Exploits & Vulnerabilities
Consumerization U. Day 5: The right approach for BYOD
What is the right approach to try to leverage the business value that exists in consumerization, without exposing the company to risks in terms of security and in financial exposure? (Video series: Trend Micro session at Mobile World Congress 2012.)
Video series based on Trend Micro session* at the Mobile World Congress 2012.
PREVIOUS: Day 4 - Mobile security matters
[...] What is the recommendation? What is the right approach eventually to try to leverage the business value that in fact exists in consumerization, without really exposing the company to all the risks in terms of security and in financial exposure?
Our recommendation is to take a three‑step approach to consumerization.
The first step is really to take a strategic approach, which means involve every other constituent in the organization. Don't consider this an IT exercise. IT cannot do this in a vacuum. There are so many other entities within the organization that need to be involved when the model changes so radically. Legal. There are so many privacy aspects involved in opening up to consumer technology your network. There is HR involved for sure. Of course you have finance, because the cost structure changes a lot. So, the first recommendation, the first step is to make sure you have a proactive approach to consumer technology in the enterprise. Don't wait after the fact, when you realize that tablets are already in your organization and then you are in a very difficult position where you just need to secure something that you weren't really involved in the beginning with.
The second step is probably the core message, if you want, from this presentation, which is you cannot say no. It's futile. Consumerization cannot be stopped. We just saw the numbers. Move on. Start saying yes, but not to everything for everyone, which means not all technologies, especially in the consumer space, are appropriate for all of your internal users, your employees.
The recommendation is to map all the technologies that are available out there today, and these are not just mobile technologies. There are a lot of social networking applications, Twitter, Facebook, you name it. All of these technologies coming from the consumer space end up somehow in work‑related activity into the enterprise.
My recommendation is for you to map all of this technology with all of your internal groups. You can cut out your internal base, based on roles, based on location, based on work activity. Then, for each technology you will have a clear SLA, Service Level Agreement, with your own base.
Just to give you a couple of examples, maybe for executives, that specific group where probably security is more of a concern, you would allow only some mobile platforms. You, as an IT manager would provide these platforms and maintain them and go through the full product cycle.
At the same time, you will not say no to them if they want to get some other mobile platform that you feel less comfortable with, in terms of security. But in that case, you can probably allow only a limited access to the network, maybe just access to email. And maybe you would prevent attachments to end up in the device.
The third step is to realize that the traditional IT infrastructure that you have in place, to manage and secure the traditional devices, the traditional endpoints, is not going to work in this situation. You really need to look out for new solutions and for new technology that is specifically designed to secure and manage consumer technology when it gets into the enterprise.
NEXT: The Consumerization University - Day 6: The Mobile Security Panel
* Mobile Security Forum: "Consumer Mobile Technology in the Enterprise: A Leap of Faith?"
An increasing number of companies are opening corporate networks and data to consumer mobile devices, as employees demand to bring their own smartphones and tablets to work. However, consumer mobile technology is generally not as secure and manageable as required by the enterprise. And too many companies make the mistake of trying to stop the influx of consumer IT. What new mobile platforms will your organization contend with? What built-in security models do they provide? What vulnerabilities are they exposed to? How rigorous is the scrutiny of the official application markets? Is the corporate data stored in these devices safe? In this series, leading mobile security experts answer these questions and, more importantly, reveal solutions and best practices for your company to safely embrace consumer mobile technology in the enterprise.