Your Priority: Securing the Device or the Data?

We have a Web Forum coming up tomorrow on how to manage telecom in-house from an enterprise perspective. I’m anxious to hear what Jennifer has to say on the matter and what tips she provides the group but for some reason it got me to thinking about mobile device management (MDM) and security. BYOD was banging on the door pretty loud in 2012 but analysts seem to agree it’s going to bust the door down in 2013. IT shops need an efficient and effective way of managing and securing this abundance of devices. So what’s the solution?

Every time I wade out into this area of the pool I’m reminded of Adrian Gardner’s presentation at a forum of ours last year on “Building a Future-Ready Digital Government.” Mr. Gardner, CIO for NASA’s Goddard Space Flight Center, brought up an interesting question:

Should we be more worried about securing the information or the devices themselves?

He obviously acknowledged you want to secure both but his point is where the emphasis should lie for IT and the organization. A comprehensive enterprise mobility policy needs to be created in order to cover all bases (at least as many as possible).

MDM chart

While a lot of companies have yet to deploy any kind of MDM offering, many are evaluating the field for potential 2013 deployments. Vendors like Good, MobileIron, Airwatch, and MaaS360 offer viable MDM tools with similar capabilities but their own unique spin. Some analysts argue MDM is already a dying industry but many will counter by saying its simply evolving and shifting focus towards mobile application management (MAM). For now though, MDM should be an integral part of your enterprise mobile strategy.

User awareness is another important area because a lot of mobile security mishaps can be attributed to operator error. For instance, downloading a bad app or clicking on malware laden email can easily compromise corporate data. Employees need to be educated on the latest mobile security threats. I’m not talking about a once a year classroom session with a simple PPT saying “this is bad and that is bad.” IT, HR, Legal and whoever else needs to be onboard and continuously informing personnel of the dangers and risks these attacks pose on the company.

Ultimately, as Mr. Gardner alluded to at our meeting, it all comes down to securing the company’s data. That should be the #1 priority and it shouldn’t just be an IT objective. We’re talking about the organization’s data as a whole. All business units need to come together and collaborate for a solution. However, this is a great opportunity for IT to show its leadership chops and make a statement on their value to the organization. I read and hear a lot about IT not being respected enough or included in the big decisions blah, blah, blah. Well this mobile security initiative is about as big as they come because any kind of data leak could land a company in the front page headlines or lead story on CNN. They say any publicity is good publicity but in this case I’d have to disagree.

How does your company handle its MDM? Do you have an enterprise mobility policy in place? If not, is that a priority in 2013? Lastly, how would you answer Mr. Gardner’s question about securing the device or the data?

Additional Reading

5 BYOD Risks and How to Manage Them (eSecurity Planet)

Is Mobile Device Management Dead? (Virtualization Review)

Spotlight on Mobile Device Management (IT World)

Why Mobile Device Management isn’t Enough (Information Week)