James Tay, CEO at Logicalis Asia, considers the options when it comes to managing the data security risks associated with BYOD. Should it be the traditional Network Access Control (NAC) approach, the belt and braces of Mobile Device Management or the less invasive Mobile Application Management?
Today, nine out of 10 people worldwide own a mobile phone - that ubiquity, along with the rise of smart devices, has led more and more organisations to allow employees to use their own mobile devices in the work place. As has been explored in previous posts, the rise of ‘Bring Your Own Device’ (BYOD) opens up opportunities and threats in almost equal measure.
On the plus side are reduced capital costs and the chance to drive innovation throughout the organisation – but on the downside are the risks to data security and the complexity that comes with supporting a wide range of devices. My conversations with customers and colleagues confirm that these are the issues that are exercising the minds of CXOs considering opening the door to BYOD – data security more than most.
So what are the options when it comes to managing and mitigating data security risks?
Extend and adapt traditional control systems?
Traditionally, networking vendors have employed NAC hardware devices to manage access to corporate infrastructure. The emergence of BYOD has prompted many of these vendors to expand NAC device functionality to provide further profiling and context-aware intelligence - gathering information from the device, the infrastructure and network services before granting or denying access to network services. Although context awareness provides granularity, all restrictions are facilitated by network equipment like switches and routers. In some ways I see this approach as something of a workaround, with potential downsides including a less than slick user experience and knock on effects for productivity. It can work, but it’s not ideal.
Use Mobile Device Management to lock BYOD down?
A second option is to deploy Mobile Device Management, or MDM, which is a software service that monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. It’s not a new technology. In fact, it’s been around for years, but MDM is a workable solution. It overcomes the challenges of providing end-user convenience while achieving the required enterprise security – in essence it ensures that a line is drawn between mobile work and play.
MDM solutions deliver high levels of data encryption, compliance checking and security breach detection. This type of service even protects the enterprise if a device is lost or stolen – data stored on the phone is encrypted and can be remotely erased if necessary. At the same time, MDM provides cloud options with self-service portals so that users can access a quick and hassle-free service. Up to a point, this supports employee satisfaction and helps organisations to attract and retain talent – on top of the wider organisational and cost benefits of BYOD. There is no doubt that MDM simplifies the deployment and management of BYOD infrastructure, but it’s also pretty clear that it is not a perfect solution – that is not so much about its efficacy, but about its likely popularity amongst employees.
Go for a hybrid MDM and MAM solution?
The issue with MDM as a one-stop BYOD security solution is this - many feel MDM is somewhat invasive and just don’t like the idea that corporate IT is able to access private data. The point is, in a BYOD environment, you can’t dismiss those concerns. In fact, I think those perceptions could seriously undermine user confidence in BYOD – aggressively controlling the entire device, allowing camera disabling, denying access to App Store, as well as locking or erasing data from compromised devices risks making BYOD feel more like ‘buy your own device’ than ‘bring your own device’. It’s hard to see why many employees would be keen to sign up to that kind of arrangement.
In my view, that need to balance user satisfaction with the needs of enterprise security, is the main reason Mobile Application Management (MAM) has increasingly been added to the BYOD mix. MAM enables IT departments to control the corporate applications and content deployed to an employee’s device without encroaching upon the employees’ private data – and that is a really important distinction. In fact, MAM is increasingly becoming a preferred approach. But it is worth remembering that MAM and MDM are complementary technologies, since MAM focuses on the software while MDM leverages the hardware. Indeed, MDM vendors are increasingly defining themselves as MobileIT, essentially a combination of MAM and MDM – and this is, at the very least, a solution worth considering.
The right balance
The key for CXOs seeking to enable a BYOD culture is to find a solution that balances flexibility with control. Any solution which goes too far in limiting or controlling the use of devices bought and paid for by employees themselves is likely to be resented, or even rejected altogether – rendering BYOD dead in the water. On the other hand, realising the potential cost and resource efficiency, innovation and employee satisfaction that BYOD can underpin should never come at the expense of data security.
In my opinion, solutions to these challenges are still evolving and, of course, the right choice will depend on the nature of the business - so it is worth exploring all the options in detail.
However, given the need to balance flexibility with control, it is not a great surprise to see the tide turning in favour of MDM/MAM or MobileIT – and it is certainly the best, most flexible option available at the moment.
If you are unaware of the concept "Aerodynamic Business" you will be enlightened soon; we will be featuring a short series of articles exploring, from a wide range of perspectives, how ICT can be re-engineered to support innovation across organisations in times of economic uncertainty.