Probably everyone knows the saying “…like lemmings”: in the figurative sense this means that people often just go along with the broad masses and seem to not really think about why they are followers. Humans are creatures of habit at times and don’t question well-tried things, even when times are changing.
Similar experiences to the scenario described above can be observed in the IT sector: new trends seem to transform into insurmountable hurdles (just take a quick look at the excessive discussion concerning BYOD), as they are in conflict with old concepts. The greatest wish of many people: Things should just stay exactly the way they are. Old concepts should prevail because they have stood the test of time. In the following you will find some of these concepts:
- Devices should be controlled and commanded centrally by the IT, allowing for complete IT administrator control over the device.
- Implementation of clear security rules and guidelines
- In the best-case scenario, the user has near to no freedom (e.g., to install programs, to have admin. rights, etc.) and just a small number of options to choose from.
These opinions are based on the belief that only the devices the IT administrator can physically control (meaning administering and configuring) can be truly secure. Modern solutions, however, have long made this unnecessary.
In the case of BYOD and mobile work stations, the desire for control becomes increasingly difficult to fulfill. Where should the road lead? Which options would you like to choose? A great number of people think of “Mobile Device Management“(MDM) as the universal solution. But is this a practical and reasonable option? Maybe it is the fear of something going wrong if we do something different than everybody else that holds us back? Yet one must keep in mind that only those who take a different path, who act and think innovatively, can increase their level of success.
Mobile Device Management
One could think that CIOs are so enthusiastic about MDM solutions because old concepts can be held onto, at least in part. MDM solutions allow for the management of mobile devices and are therefore similar to the traditional ways. Core functions in MDM solutions can be
- Uploading software updates centrally and wirelessly (update over the air)
- Saving and recovering data on the device (Backup & Restore)
- Remotely locking a stolen or lost device and deleting the files (Remote Lock & Wipe)
- Grant differentiated rights to individual users – from an Internet connection to program installation (Policy & Provisioning)
- Jailbreak/Rooting detection (iOS/Android)
- Linking to an existent Open LDAP or Active Directory
Sounds reasonable so far, but: as easy as it seems, the whole story is not that simple. As regards BYOD, an MDM solution or the CIO can quickly reach the limit. Unfortunately, employees and even their bosses just don’t want to stay away from BYOD any longer, according to the results of a study by Matrix42. And the whole BYOD-story could turn out even worse. Especially Generation Y insists on their right to use their private smartphones in the companies they work for. If BYOD is forbidden at the company, many employees will not care about this unwritten law – they will simply ignore it. Even on the legal side, CIOs seem to walk on thin ice when it comes to BYOD, because it is hardly compatible with (German) law (data protection, privacy etc.). So what is to be done? Maybe mobile device management is not even needed, if CIOs would come to friendly terms with new behavior patterns and principles.
What’s next? What ultimately counts is the security of company data
Basically, CIOs are just concerned about their sensitive company data – first and foremost, their protection from illegal usage or outside attacks. Shouldn’t we – in light of the rapidly rising number of devices and mobile workstations – think again, whether it makes more sense to protect the data itself? If the data is stored centrally in the company, a solution can be employed that encrypts data, guarantees a secure authentication of the users and defines – with the help of roles and rights distribution – which user can access which data. Therefore, it doesn’t matter if the employee wants to access the data from the outside or from within the LAN – even the question of which device he uses is irrelevant. Modern solutions offer even more benefits: nothing has to be installed directly on the device; the user only needs to download an app. This means that the IT administrator doesn’t need physical access to the device (no matter whether private or not), and still not put the security of the data at risk. Additionally, modern solutions never store data directly on the end device, meaning that there can be no unwanted data exposure if the employee loses the device or it gets stolen – remote wipe/lock is thus a thing of the past. The finder of the device will not get their hands on any sensitive company data.
We believe this approach, along the lines of “data protection” instead of “device protection,” is much more effective in times of “BYOD” and “work anywhere” and is easy on the nerves – of IT administrators as well as users. Correctly implemented, the IT administrator is not sacrificing any security. On the contrary: thanks to the possibility of central data storage - without any data being saved on the end device - many security risks that can only be minimized through a laborious process no longer exist.
Please note that the linked articles are only available in German language.
You must be registered in order to write comments. To register as a new user click here.
If you're already registered, please leave a comment here