Consumerization of IT: Moving Beyond Security Concerns for IT Organizations, Part I

Security3 minutes readOct 18th, 2011

Ok, there are too many articles about how IT organizations are stymied by the proliferation of mobile devices within their environment and their need to secure enterprise data. This is known as the Consumerization of IT, or the need for IT to support consumer devices. Since IT is usually responsible for the protection of enterprise data, they have to be the guys to set company policy which has led to restrictions on devices, application and data access. After all, if there’s a data leak, who has to deal with it? IT is trying, generally with limited budgets, to gain control of the issue and provide users with the experience they desire.

Point Solutions Do Solve The Problem

So IT looks for solutions. Every Mobile Device Management (MDM) or Mobile Enterprise Application Platform (MEAP) vendor has the answer to bring them control…or so they say. Most management platform vendors seem to have an offering that supports mobility. The problem is that point solutions do not really solve enough of the problem. You need to understand all the facets of mobility in order to pick the right technologies to make your enterprise succeed.

We believe a holistic approach is necessary to design a mobile device strategy that meets the needs of the enterprise while providing the security for enterprise data. There are several key areas that need to be discovered and documented in order to build the strategy. These include:

  1. Understanding the users
  2. Understanding the applications/data they need to access
  3. Understanding application modernization scenarios
  4. Understanding the infrastructure considerations
  5. Understanding the security requirements
  6. Innovating on what’s possible

Understand the users – in this area you need to develop a categorization of users within the enterprise. The Gartner Segmentation Model for Mobile and Client Computing is a very good method for coming up with the categories. Consider all users of mobile devices. It is easy to pick the executives or professionals who travel with mobile phones and want email access, but also consider someone like an inventory clerk in the warehouse with ruggedized handhelds for inventory management, shipping and receiving. You need to look at securing all the devices. Priorities can be set once the assessment is complete. In the segmentation you document:

  • Where they use their devices. e.g. locally, multiple locations, internationally
  • The level at which they need to operate independently. Do they need to work with data while not connected? Must they follow a specific process or can they change the use data?
  • What are the types of data that they need to access and use. Is it just email and messaging? Sales reports in a financial system? HR data in the HR systems?
  • What level of collaboration is needed by each user type? Do they simply read emails from other users or do they need to interact real-time on documents?

Understanding the applications/data they need to access – in this area you need to develop a list of the applications, data and systems that mobile users need to access. Email is easy; you know that is what most mobile users need. HR systems, sales and financial are also key areas for selected members of the user community. But how about access to building control systems or power consumption data that could help facility managers better support the company’s green initiative. The idea is get them all down in a list, and then set priorities for implementing access.

Related posts:

Tags-   Gartner Mobile applications Mobile devices Security