Hangout: Dealing with data security in a BYOD world

We did a live Google Hangout on Air on Thursday to address that very question. It’s a preview of what you can expect to clean from the upcoming Mobile Enterprise Strategies Summit taking place Oct. 23-24 in Toronto and chaired by IT World Canada’s own Fawn Annan.

Below is a summary of what we learned from our guest panelists:

There are indicators we can look at within the existing enterprise to guide that decision process, including current work practices and policies for employees working from home. There are organizations whose work models demand a complete BYOD scenario, for example a client that has more than 1 million independent sales people using more than 3000 different types of devices.

There are also policies that influence a business’s BYOD model, which enables an organization with an MDM solution to prepare and support the multiple devices. If they don’t have an MDM solution with a secure container, then we’d guide them towards having a single device that they deploy within their network. For those who do have that secure container in place through their MDM application and have their policies defined then they’re ready to expand the number of devices available.

So, it really comes down to a firm’s cultural and business model, their understanding of any liabilities associated with their employees bringing their own devices and how ready are they to expand the number of devices that they’re supporting.

HP will present a number of case studies of mobile applications developed for a vast number of clients byod, location based services & mobility aspects around five key issues including device diversity, time to market, cost containment, performance & security and solutions delivery.

Eric Martin, Marketing Director from Catavolt

Decision of choosing a device should reflect the desire of securing the back end of the enterprise. MDM may not be the best pathway to support a BYOD implementation because even if there is a secured container, corporations should have a policy as well as access to individual devices to be able to delete personal data or wipe it off that device.

Most corporate clients demand a solution that enables them to keep the corporate data not within a secured contained within a device, but in the back end of the system and utilize a lighted approach on the device that just takes that data and streams it to the device without storing it on the device.

Its really important to secure the back end and just provide the very specific functionality in an environment that is not dependent on big applications with cockpit-style interface with many options, but the ability to quickly create lighter application that helps users with their specific tasks and does it well, without the applications in the personal device interacting with the enterprise data.

Patrick Vandenberg, Segment Marketing Director for IBM Security Systems

Our approach in enabling customers for their mobile computing initiatives is to look at it as a cross-section of existing secured computing dynamics. We don’t look at it just as Device Management itself, but have many requirements in consideration including local and back-end data, people with the access as well as applications involved, front-end streaming or made-up applications infrastructure etc.

IBM has a three pillar strategy, where we 1. Manage the device, 2. Mould, configure monitor and enforce the policy on the device and 3. Establish Security controls.

Nature of the mobile device brings a lot of risk factors that need to be considered, including where the enterprise data is being accessed from and if there are any high-dollar value transactions attempted through the device during odd times of the day. If yes, then we need policies set to accommodate this kind of considerations.

Security controls for the application deployment with the ability to access and mediate so the enterprise data environment is not vulnerable to the external applications within a mobile device.

IBM has chosen Mobile Enterprise Strategies Summit to introduce the IBM MobileFirst platform – an approach that covers applications and data platform, apps development and management of the devices, analytics – a comprehensive approach for the organizations around mobile security.  

Kevin Kiley, Director of Enterprise Solutions at Airwatch

This is one of the common concerns that we hear everyday. Well-meaning employees are not usually acting maliciously; they’re just trying to get their work done and be as productive as possible. From our point of view, it has been a matter of finding a way of looking at the content securely, whenever, wherever that user may need it. Of course, some governance is needed around it and now you see IT having unique controls that they can employ to where that user can access the content and what can they even do with it.

In some cases it is just the matter of getting the information out and we can have some version controls to keep everyone current, but to truly bring a vast amount of productivity down to the user and giving them the ability to edit, create, collaborate… that’s we see the power and that’s what has really taken off for us.