In the wireless industry – where talk of hockey-stick projections and tipping points dominates conversation – device management has been a relatively tranquil space. But that may be about to change.
For years, mobile security has been a “just-around-the-corner” thing in wireless, where a new virus or spam epidemic is a constant – but largely unrealized – threat to users around the world. Much of the fear-mongering has come from those who offer security “solutions” to over-hyped problems, though, and very few mobile users have suffered through anything more nefarious than an occasional unwanted text message.
Device management is becoming more complex, though, as “prosumer” phones that blur the lines between business and personal rapidly gain traction. Handsets like the Apple iPhone, Samsung Instinct and new BlackBerry models are finding their way into enterprises as business users increasingly want a single device that can do everything, from accepting push e-mails and accessing spreadsheets to supporting high-tech games and playing tunes.
“Absolutely we’re already seeing those devices (in the enterprise), and we’re going to see more,” said Dan Hoffman, CTO of SMobile Systems, an Ohio-based mobile security firm. “It’s a significant concern.”
The new wave of devices is giving I.T. departments headaches for two primary reasons: they’re often inferior to business-specific handsets when it comes to security features (the BlackBerry has a whopping 400-plus I.T. policies, for instance, many of which relate directly to security), and employees are far more likely to view the devices as personal phones. Indeed, an IDC poll of U.S. professionals shopping for mobile devices found that 70% of respondents who already owned or planned to purchase an iPhone will use the gadget for both personal and business reasons. And those who see their phones as personal handsets, Hoffman said, are likely to object to safeguards I.T. departments might want to enforce on the device.
“If you look at security options available on a BlackBerry, it really has a lot to do with restricting the device, telling users ‘You can’t do this,’ ” Hoffman continued. “What I’m finding is that that isn’t fine anymore. (Businesses) want people to open up, to surf the Internet. The traditional method of locking down the handset isn’t working anymore.”
And it’s not like most I.T. departments are well-positioned when it comes to mobile security in the first place. One recent study by O’Keeffe & Company found that 68% of mid-size and large companies have no distinct I.T. security policies governing remote workers and mobile devices on their networks, and three-fourths of the firms fail to employ any form of disk encryption.
So I.T. departments are playing catch-up just as these new, consumer-friendly devices make their way into the office. Which helps explain why IDC believes worldwide mobile security licensing and maintenance revenues will grow “at a healthy compound annual growth rate” from $200 million last year through 2011.
“I think device management is an area where you’re going to see a tremendous amount of focus over the next couple of years,” echoed Dan Croft, founder of Chicago’s Mission Critical Wireless, which helps large organizations deploy mobile devices. “How much control should the I.T. department have over a device? A great example is an iPhone, which today does allow me to push an I.T. policy such as requiring a password. I can push a policy out to the iPhone, there is a provision for that, but ironically (the user) can choose to accept it or not.”
The tug of war between I.T. departments and employees is nothing new. Executives have struggled to cope with device-management policies since the earliest days of portable data devices, and I.T. staffers continue to try to find the right balance between flexibility and security.
But these struggles will only become more pronounced as the lines blur between business and personal, and prosumer devices continue to push “the consumerization of I.T.,” as it has been called. Employers increasingly will deal with legal issues on both sides: from governmental regulations such as HIPPA and Sarbanes-Oxley, to questions regarding how to manage data on the “personal” device of an employee who’s left the company.
“There’s never going to be a final resolution; this is an ongoing battle,” Croft said. “And it reflects our world, our business and personal worlds. It reflects just how mobile our society has become.”
