In a Walt Disney comic book from long ago, Donald Duck looks to his inventor friend Gyro Gearloose to get involved in an important baseball game between two fierce rivals. Divided in his loyalties, Gyro invents an “unhittable ball” for one side and an “unmissable bat” for the other – with utter chaos the predictable result. (For Aberdeen’s friends in Red Sox Nation, “The Impossible Dream” is also a nostalgic Throwback Thursday reference to the 1967 Boston Red Sox.)
This unhittable ball / unmissable bat scenario is not unlike the situation that many enterprises have experienced with their Bring Your Own Device (BYOD) and mobile device management (MDM) initiatives – in trying to balance the benefits of mobility and cloud, the security and compliance requirements of the enterprise, and the flexibility and privacy expectations of employees, IT, and IT Security teams find themselves in the role of Gyro Gearloose, trying to invent the ideal solution. Meanwhile, the game goes on, and chaos is the predictable result.
As I wrote about in Consumerization and Security: Turn Your “No” into “Yes, and Here’s How”, the views expressed by a member of the security team for a professional association based in New England are still all too typical:
This is the process actively followed in my organization: until an app is evaluated by the security staff, it is not available for employee use. The app is explicitly blocked, to prevent it from being operational during the window when it is being evaluated. In my opinion it is better to block it until we can be sure it doesn’t possess any security risk to the organization.
This stereotypical “no and slow” approach is truly a no-win strategy! Given the lack of an enterprise-supported capability that meets their needs, it should come as no surprise that well-intentioned users will take matters into their own hands, and find ways to accomplish their assigned business objectives using readily available consumer-oriented solutions. If this weren’t so common, we wouldn’t have a name for it – but examples of such “Shadow IT” are all too prevalent.
The instinctive initial response to BYOD initiatives was for IT to do what IT has always done – which is to block access for all mobile devices, except those for which IT can establish direct visibility and control. In its 1Q 2015 study on mobility and security, Aberdeen found that about four out of five (78 percent) of all respondents had either implemented some type of mobile device management (MDM) solution, or were planning to do so in the next 12 months.
Fortunately, in recent conversations with CIOs it was great to hear that both enterprises and solution providers alike seem to recognize that enterprise mobility initiatives are about much more than managing devices! On the contrary, in Aberdeen’s study the leading drivers for current investments included the pursuit of positive objectives, such as:
- Enabling user productivity (53 percent of all respondents),
- Supporting collaboration between users (26 percent), and
- Improving user satisfaction (22 percent).
In addition, however, drivers for investment still included the containment of negative outcomes, such as:
- Minimizing security-related incidents (e.g., data loss or exposure, unauthorized access, unplanned downtime; 37 percent of all respondents), and
- Sustaining compliance-related requirements (20 percent).
This is a great example of the balance between enablement and protection that must be struck, if the roles of IT and IT Security are to remain strategic and relevant in the enterprise.
Leading solution providers really seem to “get it” these days, in the sense that that vendors who were the vanguard of MDM are now saying that the focus of enterprise mobility initiatives should be on the users and what they’re trying to accomplish, and on the security of enterprise applications and data rather than on the devices. At the same time, these vendors are developing capabilities that acknowledge the distinction between corporate interests and employee interests – such as the ability to do “differentiated wipes”, which remotely wipe the enterprise data off a lost or stolen device, while leaving the employee’s personal applications and data intact.
In other words, we’re now seeing the means for enterprise mobility and employee privacy to no longer have to be at odds with one another – like the unhittable ball and the unmissable bat, being used in the same game – but to coexist in the same enterprise mobility management solution. Queue the music, and fade to black: “to dream, the impossible dream …”
This article was syndicated from Business 2 Community: Reconciling Enterprise Mobility And Employee Privacy: No Longer The Impossible Dream
More Technology & Innovation articles from Business 2 Community: