Consumerization requires understanding people.
A great example was an Intel internal blog some years ago where two users, both doing the same job were asking for very different devices. One wanted a phone for email, finding airport lounges and applications. The other just wanted something that would make calls with good battery life. Can IT ever pick the right device for each user? I don’t think so but I’m interested in your thoughts.
My job is security specialist with Intel. I think that allowing company data on personally owned devices can be done with a better security level then most companies have today. That’s the point of this blog, looking at security of company data on personal devices.
If your company is anything like Intel you will have users trying to connect their personal devices today. If they are not they may be trying to sync their calendars with Google and user their own USB sticks to take data home to work on. You may have sales staff with customer details saved on GPS units, What about the company executives wanting the latest technology? These employees are not bad, they are not trying to do damage to the company and they just want to use the tools that they like.
Can this be stopped? Well let’s suppose that you wanted to stop all forms of consumerization, could you do it? I don’t think so, having seen the lengths that some people will go to in order to connect a personal device I believe that most businesses would not tolerate the cost or the disruption of the controls needed. Some years ago I did look at if this was possible and I came to the conclusion it would be very expensive. At this point everyone is rushing to tell me the cost of data loss, I really get that, being a security person I know protecting data is equal to protecting the life blood of a company.
So to repeat where we started, consumerization is about understanding people, how they work and behave. If every employee was a robot that did exactly what they were told you may find that you would spend very little money on security. So that’s the base line, consumerization most defiantly works if the confidence in the employees enforcing security is unquestionable. So the challenge is to work out, what you can trust the employee to do and what you need technology for. Then identify the gaps.
This sounds so simple but in reality it means a review of a company’s security position. In the next blog I will describe how Intel went about doing this. In the mean time if you’re interested there is a whitepaper on mobile device security at http://communities.intel.com/docs/DOC-5779 click on the PDF.