Blog: Securing the Device or the Data?

Posted on

*Originally posted to The IMF Blog on January 23, 2013. | View Post

We have a Web Forum coming up tomorrow on how to manage telecom in-house from an enterprise perspective. I’m anxious to hear what Jennifer has to say on the matter and what tips she provides the group but for some reason it got me to thinking about mobile device management (MDM) and security. BYOD was banging on the door pretty loud in 2012 but analysts seem to agree it’s going to bust the door down in 2013. IT shops need an efficient and effective way of managing and securing this abundance of devices. So what’s the solution?

Every time I wade out into this area of the pool I’m reminded of Adrian Gardner’s presentation at a forum of ours last year on “Building a Future-Ready Digital Government.” Mr. Gardner, CIO for NASA’s Goddard Space Flight Center, brought up an interesting question:

Should we be more worried about securing the information or the devices themselves?

He obviously acknowledged you want to secure both but his point is where the emphasis should lie for IT and the organization. A comprehensive enterprise mobility policy needs to be created in order to cover all bases (at least as many as possible).

MDM chart

While a lot of companies have yet to deploy any kind of MDM offering, many are evaluating the field for potential 2013 deployments. Vendors like Good, MobileIron, Airwatch, and MaaS360 offer viable MDM tools with similar capabilities but their own unique spin. Some analysts argue MDM is already a dying industry but many will counter by saying its simply evolving and shifting focus towards mobile application management (MAM). For now though, MDM should be an integral part of your enterprise mobile strategy.

User awareness is another important area because a lot of mobile security mishaps can be attributed to operator error. For instance, downloading a bad app or clicking on malware laden email can easily compromise corporate data. Employees need to be educated on the latest mobile security threats. I’m not talking about a once a year classroom session with a simple PPT saying “this is bad and that is bad.” IT, HR, Legal and whoever else needs to be onboard and continuously informing personnel of the dangers and risks these attacks pose on the company.

Ultimately, as Mr. Gardner alluded to at our meeting, it all comes down to securing the company’s data. That should be the #1 priority and it shouldn’t just be an IT objective. We’re talking about the organization’s data as a whole. All business units need to come together and collaborate for a solution. However, this is a great opportunity for IT to show its leadership chops and make a statement on their value to the organization. I read and hear a lot about IT not being respected enough or included in the big decisions blah, blah, blah. Well this mobile security initiative is about as big as they come because any kind of data leak could land a company in the front page headlines or lead story on CNN. They say any publicity is good publicity but in this case I’d have to disagree.

How does your company handle its MDM? Do you have an enterprise mobility policy in place? If not, is that a priority in 2013? Lastly, how would you answer Mr. Gardner’s question about securing the device or the data?

Additional Reading

5 BYOD Risks and How to Manage Them (eSecurity Planet)

Is Mobile Device Management Dead? (Virtualization Review)

Spotlight on Mobile Device Management (IT World)

Why Mobile Device Management isn’t Enough (Information Week)


Blog Article: IT Transformation or Resurrection?

Posted on

*Originally published for The IMF Blog on May 14, 2013 | View Post

“The reports of my death are greatly exaggerated.”

– Mark Twain

In the latest episode of Michael Krigsman’s CxO Talk, social business expert Dion Hinchcliffe essentially says “IT is dead.” When I first saw the title of Michael’s article regarding the episode, “CxO Talk guest Hinchcliffe proclaims, ‘IT is dead,’” my initial thought was “here we go again.” After all, Hinchcliffe’s “proclamation” is nothing new.

It seems like I read at least an article or two every week about IT going the way of the dinosaurs sooner rather than later. I skip over a lot of these articles because it’s basically the same information rehashed. However, I enjoy the CxO Talk episodes so I gave it a listen and thought Hinchliffe made some strong, valid points.

The usual suspects are implicated here: Shadow IT, Cloud, BYOD, and the outdated concept of an overly-centralized IT department. While acknowledging the perceived risks of Shadow IT in a somewhat backhanded way, he even states “IT departments are now the hardest way to get things done.” Technology is moving to the lines of business, infrastructure is moving to cloud, and so on and so forth. Again, this really isn’t anything new.

Here’s the deal: IT’s not going anywhere. The department may change or undergo some sort of transformation but it’s not going to become extinct. Moving technology into the business units just means they’ll have to learn to perform IT activities themselves. Is this really practical? Talk about not knowing what you’ve got till it’s gone. As for cloud, most companies in the cloud still aren’t comfortable because of all the uncertainties associated with it. BYOD is great but somebody’s got to keep an eye on the devices.

Look, I’m not saying IT isn’t a hindrance in some cases. I’m not saying IT doesn’t stifle innovation on occasion. I’m saying, despite all the doomsday articles, IT is a critical part of the enterprise. Its absence would result in pure chaos. That being said, an attitude adjustment is necessary if IT’s going to play with the big boys.

Improved IT-business collaboration should be at the top of your list. Deal in terms of business value, not IT value. Stop dragging your feet on projects and looking for reasons as to why something can’t work. Say “Yes” for a change, or at least offer some comparable alternatives. Enable the business instead of holding it back. I’m sure you’ve heard this all before but it’s still not sinking in with a lot of organizations. IT will determine the role it plays in the enterprise moving forward. Why settle for keeping the lights on when you can revolutionize the company and/or your industry?

**If you’re interested in Shadow IT and its effect on the evolution of IT leadership roles, join our next webinar on May 30th at 2:00 PM EST. Michael O’Brien, an experienced and innovative IT leader, is presenting on the “Evolving Role of IT Managers and CIOs.”