Skip to main content

Mobile explosion in the enterprise: how secure is your business?

BYOD mobile data
Corporate data is now more vulnerable than ever before
Audio player loading…

The new, complex multi-screen enterprise IT environment presents a large security and management challenge for IT in terms of keeping track of data, and securing against malware.

There are always three main points at which data is vulnerable – the network, the endpoint and the application – and the spread of consumerisation multiplies the number of vulnerability points.

Businesses are finding it tough to get to grips with this environment. For example, 62% of those employees who use their own devices at work do not have a corporate IT policy governing that behaviour, and are looking for solutions that help make it easier to manage - securing and monitoring all different devices and applications from a single pane of glass.

This has been a difficult task in practice, with mobile devices requiring different management systems to those used to manage the range of PCs and servers that businesses have traditionally used.

Casting a wide security net

A fast growing market has sprung up around the need to manage and secure mobile devices, offering features such as remote lock and wipe and application provisioning, but the goal for most vendors in this space will be to work toward a solution that manages the whole endpoint estate within an organisation.

Some of the vendors coming from a more traditional ITSM background are edging towards this goal, combining mobility management features with PC and server management, but it may still be several years until there is widespread usage of single solutions that allow IT administrators to manage all devices and applications from a single pane of glass.

Part of the challenge for enterprise IT in managing this multi-screen environment is that each operating system and device type has different capabilities, features, and methods of management.

Many devices built with consumers in mind are also unequipped with the security features that are required in an enterprise context. For example, the ability to encrypt data on the device and communications over the air, or remote tracking, lock and wipe capabilities.

The benefits of baked-in security

So, if employees are buying and using devices that have security features built in out of the box, such as a secure container or separation of work and personal profiles, like Samsung Knox or BlackBerry Balance, it answers a significant part of the IT management challenge.

Businesses would have to consolidate on a single type of device for it to provide the whole answer, and in a world of huge consumer choice that is an unlikely scenario in most organisations, but the more employees using these pre-secured and manageable devices the better.

In addition, the ability of smartphones, tablets and laptops to capture biometric data such as iris scans or fingerprints, create new opportunities for authentication factors that can help make data security stronger, but also create a less disruptive and time-consuming experience in the workplace for employees.

As various devices, online services and applications become an integral part of daily life for consumers, the workforce as a whole is becoming more tech savvy and able to find or suggest their own ways of working.

Employees and their line of business managers naturally have a more intricate knowledge of their everyday working processes and how they might be improved through mobile, flexible practices.

Unity needed between IT and business

This means that the fundamental role of the IT department has to change: it is now about embracing innovation from around the organisation and enabling it as far as possible, while maintaining the required levels of security and central management.

IT must align with lines of business to establish which devices and applications will improve processes and make employees more efficient and productive – it is getting harder simply to centrally mandate which applications every worker should have access to.

For enterprise IT, failure to adapt to this new role will lead to increasing irrelevance within the organisation, but it is also symptomatic of an organisation without joined-up thinking around how it efficiently manages business processes. IT should be enabling business owners as far as possible, not constraining them or dictating processes.

If IT is seen as a hindrance, individual employees and their line managers will increasingly seek ways to work around it, opening up an alternative 'shadow IT' environment that is difficult to manage, leads to risks around data security and is inherently inefficient, as different departments create silos of their own data and applications without any thought to interoperability.

Considering the risks of not enabling anywhere, anytime working is one form of motivation for enterprise IT to change its way of thinking – but of course it is also important to consider the positive aspects of what gains agility can bring to the business.

Enabling agility

Enabling agile and flexible working can lead to happier workers. Not tying them to the standard 9-5 day can have numerous benefits: less stringent working hours means enabling people to fit work around personal issues and commitments for instance, without cutting down on efficiency.

It means they can work when they are at their most productive – if someone is most switched on early in the morning or late at night, or if they are tired in the middle of the day and need to take a break before catching up after normal hours.

Employees that work with clients, colleagues and partners across international time zones can also make use of flexible working to make calls outside of the usual 9-5 working day, staying in touch more easily with their key contacts. And mobility makes employees more efficient and productive while travelling.

Added to this flexibility around working hours, people with access to mobile email and other apps also tend to spend more time working, which is a bonus for the employer – as long as this culture is managed and does not lead to employee burnout.

An expectation that people will answer calls and emails at all hours will not usually be seen as bonus, and can lead to high levels of stress – but giving people the opportunity to stay in contact in order to deal with urgent issues can be seen as a benefit.

  • Richard Absalom is a Senior Analyst of Enterprise Mobility and Adrian Drury a Consulting Director, both at Ovum. The Future of Work report was produced in partnership with Samsung - follow the links for Part 1, Part 2 and Part 4.