Before all you security conscious folks start nay-saying regarding the above title, let me throw some use-cases your way. Also give me the opportunity to explain how I see security shifting; role re-architecting opportunity. Above all else, I too want to keep the keys to the castle safe and secure. There may be some opportunities to move some things out to the village, away from the castle keep.
What data to protect
Each company has their own guidelines for what is allowed out in the public and what needs control applied. As we all start looking at the movement towards bring-your-own (BYO) devices, we are already beginning to reduce our levels of control. Our understanding of use patterns and what we must do is being replaced by other restrictions. We are drawing a line in the sand and stating that no data (or capability) above a certain level will ever be deployed in a mobile space. You too need to understand what your threshold for control is.
The cloud is secure
Do your homework with the vendors offering solutions in this space. You may not want to push everything into that space, but there will be content you are willing to release your grip on and allow to be placed into an environment where it can be highly shared. Don’t worry – it will be alright as long as you plan appropriately.
Use-cases for lifting control
Once you move outside of your tight hardware and software stacks, you will begin feeling anxiety around every release. So before this causes you to reconsider a mobile strategy, look closely at your data, processes and consumers. When digging into your data consider doing a full risk assessment around these areas:
Start listing how it affects your:
- Market standing
- Consumer confidence
- Intellectual property rights
You may be surprised to find some information has low risks in the public space regarding these three vectors. For those that are not limited, put contingencies in place. Consider only publishing summary information that has applicability to your employees (only).
Regardless, only publish the minimum information that is needed. Never push it all and let the consumer figure out what they want, since that is a tenet of the mobile device you need to abide by.
What are your thoughts in this area?