The use of mobile devices for business presents a new set of challenges both for IT departments and the broader enterprise. This is leading many companies to turn to enterprise mobility management (EMM) solutions to secure their data and devices.
But how effective are enterprises at looking after mobile data and how will they need to adapt to the needs of new legislation? We spoke to Ryan Spence, Director of Enterprise Mobility Management for managed service company MOBI (opens in new tab) to find out.
BN: How important is it for businesses to have procedures and protection in place to protect their use of mobile?
RS: The need for active security design for the mobile workforce is nothing short of paramount. Properly designed security procedures and platforms are so critical to a valuable mobility program that I would recommend appointing security experts to help develop your security needs. Mobility platforms and the devices they manage are very good at constant change. This means organizations are required to create adaptive security structures.
BN: Does the advent of BYOD and the proliferation of different operating systems and devices make EMM more difficult to implement?
RS: Device and OS diversity do make strong EMM programs very complex and with that complexity comes increasing difficulty to build and maintain. The complexity of properly implemented EMM solutions requires integrators with expertise across diverse disciplines. It is common for current EMM solutions to be underutilized because so few organizations are clear about all of the moving pieces of EMM. The field of mobility arrived without respect to business processes or platforms, requiring business and IT to change. Change, especially in competitive markets, is a difficult process for everyone.
BN: How complete an answer are technical solutions? Isn't educating employees in safe data practices equally important?
RS: That's correct. Technical "solutions" are not, in themselves, the totality of security design. Technical solutions are vital, but they must be designed hand-in-hand with an organization’s education and communication strategy, business goals, and projections for the changes yet to come. Technical solutions only go so far, and if poorly implemented, they can create more problems and slow an organizations ability to win in their market. More often than not, this is what I see happening to organizations who are attempting to implement security measures. It is not enough to appoint a person, or buy a technology, or implement policies. Organizations must now revisit how they think about nearly every process and reshape it around the assumptions of mobility.
BN: How will President Obama's proposed data breach notification law affect the way businesses handle data security?
RS: Well, honestly, I don't think the proposed law will inform how businesses think about their data security. It was already common for states to require organizations to report data breaches. The proposed law simply unifies all current requirements across the US, making the requirement clear no matter the location of your organization. The proposed timeline on breach awareness will require businesses to be aggressive about their internal reporting in order to inform legal and messaging departments.
BN: Is this likely to have an impact beyond the boundaries of the IT department?
RS: Absolutely. As mentioned above, the proposal creates requirements that will effect PR and Legal more than technical. The impact of a required timeline on public awareness will predominantly be felt by departments outside of IT. There isn't anything technologically new in the proposal, it is really geared toward information and what an organization’s legal requirements are around public disclosure.
BN: Do you think legislation will lead to greater overall visibility in terms of the way enterprises handle data security?
RS: That's a great question. For good reason, much of the dialogue around security is not part of the public discourse. Discussing security designs publicly can have the unfortunate result of increasing risk. I do not anticipate legislation increasing visibility into enterprise security, but I do expect the frequency of data breach to compel open, public conversation around the difficulties of providing security, the complexity of security design, how this generation defines privacy, the nature and lifecycle of data, and so much more. The questions around security in the mobile age force us to dig deeply into how we have built technology, what we must do to move forward safely, and what kind of society and organizations we are working to build.