iPhones, Droids, iPads, and other mobile platforms are invading corporations worldwide. It didn’t happen overnight, but these devices have slowly crept into the workplace and are now poised to take over. According to Apple's CEO, at least 65% of Fortune 100 firms were already deploying or piloting the iPad, and many analyst firms are predicting an explosion of tablet devices in the enterprise in 2011.
The consumerization of IT is all about productivity. In many cases, employers see the benefits of these consumer devices in the work place, but are still highly concerned about protecting confidential corporate data. Those who aren’t should be.
According to The 451 Group report, “Mobile Device Management in the Cloud,” November 2010, consumerization is already here. A November 2010 survey showed more than 75% of companies allow employee-owned devices.
But giving employees unfettered access to valuable company data on whatever device they happen to prefer is a risky proposition. The fact that these devices are mobile means that they’re also easily lost or stolen, which means that the data they contain is more vulnerable to theft or accidental loss.
Finally, because consumer devices are not adequately protected against malware, enabling access through these unsecured devices can open a gaping hole in a company’s otherwise secure network. These risks have led many organizations to firmly resist consumerization.
The result of the consumerization of IT trend is that the boundaries of a company’s information network are not as clearly defined as in the past. It used to be that a company’s information network ended at its firewall and its valuable data remained relatively secure within that network. But today, data is no longer contained within the walls of your business and the network ends with the user and the user’s device (mobile phone, laptop, and home computer). In this environment, security is far more complex than in the past.
How Can Businesses Prepare for the Consumerization of IT?
Organizations are beginning to understand that if they say yes to mobile devices, they can embrace a computing paradigm that makes their workforce more productive. But how can they provide IT governance over the device and maintain control over corporate data? How can they enforce access control policies, and securely mobilizing corporate applications – e-mail and beyond?
Many organizations are installing enterprise mobile device management (MDM) software to handle provisioning, secure connectivity, remote control, and ongoing compliance. Mobile devices are connected to the security infrastructure and data center through integration with a centralized management console that connects to other security technology, as well as data center resources such as directories, Wi-Fi, VPN, and PKI.
A high priority for any enterprise mobility project is to enforce remote encryption and wiping of all information on mobile devices to protect data in case the device is lost or stolen. It’s important that information be encrypted both at rest and in motion. If a remote device falls into the wrong hands or a transmission is intercepted, encrypted information is unusable.
Businesses should deploy network firewall and network intrusion prevention systems (IPS) and configure them to control and monitor traffic to and from all devices, especially specific mobile apps. Many companies already require VPNs for secure connections to corporate networks; consumerization projects can control access from remote, employee-owned computers.
Many IT groups also use network access control (NAC) to ensure employee-owned devices have security tools installed or are otherwise compliant with IT standards prior to accessing the network. NAC can control guest devices and other unmanaged endpoints and ensures that they have limited ability to access resources or infect the network.
Companies should also consider virtualized desktops (VDI), where employees can access company applications and data on personal devices but the application infrastructure and data remain on corporate servers behind the firewall.
To manage this technology, companies should deploy integrated endpoint security with a centralized management console to ease the effort required by security administrators to manage all endpoints in the system.
If you follow these recommendations and deploy a comprehensive endpoint security solution, you’ll find it’s not only possible to support the consumerization of IT with adequate and effective security, but that doing so also yields some nice benefits for the company. Increased productivity is the obvious one. A less apparent benefit is the ability to reduce IT costs by allowing employees to use devices they’ve purchased themselves.
The greater mobility of the workforce and the ability of employees to work from home can also lighten other expenses, such as office costs. Over time these savings can be significant—and when combined with greater productivity, they can make your organization more nimble and competitive.
David Goldschlag is vice president, mobility, for McAfee.