In all the hubbub around mobile users increasingly making their own choices of operating systems and hardware, something has been lost sight of – it doesn’t really matter if you bring your own device (BYOD), a more pressing matter for businesses should be ‘where is our data accessed?‘ (WODA).
This issue extends beyond the choice of the mobile endpoint as increasingly ‘mobile’ doesn’t simply mean a single mobile touchscreen tablet alternative to a fixed desktop PC, but multiple points or modes of access with users flitting between them to use whichever is most appropriate (or to hand) at any moment in time. What has become mobile is the point of access to the business process, not just the hardware.
This multiplicity of points of mobile access – some corporate owned, some not – means that when IT services are required on the move they are often best delivered ‘as a service’ from the network, so it is no wonder that the growth in acceptance of cloud seems to have symbiotically mirrored the growth of mobile.
Both pose a similar challenge to the embattled IT manager. A significant element of control has been taken away – essentially the steady operating platform ‘rug’ has been pulled from under their feet.
So how do they retain some balance and control?
The first thing is to accept that things have changed. BYOD is more than a short-lived fad; most people have embraced their inner nerd and now have an opinion about what technology they like to use, and what they don’t like. They buy it and use it as a fundamental part of their personal life from making social connections to paying utility bills. Most people are more productive if comfortable with familiar technology, so why force them to use something else?
However, enterprise data needs to be under enterprise control. Concerns about data are generally much higher than those surrounding applications and the devices themselves. This is a sensible, if accidental, prioritisation of how to deal with BYOD – first focus on corporate data. Unfortunately, few organisations have either a full document classification system or an approach to store mobile data in encrypted containers separated from the rest of the data and apps that will reside on BYO devices.
These are both worthy, if rarely reached at present, goals, but at least the first steps have been taken in recognising the problem. Organisations now need to understand their data a little better, and apply measured control of valuable data in the BYOD world – which doesn‘t look like diminishing any time soon.
In the core infrastructure, things have changed significantly too. Service provision has evolved from the convergence (or one could say, collision) of the IT industry with telecoms to deliver services on demand. IT might have been fragile with interoperability and resilience standards, but some of the positive side of telecoms has spilled over. And eventually telecoms are starting to understand the power of supporting a portfolio of applications and that there is more to communications than voice. Cloud, or the delivery of elements of IT-as-a-service, is the active offspring of the coupling of IT and telecoms.
For businesses, struggling to do more IT with smaller budgets and fewer resources, the incremental outsourcing of some IT demands into the cloud makes sense.
However, cloud is still exhibiting some traits of the rebellious teenager. While there are some regions in Europe that appear more resistant to cloud (notably, Italy, Spain and to a lesser extent France), overall acceptance is positive, although this is across a mix of hybrid, private and public cloud approaches. There are also significant concerns about the location of data centres and the location of registration or ownership of cloud storage companies.
These are understandable in the light of recent revelations, but to enforce heavy security on all data ‘just in case’ would be excessive and counterproductive. Thankfully, most companies seem to realise this, and there is a pragmatic mix of opinions as to how to best store and secure data held in the cloud.
This needs to be an informed decision, however, and just as with mobile, all organisations need to be taking a more forensic approach to their digital assets. IT needs to work hand in hand with the business to identify those assets and data that are most precious, assess the vulnerability and apply appropriate controls, differentiated from other things that are neither valuable nor private as far as the organisation is concerned. The days of blanket approaches to data security are over.
For more information and recent research into cloud and mobile security, download this free Quocirca report, “Neither here nor there“.