Anthon Muller, Executive Head of Managed Enterprise Mobility, Vodacom Business
Increasing investment in high-speed mobile data networks combined with the rapid proliferation of smartphones and tablets is fundamentally changing the way people work. The scale of this is amazing – a decade ago only those at the top of an organisation had access to what were at that point expensive gadgets. Today there are more than 20 million smart devices in use across South Africa helping people at all organisational levels work almost anywhere and at any time.
This mobility is similarly transforming customers’ expectations. It’s becoming the norm that businesses need to respond quickly, if not instantly to customer queries, and often on a 24/7 basis. To manage these twin trends of increased customer expectations and staff looking to be flexible and mobile, companies are investing in new enterprise mobility systems. This has the potential to be hugely beneficial to an organisation, but there are serious security implications if it’s not managed correctly.
As a start, systems vulnerability increases significantly as mobile devices become endpoints within the enterprise IT infrastructure. To complicate things further, the trend towards Bring Your Own device (BYOD) means that myriad different devices, owned by employees, are being used to access information within the enterprise IT domain. The challenge BYOD brings for CIOs is how to manage risks to information systems without curtailing the personal use of the device by the employee. For example, companies may want to restrict the usage of applications that access various public cloud based storage repositories, as enterprise data could be quickly siphoned off in this manner. At the same time, however, the individual may need to use such applications for personal use.
In a world of hyper-mobility, businesses need tools and strategies that enable the secure management of the various devices allowed onto each network. Data leakage and identity theft through illicit activities such as phishing and security attacks are becoming more and more prevalent. It’s therefore crucial that businesses develop a clear enterprise mobility strategy and define the mobile device management policy context within which such strategy functions.
However, defining a workable mobile enterprise strategy must be more than an IT decision. Pressure is mounting from the various functional departments such as HR, procurement and operations to drive business efficiency through enterprise mobility. In order for the strategy to succeed, policies must be aligned with business objectives. This will avoid unnecessary expense and will maximise the benefit of mobilising the workforce. Different roles within the business require different levels of access to company data. Each case must be assessed and covered by policies to provide devices with a higher-level security solution where needed, without wasting resources or putting the business at unnecessary risk.
There must also be a shared understanding between the business and employees around what the strategy is designed to achieve. This is the only way a security strategy and mobile working policies and procedures will have the desired effect. Businesses have to educate staff on their responsibilities when using their own device for work and encourage them to stick to the guidelines and policies, clearly outlining the potential repercussions of breaking the rules.
But how does the IT administrator manage this effectively and efficiently? Mobile Device Management (MDM) provides the IT administrator with real-time visibility of how devices are being used and what data is being accessed. It can identify and block unfamiliar devices attempting to access business data and can be used to collate information around usage to bring down costs and keep the security strategy relevant and up to date.
Should a device be lost or stolen, MDM allows the IT department to remotely lock the device and wipe company-sensitive data to ensure it doesn’t end up in the wrong hands. Anti-virus and anti-malware software should also be a prerequisite to avoid data theft through familiar tactics such as Trojans, spoofing and phishing. Businesses can also use secure content distribution tools to distribute sensitive corporate information without exposing the rest of the corporate network unnecessarily.
But what about personal data? MDM tools are there to allow IT administrators to monitor corporate data on mobile devices, but it also allows for personal data to be put beyond the view and reach of the company, protecting the privacy of the employee.
Enterprise mobility is constantly evolving; therefore policies must be flexible enough to integrate new devices and tools as they emerge. Through MDM companies are able to take on new operating systems and devices without interrupting or undermining existing security measures.
Enterprise mobility, when implemented correctly, promotes organisational agility in responding to customer demands and drives overall productivity and efficiency. While this does come with risks, these can be kept to a minimum by selecting the right partner to guide the business. The ultimate aim is to get a security solution in place that provides choice, visibility, flexibility and proper protection.