TRP: What are the risks associated with partnerships like the one between Apple and IBM, that are designed to allow consumer-focused businesses a smooth passage into the enterprise space? Could they muddy the waters between consumer and business applications further and result in an even greater risk?
CG: I don't actually see this as a risk, as I think that more vendors need to marry ease of use for end users with strict enterprise security. Since Apple focuses on the first, and IBM on the latter, I believe that their partnership is going to up the ante in enterprise mobile applications and solutions.
End users are going to choose the types of devices they prefer, and Apple dominates a large part of that market. By working with IBM to improve security capabilities, they are ensuring that IT departments will be happy to choose their hardware and software solutions for use within the enterprise. In this way, data stays secure as workers share content and collaborate, but enterprise workers don't lose any productivity through clunky, unmanageable solutions.
TRP: What can those who develop enterprise-class productivity solutions do to mitigate these risks and ensure that organisations remain secure?
CG: There are a number of things that those who develop solutions with the enterprise in mind can do to ensure data security. When it comes to developing critical business applications, ease of use is an absolute must, for example. There's no way around it. Even if IT is thrilled with the promised features and functionality, if an app is clunky, frustrates employees or eats up valuable time, users will abandon ship and find a suitable workaround.
We see this all of the time in the world of mobile file-sharing. Employees are drawn to consumer-based applications such as Dropbox and Google Drive because of the user-friendly interface and the ability to quickly get a file out the door. The problem is that, in many cases, employees are using such applications without the IT department's knowledge – putting enterprise data at risk.
The job of IT professionals is to make sure that confidential files remain confidential, and those providing enterprise solutions share the same burden of responsibility. Put simply, they need to ensure that enterprise-class applications not only have the same ease-of-use as those they become accustomed to as consumers, but that they also have to provide the level of security that these same individuals have come to expect in their working lives.
The ability to marry up these two disparate aspects within solutions is the key to keeping data secure within the enterprise, and ensuring that users do not venture outside of the ecosystem to use other technology that could cause problems further down the road.
TRP: How much education do businesses need concerning the danger of workers bringing their own applications into the workplace, and the potential consequences of getting it wrong?
CG: It's an area that organisations are increasingly waking up to, and several high-profile data breaches have played an important role in reinforcing this message. The fact that iCloud and Dropbox accounts have been so publicly breached in recent times underlines the fact that if you, as an IT professional, are serious about the security and integrity of your data, then you need to be using a serious, enterprise-grade solution.
Having said that, there will always be those who continue to treat security as an afterthought, and for these people, education is particularly important. Many small or emerging businesses, for example, tend to de-prioritise security, as they are short on resources, and feel that they are better investing what little they have in other areas. However, this mind-set misses the point that, in the long run, failure to address security concerns could prove to be a much more costly expense.