I’m back from a few weeks in China where, unfortunately, it seems that this blog and many others are blocked. One of the hot topics there, and everywhere for that matter, is the subject of how to secure mobile devices — especially those that employees buy on their own and then expect to connect into the enterprise.
It’s a reasonable expectation, after all, as the line between work life and personal life continue to blur and the need to have instant access to corporate as well as personal email, calendar and contacts increases. If I need to travel over the weekend to be in Beijing by Monday then I also need to make sure that I don’t have a personal commitment with my family for some important event during that same interval. Having a single, portable device to let me juggle the demands of both the personal and professional realms makes the job a lot easier.
Not only is this a benefit for the employee but also for the business. According to one study this BYOD (Bring Your Own Device) trend resulting in an additional 20 hours of work per week as summarized below:
“Employees have become even more tethered to technology in their daily lives and report they work as many as 20 additional hours a week online due to their flexible schedules. One-third of mobile workers said they never fully disconnect from technology, even during family and personal time. In some ways BYOD is enabling and supporting employees, allowing them to work more hours – and these hours help the bottom line of their companies.”
But with this added flexibility come some really tough security issues that must be navigated. My colleague, Dave Merrill, has written a nice summary of some of the key differences that the mobile arena brings to the table, which I recommend taking a look at. Here’s a link to the posting on the IBM Institute for Advanced Security web site:
BYOD or “Bring Your Own Device” is like a runaway train barreling down the tracks. If you’re the IT Dept you can either jump on board where at least you have a chance to determine which track it rides on or stand in front of the train, hands outstretched yelling “stop!” As you might guess, in that latter scenario, the train always wins.
But that doesn’t mean you just give up and let anyone bring any device they want into the corporate network where sensitive data is kept. The threat these handy gizmos pose is real but so is their value to the organization so you have to recognize both aspects and do what you can to mitigate the risks.
One of those risks is that the phone could be riding around New York City in the back of a cab even though the device’s owner no longer is. According to this article article in USA Today, Americans lost $30 billion (with a “b”!) worth of cell phones last year alone…
With the proper precautions, though, you actually can embrace the trend that has resulted in the proliferation of this ubiquitous computing capability. Here’s a good story from InfoWorld on how IBM is doing it …
There are no risk free options here but learning to say “how” rather than “no” at least ensures that you remain part of the conversation.