The growing trend towards use of privately owned mobile devices such as iPhones, iPads, tablet PCs and laptops for business purposes is causing IT departments to lose control of the security and integrity of their systems. Instead of trying to stop the trend toward BYOD (“Bring Your Own Device”), IT pros should focus on securing the information itself.
In their latest Advisory Report, Martin Kuppinger and Tim Cole of the analyst group KuppingerCole argue that the BYOD trend is unstoppable. For one thing, top management will not allow IT departments to take away their bright new toys like iPhones and iPads, no matter how hotly the IT pros argue that allowing uncontrolled access to sensitive systems and business processes compromises overall IT security.
“People have been using private devices professionally for years, ever since laptops started to replace corporate desktops”, says Martin Kuppinger, co-founder and Lead Analyst at KuppingerCole. As a rule, many enterprises neither sanction such devices, nor do they often even know which ones are currently used. But used they are, for everything from business emails to mobile access to corporate applications, he maintains. The alternative of blocking everything or massively limiting access to remote desktop connections is the IT equivalent of “mission impossible”.
IT should bow to the inevitable and officially allowing their people to carry privately owned devices around, Kuppinger believes. Instead they should focus on protecting sensitive information and making sure it isn't leaked. The main tools for achieving this, he says, involve authentication, encryption, and virtualization.
Context, Kuppinger believes, is king in today's Information Security world, and there are more and more solutions available for controlling and monitoring that context during the process of authentication and authorization.
There is a bright side, too, Kuppinger maintains, since adopting a good BYOD strategy usually frees IT from having to invest in costly stand-alone point solutions for device security that usually turn out to be dead-end streets, anyway.
“Keeping information secure, no matter where or how users choose to gain access, is the true answer to the BYOD dilemma”, he says.