Are your workers clamouring to recruit their personal iPads for telework duty? Are any of your executives lobbying IT to be given corporate network access for their Android phone?
The trend towards using personal mobile devices in the workplace is causing some significant headaches for IT departments in many organizations including small and medium sized businesses (SMBs), according to recent surveys.
A 2010 survey of almost 2,000 network and telecom decision makers by Forrester Research shows that 46 per cent of respondents viewed “supporting more mobile applications for out-of-office users” as an adoption priority. Another 44 per cent said “supporting more mobile devices or smartphones (not laptops)” as a priority.
This becomes increasingly important when one considers that for the last six years many security experts have been warning about an impending explosion of mobile malware as well as “rogue smartphones” that could be exploited to launch distributed denial of service (DDoS) attacks.
Recently, computer security company McAfee Inc. announced a program that will help its partners offer businesses the ability to remotely track, manage and protect employee’s mobile devices.
Under McAfee’s Business Ready Program set to launch in the second quarter of 2011, partners McAfee partners will be able to pre-load or load McAfee Enterprise Mobility Management (EMM) client software onto iPhone and iPad devices, Android smartphones and Windows Phone 7 handsets. Full support for BlackBerry devices is still being worked out.
The EMM is designed to allow IT administrators to remotely control mobile devices from a central dashboard, according to Doug Cooke, director of sales engineering at McAfee Canada. “From the control console, an administrator can disable or enable a number of functions of the employees’ smartphone or tablet as well restrict or grant access to the company network.”
For instance, he said, an administrator can allow or prevent the use of a handset’s camera as well as enable or prevent the device from accessing the corporate e-mail server.
Under the Business Ready Program, McAfee is also bundling two other services: WaveSecure and VirusScan mobile technologies.
WaveSecure enables users to remotely locate a lost or stolen smartphone or tablet. With the software’s tracking technology, a user can remotely locate a lost or stolen device on the Internet. Users can also remotely lock the device, and wipe the device’s memory clean to prevent unauthorized use, network intrusion or data theft. WaveSecure also enables users to create a back-up of data contained in the device was well as restore that data to the same device or a different device.
VirusScan provides the capability scan and protects incoming and outgoing traffic from the device. Using both virus signature and behaviour detection technology, VirusScan is able to alert users of the presence of malware threats from e-mails, instant messages and Internet downloads.
“In essence, these offerings provide both IT departments and users visibility, control and the ability to protect mobile devices,” said Cooke.
Consumerization of IT
Michelle Warren, independent technology analyst and principal of Toronto-based MW Research Consulting calls the trend the “consumerization of IT.”
“We’re being hit by a wave of new and exciting mobile products aimed at consumers. Increasingly, buyers of these products are demanding to be allowed to use them in the workplace,” she said.
The trend, Warren explained, is saddling many IT departments with additional concerns. “A person wanting to use his new BlackBerry or iPhone for work in a two or three person office is no big deal. But when you’re dealing with a larger organization of 50 people wanting the same privilege then it becomes a headache,” she said.
Number one issue is whether the device’s operating system is compatible with the business’s network and existing equipment. Then, Warren said, there is the question of the security risks involving the device itself.
Any addition to a business’s mobile device fleet represents an extra endpoint to protect, Warren pointed out.
Some factors to consider include:
- Encryption of data entering and leaving the device
- Data stored in the device is protected and access to the corporate network is restricted should the device get lost or fall into the wrong hands
- Users are not able to forward sensitive materials from their work devices to non-work devices which may not be secure
- Policies are in place to determine which devices and users are allowed access to which corporate data or applications
Typically, she said, IT administrators would have to deploy one solution for mobile virus protection, another product for remote locking and remote wipe and a separate tool for managing network access.
“In this sense, I see the McAfee offering as being useful because they provide a one-stop-shop for mobile management and reduce pressure on IT,” Warren said.