Manage the apps not the device to avoid a BYOD risk headache

byod“You’ve gone BYOD, now what ? I’ll tell you what, you get nuked on security, that’s what.” – Patrick Lujan

According to a recent survey conducted by Apperian Inc. over 65% of respondents used mobile apps in the enterprise, with 35% saying that they had developed between 1 and 3 in-house and a significant 51% saying all were third party apps. With on average half of employees using two mobile devices or more, there is a massive corporate data security risk without tight control and effective policies in place to monitor and control access to all these apps.

Massive risk

Apple proved that the App Store as a mechanism for the distribution of a wide range of business and consumer applications was the de-facto standard for mobility. Then along came the BYOD movement, part of what Forrester called the consumerization of IT’, a trend that allowed employees to use their own personal gadgets in the corporate environment, effectively blurring the lines of personal and professional use of their own equipment.

But the BYOD revolution also led to a corporate information security headaches as personal devices were more likely to be lost or stolen without the effective IT compliant password policies in place to secure the contents within.

How can a business protect and manage its corporate data on employee owned assets ? 

The MDM answer

In the early days of smart-phone expansion beyond the Blackberry, vendors tried to implement the “BES” (Blackberry Enterprise Server) security approach to smart-phones.  The issue with this approach was, 1) there were already apps running on BB’s other than email-contacts-calendar, and, 2) individuals owned the smart-phones while companies owned the BB’s.  Applying the BES approach to this smart-phone evolution was flawed from the start.

More granular security and more seamless control was what was really needed in this new world of business apps and environments mixed with corporate and personal apps and data.  This approach gave birth to Mobile Device Management (MDM). Early players looked to leverage the access controls that the phone and OS provider enabled: via a defined MDM protocol.  However, companies were (and still are) governed by what is made available to them by vendors who don’t necessarily look for business requirements first. .

As a result, MDM vendors whipped up enterprise solutions that allowed IT to create and control mobile device policies to ensure device compliance. This allowed IT to support and manage devices within the IT infrastructure, log and track devices through IT asset inventory and also the secure the corporate information held within smartphones. For most, this was all that was available and as far as that approach would take them.

But MDM doesn’t take into account how an enterprise should handle the development and deployment, management and maintenance of in-house and third party apps and the information held within them sitting on employee-owned tech.

Manage the information, not the device

MDM solutions do not take into account security and deployment considerations on an application level and this has brought about the need for an app-centric (vs. device-centric) approach to manage access and distribution of approved apps . It has also given rise to the growing trend known as Mobile Application Management (MAM).

Until recently, the primary method available through MDM for securing the contents of the mobile device was to focus only on the device as a whole.  MDM vendors work within the confines of what the device and/or operating system made available.  In practical terms, this permits IT organizations to lock down or wipe the entire contents of a device – whether intentional like after device theft, or accidental during routine system maintenance.  It’s essentially an all-or-nothing approach to securing the mobile device: the device and all of its contents are either under IT control or it is not.  For company-owned mobile devices this may not be an issue to users since they are technically using corporate assets, however in BYOD settings this has set off undeniable backlash with users.

The second significant challenge emerging as demand for mobile apps and content in the enterprise increase is the need to manage the full lifecycle of apps.  Years ago IT organizations and software vendors realized the value of having system management frameworks to help manage software versions, desktop images and more.  What the industry has lacked is a systematic and purpose-built approach to managing mobile apps.  This problem cannot simply be seen as an extension to the desktop computing.  Mobile apps run at vastly different cycles.  There are incalculable combinations of devices, mobile OS versions, and app versions at any one point in time.  And unlike the old days when IT was in control, the users themselves are often in control of when new devices or software updates come online.  Imagine the nightmare for today’s CIO when they are expected to not only secure this world, but also embrace it, when they do not have control over the underlying asset!

Yes, MAM

These two major streams of demand that have driven innovation in the mobile industry and led to the emergence of platforms purpose-built for mobile application management.  Platforms that place their primary focus on the apps themselves – securing, managing, onboarding and retiring them.  For an example, check out Apperian, App47 or TIBCO Silver.

MAM lets IT manage internal development, distribution, and control of in-house and third-party mobile applications within the corporate infrastructure, creating an effective solution to support and deliver apps to consumer and enterprise mobile devices.

It gives the CIOs the ability to develop, test, and deploy their own enterprise apps and well as third-party consumer-based apps.

  • It gives employees a mechanism for downloading and using  mobile apps (that is similar to the Apple App Store) that have been approved for use and provisioned by IT policy.
  • It lets IT manage access to the apps depending on factors such as an employee’s job role.

