BYOD: The New IT Management Headache
September 26, 2012
First in a four-part series. Learn more in part two, "Outage Blackballs BlackBerry, Guides Arrow to BYOD Strategy."
IT departments once had significant control over computing resources, but no more. During lunch, employees travel to the local store, examine half a dozen tablets, select one, return to work and start using the device to access corporate data. As a result, businesses face a dilemma: They want to support workers' desire for the latest and greatest devices, but they also need to protect corporate information.
- Bring Salesforce.com Alive with Your Key Business Processes: Register Now
- Inside Threats: Is Your Company at Risk?
- DDoS Mitigation - Best Practices for a Rapidly Changing Threat Landscape
- Bad Data is Costing You Millions of Dollars
"In the current BYOD [bring-your-own-device] era, the single biggest challenge that enterprises face is protecting critical corporate data," says Jack E. Gold, principal analyst at J. Gold Associates, an IT consulting firm.
The challenge is vast and expanding. White-collar workers are bringing personal smartphones and tablets into the workplace in unprecedented numbers. At the end of 2011, more than 468 million smartphones (a 57% increase from 2010) were sold, according to Gartner. The market research firm also expects that worldwide tablet sales reached 63.6 million units, a whopping 261.4% increase from 2010 numbers. "More businesses are allowing employees to pick their own handheld devices and use them for both business and personal reasons," says Phillip Redman, a research VP at Gartner.
Once staff members turn on their smartphones or tablets, they start using them like PCs. They access business applications, store company data on thumb drives, and copy and paste information from corporate databases--and they do so in a cavalier fashion. "Employees usually are not very concerned about securing company data; instead, they complain when the corporation puts safeguards in place that interfere with how they work," Gold explains.
This attitude can cause several problems. The handheld devices often don't have security software. Consequently, employees can dial into bogus sites, download malware and spread it to other systems on the enterprise network. Also, hackers can break into the handheld systems and gain access to sensitive information, such as company billing data, Social Security numbers, customer credit card numbers and pricing information.
Because these devices are so portable, workers often carry them everywhere, and sometimes they lose them. In fact, airports often now have more lost smartphones and tablets than bags. If a user has not protected the company information with security checks, such as encryption software, all a crook has to do is turn the device on, sift through the confidential information and have himself a party.
So enterprises have been on the lookout for tools to help manage the handheld devices and lower their potential exposure. A number of vendors have emerged to fill the void, including 3LM, BoxTone, Enterproid, Good Technologies, LANDesk Software, MobileIron, Numara Software, Research in Motion, Sybase, Symantec, Tangoe, VMware and Zenprise. Their products come in various configurations and are priced in different ways. Cloud subscription services, often costing $5 to $25 per user per month, are becoming a popular option.
These suppliers have taken a few approaches in addressing handheld data security. Some products segregate personal and corporate data by creating a buffered "data lock box" with a different user interface on the handheld device. In other cases, they sequester the company data but offer users a consistent interface between their personal and corporate information. In some instances, the management solutions enable companies to establish policies for the manipulation of corporate data. For instance, users may not be allowed to copy and paste information from a database into a personal mail system such as Gmail.
In addition to enabling executives to sleep better at night, the new tools benefit users. To lessen the impact of lost devices, vendors have developed wipe capabilities: Once a phone or tablet is reported missing, a software command erases all of the information on the system. With these new tools, a company can wipe out its data for any reason (such as when a device is lost or a user leaves the company) but leave the end user content intact.
Because of the various features, sales of these products have begun to flower. "Gradually, companies are becoming more aware of the problems that personal smartphone and tablets create and taking steps to address them," says Gold.
Paul Korzeniowski is a freelance writer who specializes in data storage issues. He is based in Sudbury, Mass. and can be reached at firstname.lastname@example.org.