Editor’s Note: The following article is reprinted from the Insider Threat column at Network World.
“Despite a strict policy to use BlackBerry devices, it seems obvious that many of our employees are using the iPhone for both work and play without the knowledge of IT. Apple has made it easy for them to connect to our email service and today’s users are savvy enough to figure out how to configure it, and if they’re not, YouTube provides plenty of instruction. How can IT put the genie back in the bottle?”
Rather than worrying about bottling up mobile experiences, the real question is how can you embrace this phenomenon and make device choice part of your company’s mobility strategy.
Corporate IT will soon be awash in consumer-centric devices, with handset manufacturers acting as enablers. Starting with iPhoneOS 2.0, Apple enabled users to connect their iPhones to work; WebOS and Android have followed suit. By sheer numbers, it’s inevitable that consumers are taking their iPhones, Palm Pre’s and soon Androids to work.
To date, corporate IT has worked hard to keep these consumer devices out, citing traditional concerns about security and manageability. But users are taking matters into their own hands and circumventing policy. The result is an insider threat that is not malicious in nature, but occurs when corporate data or network access is exposed by the loss of an unprotected device.
Eliminating this insider threat may be as easy as keeping users happy by providing them with the flexibility to use whatever they want for work. Of course, that requires you to plug consumer devices into the corporate environment in a manner similar to what you’ve done with BlackBerry.
BlackBerry has long been the standard for smartphone mobility in the enterprise because RIM enabled IT to support the devices like other corporate assets. The BlackBerry Enterprise Server provides a centralized console and supports security capabilities such as device encryption.
The same capabilities — and more — are required for devices such as the iPhone. After all, these new devices are more akin to laptops than BlackBerries. In fact, some are now calling these devices “app phones” because the term “smartphone” is too limiting.
The list of capabilities that will help make these app phones enterprise class includes:
- Basic security facilities such as password/pin and remote wipe to protect information when an app phone is lost. These settings must be set remotely via policy.
- Exchange ActiveSync support services for email and security policies, enabling basic services from the enterprise with policy enforcement on the device, enabling out-of-the-box IT support for any app phone.
- Encryption (data at rest) support to protect information on the whole device if lost. This, coupled with #1, provides robust device loss protection required by certain market verticals such as healthcare.
- Compliance enforcement to ensure that security policies and device configuration set on a device remains persistent.
- PKI support that allows app phones to receive and ingest digital certificates. The use of certificates helps automate connectivity to enterprise applications via Wi-Fi, VPN and web by making authentication transparent to users.
Once enterprise IT is able to address these five areas in a way that’s similar to the handling of laptops, there will be no need to stop rapid adoption of these consumer-centric devices. And rather than worrying about putting the genie back in the bottle, IT can start embracing the innovation taking place with app phones.