Security Think Tank: BYOD – a challenge and an opportunity

With the growth of BYOD, what security measures can IT take to ensure security of enterprise data – and does MDM have a role?

As we are looking to enable a diverse workforce to be productive from anywhere using any platform they deem the most suited for the task at hand, IT challenges pop up like mushrooms after the rain, writes Wim Remes.

Over the past decade we have built infrastructures and processes to control the versions of operating systems and applications our businesses rely on, as well as to address the challenge in updating them.

While we made progress in both areas, it might feel like we are back to square one as we enter the “bring your own anything” era.

Mobile phones, tablets, laptops and anything in between will soon be used to process work emails, store and edit confidential data and to communicate with clients. There is no purpose in trying to avoid this new reality.

The question now is how IT departments should handle this? Can anybody and everybody bring in the device they want and to what extent should an organisation support it? Should all applications and data be made available, regardless of the device or environment it will be handled in?

Mobile device management MDM suppliers have gone to great lengths to define the problem space which, conveniently, is always on a full overlap with the feature set of their products.

Delving deeper into the technical features of mobile platforms it also becomes very clear that all MDM products rely on the exposed Application Programming Interfaces (APIs) from the mobile platforms (iOS and Android in this case). One would wonder what the key differentiator is of each product. Almost without exception it concerns a feature that is unique in its ability to reduce the risk posture with .01%.

It is my firm belief that bring your own device (BYOD) offers IT departments an opportunity to return to its core business: providing access to applications and data.

Where our natural reaction is to control the platform we need to find peace with the fact that we are not able to control this. We are in the business of securing critical data assets no matter where they are located or used.

MDM is only one part of the technologies we need to execute on that mission but I would argue not the most important one.

Wim Remes is a member of the global board of directors of (ISC)2

Read more on Endpoint security