It also gives control back to IT who can manage access to the apps depending on a number of factors such as employee role profile.

There are many questions to ask when considering implementing an enterprise-wide mobile strategy and allowing employees to bring personal devices into the workplace, and how you place the importance of device security, corporate data protection and application development will drive the choices you make.

But the one burning question which over arches them all is;  Are you looking to manage just the device or everything on it ?

This article first appeared on TechRepublic and has been edited for SuccessfulWorkplace.

Advertisements

Tags: , , ,

Categories: Apps, Information Technology, Mobility, Tech Strategy

Author:Theo Priestley

"I had more creative ideas from Theo in 6 months than I have had in 6 years from most people." Theo Priestley is one of the most recognised independent technology industry influencers and evangelists, ranking in the Top 100 thought leaders across Virtual/ Augmented Reality, FinTech, Artificial Intelligence, Big Data, Internet of Things and future trends. Theo has written insights for Forbes, Wired, The European Magazine, Venturebeat to name a few, and has been interviewed for many online publications including the BBC on his thoughts on technology and the future. A regular paid keynote speaker and panelist at conferences and events, Theo is engaged for his forthright views and isn't afraid to challenge conventional thinking and the marketing hype surrounding the industry when presenting, never pulling punches to get the message across on how technology can be applied to improve business and the customer experience. He has also successfully organised and run TEDx and Ignite events. Highly active across social networks, he sits in the Top 1% for social media engagement on Kred and Klout and is constantly sharing articles and his analysis that he feels his audience would be interested in. Theo is also active in the startup community, mentoring within UK and US accelerators and sits on a number of advisory boards. Former VP and Chief Technology Evangelist at a Top 25 European enterprise software company with a career spanning both innovation strategy and delivery of software and business change in Financial Services, and as an independent technology industry analyst. Follow Theo on Twitter @tprstly or connect here directly for constant insights on tech and marketing trends. • Top 1% Influencer on Kred (915) • Top 1% Influencer on Klout (70+) • 12,000+ Followers on LinkedIn • 13,000+ Followers on Twitter • Recognised Top Influencer in AI, Virtual/ Augmented Reality, Fintech, IOT and Wearable Tech, Big Data and Analytics.

Subscribe to the blog

Subscribe and receive an email when new articles are published

4 Comments on “Manage the apps not the device to avoid a BYOD risk headache”

  1. February 23, 2013 at 12:23 pm #

    Theo,

    Great article as usual. The underlying question that seems to be entirely ignored is why in the world are we still deploying client resident enterprise applications in 2013? Seriously, all of the issues you’ve just identified, along with version control are exacerbated by creating an ‘app’.

    Personal computing where a network connection isn’t essential; app away. Fruit ninja and angry bird all you want. Enterprise applications should be web based so that the only security risk IT has to worry about is access control to the applications in the first place.

    Let me know what I’m not seeing. What functionality is required that can only exist in a client/server environment? I can’t think of any but there must be a huge list that perpetuates the development of client based apps. The list better be of unfathomable value to open and expose enterprise data to such a security threat.

    Steve

    • Lance
      March 12, 2013 at 11:17 am #

      Steve,

      In regards to web only access to data, I think you are missing the point. When data is locally stored on a device a user does not need to rely on a network connectivity. A good example would be eMail. The PDA needs to connect to a server for the latest messages, however, does not need to be connect to read a message or create a reply, only to deliver a reply. The same is true for calendar, contacts, ToDo’s.

      I do see your point that if the user only requires live access data, then a web application can serve the purpose, however, if the user requires access to data off line, then a web application will not meet their needs.

      As for Security, the application deployed should be built with security and the ability to be remote wiped by an administrator of the system.

      Lance

  2. February 23, 2013 at 12:46 pm #

    This challenge started when we first initiated outside access to mainframes. When PC became the rage there was always someone who NEEDED a MAC. No real justification, but the boss was convinced. I was lucky, I told my CEO what the risks were, how I was unable to support one or two MAC users and that was that. Been following that approach for years and haven’t see a single employee quit because he/she couldn’t have their preferred device. The stakes are so much higher now that companies like Boeing for example just say no. The alleged up side of BYOD is negligible compared to the risk. I dare say that the argument is far more about accommodation than about business value.

Trackbacks/Pingbacks

  1. Big data should lead to big dreams | Successful Workplace - February 24, 2013

    […] carbon footprint and consumption data. We even have data about data in the form of log data, as Tesla showed us in rebutting the NY […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: