The real challenges of getting mobile strategies off the ground are clear today. Scale is one, because the universe of devices and their diversity has just exploded. Another is ownership - not owning the device limits what policies can be enforce on users. And then there are platform limitations - the capabilities of the current breed of mobile operating systems may not be as rich as those available in the PC world.
"You go back 10 years, everyone used a PC provided by the company, and they were all running windows. You only had one OS to worry about, and you had ownership of the platform," says John Girard, VP and Distinguished Analyst at Gartner. "We say now that we have three or four OSes to worry about with mobile, but in reality, there are over 24,000 variants of Android in use right now - many more in terms of revision level."
So, how do we adapt to this new situation from a security perspective? Planning for predictability is one way. If you have no idea what's coming into your organization, the uncertainty of resolution presents a problem. You need to reach a consensus of what you can support and what you want to allow, he says. The second is to recognize that certain types of critical applications should never be allowed to run on mobile devices. Technology exists today to allow you to run these apps remotely via VDI, ensuring that sensitive information is never transmitted to the device.
Culture and mobile policy are areas that organizations have been experimenting with in the past five years or so. But how can you ensure that you are making the right moves?
"The best way to assess your mobility program is to undertake a self-examination," Girard advises. "This will help you to uncover assumptions that may be incorrect and practices that may not have been questioned, and find out if they are working well for you."
Gartner has produced a mobile self-survey, he says, which asks questions about how different people in the enterprise perceive mobile devices, and how the practices and culture in an organization does or doesn't support responsible mobile computing.
In a previous interview, John Girard spoke to about the idea of "Failure-proof mobile security". In this exclusive interview with Information Security Media Group, he outlines some of the common challenges today, in addition to giving common sense advice on approaches that streamline the management of the increasing portfolio of mobile computing devices connecting to enterprise networks today. Girard speaks on:
- The lessons from the previous generation of computing that can be applied to mobility;
- Ways to assess and optimize your mobility program;
- Some unique challenges in Mobility in Indian enterprises.
Girard is a VP and Distinguished Analyst in Gartner's Info Security and Privacy Research Center. He is an expert in business security and privacy solutions for wireless and mobile road warriors, extranet, remote offices and teleworkers. He specializes in predicting future security technologies to help clients to avoid getting backed into a corner with dead-end investments and get the best payback on their investments.