device), the security framework looks worse than a coarse sieve.

Mobile device security is an evolving subject; vulnerabilities on the mobile are being discovered every day and they are attaining critical proportions with multiple applications vying for attention. In a 24X7 world, the definition of acceptable risk has changed. CIOs are expected to create visibility of the potential compromises and keep the critical information assets secure at all times. The change in the security stance thus creates new challenges and opportunities requiring higher agility to respond. Abstraction of applications and information layers from the device is one of the strategies that helps and many frameworks are emerging in this space. Keep abreast of these developments and experiment before business forces change.

In another couple of years the expectation is that the dependence on the big computer (including laptops) will reduce dramatically; the CXO will carry a few devices (personal, corporate, function specific devices) and all will require management and access to corporate information assets. Start preparing now !

No comments:

Post a Comment