After three decades where managing endpoints was synonymous with imposing strict security on laptops, enterprises are about to face a much greater security challenge. IT leaders are asked to protect their enterprise data not just on smartphones and tablets, but while it travels through the Internet of Things (IoT), on connected cars, on smart TVs, and on smart watches and other wearable devices.The advent of the digital workplace is increasing the speed at which enterprise mobility and security are moving away from each other. Employees have become accustomed to working across multiple devices, to transferring files between devices, and to fast and fluid switching between their personal and professional worlds. In reality, protecting data with traditional endpoint management models is incompatible with mobile operating systems and their application-centric economies.
Three factors need to be addressed to bridge the gap between enterprise mobility and effective security for business information: people, process and technology.
People: Freedom plus accountability
Users bypass the legacy endpoint security models imposed on their mobile devices because they are incompatible with their need to mix business and personal life. The ones that comply feel disarmed and frustrated and simply miss out on the opportunities that the digital workplace can offer.
Security teams beware: If your potential solution results in a suboptimal user experience, your employees will turn toward privately owned devices and privately managed applications. The latter often leads to silent enterprise leaks: incidents that go unobserved when employees upload enterprise data to third-party clouds. Once leaked, the enterprise can neither track nor retrieve that data.
The way to make enterprise data more secure is to increase the level of user freedom, and at the same time, to hold users accountable and responsible for their actions. To increase accountability, organizations need to make what occurs on mobile devices part of the enterprise conversation, and to set clear security expectations.
Process: Organizational and cultural changes
Watch out that you don’t misinterpret risk and maintain organizational structures that are not designed for enterprise mobility.
Typically, the team managing mobility is decoupled from the team that traditionally manages the legacy endpoints. This requires organizational and culture changes.
Technology: Prevent shadow IT
It is difficult for businesses to impose management and security policies because the endpoint platforms are administered by the employees and are centered on applications, not networks
Organizations should move away from device lockdown as much as possible, but still treat all endpoints as untrusted ones. To prevent shadow IT by employees, focus on offering the same quality of experience through mobile-based solutions.
By focusing your efforts on providing solutions that are tailored for mobile use, looking at security from a tactical standpoint and favoring app-centric models, you can offer your workforce a system that will enable it to take its digital workplace with it, along with enterprise mobile security.
Dionisio Zumerle is a research director with Gartner, and he is speaking this week on mobile security threats at the Gartner Security and Risk Management Summit.