Two trips in two weeks that take me to the West Coast. Sure, it’s nice to be in gorgeous San Diego, but it certainly makes for long days. Actually, I should mention that also having the opportunity to play a PGA caliber golf course is quite fun. In any case, I am here in San Diego for the M6 Mobility Exchange. If you haven’t heard of this event, you should look it up. I sincerely believe it’s one of the best events around enterprise mobility.
In any case, I had the opportunity to moderate a session called Securing the Mobile Enterprise. Not surprisingly, the session was very well attended. What was surprising was the following.
Only about 20% of companies in attendance had done a mobile risk assessment. That means that 4 in 5 organizations attending the event had not. I would not be surprised if that number parlayed throughout the industry. Even less companies in attendance had actually come up with a mobile risk management strategy…and even less were satisfied with the tools they had in place for managing that mobile risk.
The problem is that so much of the daily conversation is focused on BYOD that we lose sight of the things we need to do to protect workplace information. Some people say you don’t need MDM and that you need MAM instead. Others say you don’t need MAM and that instead you need to focus on MIM (mobile information management). Sorry, but on the panel I moderated, all speakers (and they weren’t MDM vendors) all agreed that you DO have to manage the device….and the apps…and the access…and the network…and the containers…and the content.
So you might as well just lock down the entire platform and make sure that everything is secure. There are just two problems with that approach. Firstly, it makes the solutions virtually unusable for the users – and that makes mobile a chore. Second, a panelist made a very good point. A determined hacker will be able to get around any protections you put in place. One audience member then asked, so why bother securing anything, because “resistance is futile.” The panelists were speechless for a good 20 seconds!
The answer to that question is that, while yes, the determined hacker will probably be able to get access to the information s/he is looking to get, but that is typically a rarity. You do need however to look at the information that will be access on your employees’ mobile devices and quantify the value of that information…and once you have quantified that value, determine what you feel is the appropriate risk level and the associated investment you are comfortable with. There is no right answer to that question…but there are two wrong answers. Do nothing and lock it down to the point of being unusable. Everything else is all about managing that mobile risk.