Protecting Corporate Assets: How Can CIOs Take Control of BYOD?

Enterprise

iStock_000000240245_LargeEmployee satisfaction has always played an important role in the IT department’s mandate to enable a productive, growing business and protect corporate assets. But the business equilibrium of productive users and secure assets got disrupted with the mobile-driven consumerization of IT.

The scale tipped drastically in favor of end-user satisfaction when personal preferences for mobile devices, brands, apps, and consumer product experiences came into play. Making end users happy by allowing non-enterprise technologies into the organization is, on the surface, both easy and fast, but keeping them happy while managing risks and ensuring productivity is a whole different ball game.

In the process of enabling those smartphones to meet enterprise security standards, the end-user experience is almost always affected. And with organizations measuring CIOs on end-user satisfaction, it is no surprise that CIOs are bending backwards to delight their users. This may go as far as making eyebrow-raising tradeoffs between corporate security and end-user convenience.

The IT organization of a large Euro-Asian bank recently asked me: “Is there a way to support a mobile fleet that is one part BYOD, one part business-owned with personally-enabled use, and one part fully-controlled? What if a user downloads an app with custom spyware to eavesdrop on phone or data communication? Is there a work container that is not sluggish and battery-draining, and has a look and feel no different from the personal smartphone?” Just like many other companies, they were reacting to the environment around them.

Many miles away, a Chief Information Security Officer (CISO) of a health ministry posed two similar issues to me: “When we wipe the device, the end users lose their personal content and this is a big problem for us. Can a secure MDM container fully separate work and personal mailbox?” Also, “Can we enforce a simple or no password for the smartphone and still have a strong but password-less authentication for the work container? Calls received for password resets are too much for our Help Desk, and the doctors and nurses are so unhappy they can’t even use their personal stuff on the device until we reset it.”

EMM is a Better Approach

Both of these customers used well-known MDM products on iOS and Android smartphones and tablets, but were confined by limitations and inflexibilities that came along.

The good news is that such productivity or security-degrading tradeoffs can be completely avoided by approaching mobility as a strategic IT investment.

Consumerization and BYOD trends have brought a thick layer of fog to Corporate Security Officers as well. And this is happening right when we have a steady influx of emerging cyber threats that pose real risk to business. CISOs are aware that business shareholders will not stand for impaired productivity nor high risk of financial or reputation damage due to unmanaged security risks, yet their voice may not be heard at the board level. You might be surprised to hear that many corporate boards are unaware of how mobility choices made lower in the organization affect the corporate risk posture.

There are three key organizational forces that drive short, mid, and long-term requirements in enterprise mobility, as depicted below.

ENT FORCES 3

By working directly with CIOs and CISOs of government and enterprise organizations around the globe, I have learned that in order to succeed, the Enterprise Mobility Management (EMM) product must consistently deliver the following benefits across every device OS:

  • A work container with a native look and feel, fast and fluid transitions between personal and work profiles, good battery life, transparent security, and built-in privacy, which results in happy end-users.
  • Productive business use, with integrated enterprise apps, collaboration and productivity tools, back-end integration, and rapid deployment of natively developed apps. Also, predictable Total Cost of Ownership, choice of smartphone platforms, with flexibility to simultaneously support COBO, COPE, and BYOD management modes, with choice of on-premise and cloud service models.

This laundry list is what differentiates a strategic EMM solution from a sea of tactical MDM solutions. The CIO’s mandate is to find the mobile solution that will optimize productivity, usability and security as a balanced system for long-term business health.

Containers by MDM: Kludgy and Insecure

How did we get here? MDM products with basic smartphone controls had promised to keep the consumer handset “managed.” But since they could not segregate work and personal data, they affected the user’s privacy and offered no protection against work data leaks (many companies still employ such basic management systems, a questionable strategy which should raise some eyebrows as well). MDMs with sandboxing containers brought a higher level of security, but at a high cost to usability and with added complexity for app development. While IT and Security officers might be pleased with a sandboxing approach, all the end-users I’ve spoken to across multiple industries in North America, Europe, and Australia have been equally unimpressed.

Eventually, lighter MDM containers with app wrapping technology brought more promise to segregate work and personal data in a less intrusive way. Yet many of those products still fail to deliver an effortless and transparent end-user experience coupled with strong security at a reasonable cost.

When end-users find a tool even slightly inconvenient, they not only complain, but more dangerously, look for other ways to get things done. This typically means using personal apps, personal chat, text and email. Paradoxically, a poorly-implemented container solution designed to protect work data may actually increase the risk to the company. Even worse, in such scenarios the CIO may be tempted to go without a secure MDM container, elevating the risk in exchange for happy users.

Why is it so hard to deliver a solution that makes everyone happy? Usability and security require skillful implementation to maintain the balance, ideally by building the work and personal perimeters  as close to the handheld OS as possible. The user experience is optimized when security, productivity and user interface are all designed together in the product development lifecycle, instead of security being bolted on to whatever is there. Lacking the skill to deliver usable security, and without control of the OS, most enterprise MDM vendors are challenged to deliver the level of usability and security that the organization needs.

Delighting the end-users is a joint mission between the mobile vendors and the IT management, as is ensuring the productivity and security of corporate data. The products that deliver the most value in these core requirements will minimize the need for painful trade-offs between them. It is all about an optimal balance at the end of the day.

In a changing enterprise landscape, this balance is anything but easy to achieve. Based on research compiled from fortune 500 companies mobility analysts, and security experts, The CIO’s Guide To EMM tells you everything you need to know about securing your mobile fleet, and preparing your enterprise for the future. 

About Sinisha Patkovic

VP Security Advisory. I lead a global team with the remit that the BlackBerry security product offering remains relevant to both commercial and public sector organizations’ evolving set of needs. I have been working on secure communications projects with many Federal Governments and I have been actively engaged in the dialog on emerging issues spanning cyber-security, e-commerce, and privacy.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus