BYOD is on the minds of CIOs and security is a top concern that comes with it, but most companies are not keeping up with the threats. In this brief look, three IT leaders comment about the state of mobile security. For more thoughts on mobility in 2013 from these and other CIOs, please see the CIO Q&A on page 22.
Dominic Nessi, CIO of Los Angeles World Airports, points out, “Simply keeping your corporate infrastructure safe and secure with potentially thousands of non-uniform devices connected to it is a very significant challenge. It appears that the dark side of the computing world is rapidly entering into the new frontier of mobile operating systems and the proliferation of mobile apps. Frankly, few corporate cyber-security shops can keep up with the emerging threats emanating from the mobile world.”
He says that when you couple BYOD with the proliferation of security threats, you have a “perfect storm” of security issues — a multitude of non-standard privately owned devices, each with potentially different security holes operating with very few rules. “In a world where fighting for cyber-security funding is already a challenge, having to implement multiple protection approaches can bust a chief information security officer’s budget very quickly,” he says.
According to Pat Smith, VP and CIO of Our Kids of Miami-Dade/Monroe, “Leaving mobility out of the overall integrated security strategy opens your network to breaches, data loss, intellectual property theft and regulatory compliance issues. We have purchased an MDM system and created a BYOD policy that states that IT has the right to completely wipe all apps and data on the mobile device in the case of loss or theft of the device. IT can also selectively wipe and prevent certain applications from being installed. Not all users are comfortable with that option and have chosen instead to carry two devices — one corporate and one personal and completely private. While I am not sure how private any mobile apps are today, at least they are perceived to be private when it comes to their employer.”
Justin Kershaw, SVP/CIO of Eaton’s industrial sector says, “There will be some good progress made on real security concerns of large complicated enterprises like ours, but not enough to open the door all the way on significantly more aggressive migrations to mobile solutions for the enterprise. The migration of solutions both existing and new will continue at a gated pace with security being the major gatekeeper in the minds of IT leadership.”