Do you have a security policy governing data access via mobile devices? Unless things have improved considerably since we asked readers this question last summer, it's even odds you don't. The problem is, employees are using smartphones in their jobs, whether the security team is on board or not. In a July InformationWeek survey, 82% of smartphone owners said they use their devices to read business e-mail, 80% surfed corporate Web sites, and 61% accessed enterprise data.
And don't look to business managers to stifle this trend: 74% of users said they foot their own cellular bills, and 65% paid for the devices out of their own pockets. More productivity at little or no cost to the business. So what's not to like?
Plenty, actually. Mobilizing employees increases productivity, but the security risk is dramatically heightened without IT involvement. Yet just 31% of readers said corporate IT supports smartphones and PDAs. We understand the logic: When the enterprise doesn't own the devices, it can't regulate what users buy. Supporting a mishmash of systems is a nightmare. That's why for years we've advised readers to stay ahead of this trend. Those who didn't now find themselves in an untenable position. While the enterprise might not own the physical assets, it does own the data that end users are storing on them. As soon as corporate information lands on a smartphone, it becomes a business asset that needs to be secured.
CIOs have two options: Freeze out mobile devices by preventing installation of synchronization programs like ActiveSync, disallowing access to corporate servers from mobile devices, or lock down USB ports on corporate PCs. Of course, employees will waste time trying to circumvent these roadblocks. A better route is to put the correct mix of policies and technological enforcement in place to keep your data safe while realizing the benefits of mobility.
FIRST COMES THE POLICY
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
