Danger, Will Robinson! Beware the hidden perils of BYOD
And we're so nice, we're telling you how to dodge them
Managing all these mobiles
Expanding the concept outside a single vendor, we now step into the world of mobile device management (MDM). The idea is simple: make every other type of smartphone controllable in the way that made BlackBerry so attractive.
BYOD: great for working on the move, less so for security
It is no surprise that the range of offerings on the market is already big and it continues to expand as new vendors jump on the bandwagon.
Neither is it any great shock that the latest version of RIM's enterprise server package is multi-platform and encompasses iOS and Android devices as well as the company's proprietary handsets.
What does MDM bring us? Precisely what we have just discussed: centralised policies, mobile device wiping, control over the functions users are able to use, connectivity into corporate fileshares and so on.
Pretty well every decent offering has a similar baseline of functionality, including all of the above plus on-board encryption, the ability to share files securely with colleagues and third parties, and even the option not to permit the user to see files at all in the event that the device can't contact its “mother”.
There is just one snag, though: BYOD, or bring your own device.
Some bright spark has decided it is a good idea to let users bring their own computers in to work and read their corporate emails on their own iPhones. Many employers (mine included) even offer financial incentives for staff to use their own devices to reduce the capital and support costs of owning vast collections of PC software.
Your users probably won't want you to wipe all their data just because they have left the company
This messes up the MDM model because your users probably won't want you to be able to take control of their devices, enforce policies or wipe all their data just because they have left the company and you don't want them to see their email any more.
The problem, then, is data leakage – regardless of whether staff members are part of some formal BYOD scheme or just using their personal device to make that last-minute tweak to a document. When data finds its way onto someone's portable device you can assume it will be accessible for ever more unless there is some way you can control what that person can do with it.
There are a few solutions and you may well end up using more than one of them, because each addresses a different aspect of the problem.
If you install applications on users' mobile devices you have the problem of uninstalling them if users leave the company. The answer is simple: don't install them locally on the devices but instead make them accessible remotely.
Anyone who has ever used something like the Citrix Receiver client on an iPad will know that it is actually not a bad experience. True, you wouldn't want to write a novel on it, but you probably wouldn't want to do that on a locally installed word processor either.
The prevalence of 3G/4G mobile networks and wireless hotspots makes it economical for your users to treat their BYOD devices as thin clients and access applications over the internet.
This could be through a self-hosted or a cloud service, the latter often being preferable as users may well be connected automatically to their closest server, thus aiding performance.
Sponsored: Global DDoS threat landscape report