Smartphones have changed the entire notion of the way we work. Employees work at any hour of the day or night, using their mobile devices for email and calendaring, but also to access corporate Intranets, applications and collaboration tools. The mobility revolution – now being cemented with the rise of the tablet – has dramatically increased employee productivity. It has also caused a massive headache for corporate IT departments.
Agile businesses are grappling with how to securely allow employees, partners and suppliers to access Intranets, Web-enabled enterprise applications, document sharing, corporate instant messaging services, collaboration tools and in-house-developed applications. Not only do corporate IT departments have to find ways to integrate and manage access to a plethora of applications, they must also cope with a rapidly expanding array of employee mobile devices. Employees now have iPhones, Android phones, BlackBerrys, iPads, Android and Windows tablets, and other mobile devices purchased for personal use, which they want to use for corporate applications and data access.
Mobile devices have evolved into supremely functional and highly portable mobile computers with the ability to connect to corporate networks and applications, but they are also inherently more personal and deeply integrated into users' daily lives than traditional business desktop or laptop computers. This holds true even if the device itself was provided by the company. The huge leap in mobile technology represents an opportunity for smart businesses to rapidly accelerate the pace of business, increase customer responsiveness and positively impact both top and bottom line results – but it also represents significant security and IT management challenges.
How can IT departments support a disparate array of mobile devices, not diminish the "personal" experience that makes them so valuable to end users, and do so without risking critical data loss or compliance issues?
Before we address how to implement an enterprise mobility strategy to protect critical data and ensure compliance, it's important to point out that many security and compliance breaches are either inadvertent or based on efforts to be more productive – but can be serious nonetheless. Employees frequently forward email and documents to personal webmail accounts, unknowingly undermining IT security and compliance policies. Or they download and install collaboration or other productivity apps that copy documents to Web-based repositories. And, of course, there's always the risk of leaving an iPhone on a bus or having a tablet stolen. In some cases, such "insider" breaches might be fairly characterized as either malicious or negligent. More often, however, they are simply the result of ultimately well-intentioned behavior that nevertheless exposes the company to data loss and compliance issues.
The first step toward managing enterprise data security in an increasingly bring-your-own-device (BYOD) world is to understand that you may already have 10's, 100's or even 1,000's of BYOD mobile users. This is especially true for companies that allow web-based access to email (e.g., through Outlook Web Access or Lotus iNotes), or allow users to install downloadable applications on their desktop PCs or laptops. The now ubiquitous mobile browser inherently enables BYOD access to corporate webmail or other similar apps. The same is true for downloadable productivity apps like Dropbox, which enable users to sync documents from their desktop or laptop to cloud-based repositories and from there to their mobile devices.
The second step is to ask whether or not you have clearly defined BYOD objectives and policies in place, or at least under development. If you don't, then you should start there. If you don't define your BYOD objectives and supporting policies and processes, your end users will do it for you – but not with your company's security, data loss prevention and compliance requirements in mind.
Once you've defined your overall BYOD objectives, policies and supporting processes, you can start to think about the specific mobile security and management tools you'll need. Whichever tools you choose, they must enable you to:
• Respect enterprise data integrity without diminishing employee privacy or personal productivity. Today's mobile devices are deeply personal – especially when purchased by employees with their own money and filled with their own personal apps, information and data. And even for company-owned devices, you won't find too many cases where an executive or highly productive salesperson has a company-owned iPhone or iPad, but IT has disabled access to Safari, the App Store and all personal apps and data. To maintain the delicate balance between the personal experience users now demand and the security and compliance companies require, your mobile security and management solution should "containerize" enterprise data. This leaves employees' private information untouched and enforces security policies and compliance at the individual application level.
• Maintain consistent, centralized control. The rate at which companies and end users create and consume data and information is growing exponentially, making it ever more challenging for enterprises to maintain centralized control of their data. Enforcing consistent security policies across all enterprise content in environments with different devices, security approaches and operating systems has become even more difficult in the BYOD era. Every company today needs a centralized management platform that allows administrators to control data access and prevent data loss at both the application and device level.
• Get global visibility to prevent rogue device network access. The scope and number of mobile devices employees use today means they can be replicated by malicious agents, and rogue devices could potentially access the corporate network. Because these smartphones or tablets aren't authorized, they may or may not be following corporate security policies. Without visibility into all the devices on the network, IT simply can't ensure the integrity of corporate data.
Today's organizations across all industries – financial services, government, healthcare, legal and professional services, retail, manufacturing and more – face unprecedented mobile data management challenges. But the upside of proactively embracing and managing employee-owned mobile devices can be huge: increased employee productivity, enhanced responsiveness to customers and opportunities, and even reduced costs. Companies like Sanofi-Aventis, Union Bank and DARPA have all supported popular consumer devices while ensuring enterprise-class security to successfully manage their mobile data challenges.
Organizations that implement a comprehensive mobility management and security platform that enables employees to engage in real-time collaboration and access enterprise apps, while at the same time assuring corporate data security through end-to-end encryption, are well on their way to reaping the cost-reduction and productivity benefits of the BYOD world.
John Herrema is senior vice president of Corporate Strategy at Good Technology.