CIO just published an article about what it calls “weak” BYOD security. Yet the weakness isn’t technological. It’s human.
It’s easy to blame mobile users, of course. When they treat their smartphones and tablets as totally personal, even when they use them for business. They forget about “the basics,” such as setting a passcode to access their device. Without that, anyone who finds the device (or steals it) can look at what’s on it and use or take whatever they want.
IT’s just as much to blame when it doesn’t clarify the rul
es for enterprise mobility… or provide sufficient enterprise-to-mobile access to discourage bad behavior. This was a lesson that IBM learned in the spring when, without the access they wanted, mobile users uploaded sensitive files to insecure cloud-based storage services — services that, as the Romney campaign discovered, can be easily hacked.
The CIO article cites numerous other lapses, but it all added up to that famous movie line: What we have here is failure to communicate. And that’s what it is. Not BYOD security, per se, but BYOD user error and IT lassitude.
If security in a BYOD environment were unachievable, enterprise mobility would be DOA. But there are multiple vendors offering mobile device and application management tools. MDM can track devices and what’s on them and remove data remotely when devices and their owners part company (or the owners and the company part company). MAM can provision apps to the right people and keep everything up to date. But there’s another option.
When mobile access provides a direct connection to enterprise applications and data, replaces the development of mobile apps with simple enterprise-to-mobile configurations, adapts the permission-based security provided through active directory and LDAP protocols already in use, and runs the configs through a single, universal, device-side client app, it’s possible to cut off access by deleting a user’s permission. And, since there are no apps on the device (and the connections can be set to prevent data from remaining on a device when a user logs off), a thief would have no access to sensitive information, either on the device or through it.
Those are all capabilities that Webalo provides. They’re capabilities that overcome end-users’ negligence and ITs’ lack of follow-through on educating mobile employees. That makes security slightly less of a concern, and that, in turn, makes BYOD less of a liability and much more of an asset.
The post BYOD Security: a People Problem First appeared first on Webalo - Blog.