Dumb Users, Regulators Are Part of the Problem
In addition to the legions of bad guys who are trying to steal your corporate data, mobile security managers are saddled with an even bigger problem: dumb users. Despite everything you may try to accomplish by managing data loss exposure, by limiting the apps users can use while connected to the corporate network and by controlling what they download and upload, youre still at the mercy of the employee who loads corporate data on to their mobile device and then takes it home. While you can limit this to some extent through training and through security awareness, there are some things that you can do nothing about. In some places, regulators limit what security managers can do or what devices can be sold in their countries. Jose Otero, president of the Uruguay-based Signals Telecom Consulting said that stupid users are only part of the problem. We have stupid regulators, as well, who don't understand security, malware, or BYOD [bring your own device].So what can you do? Knesek said that, at BT, the executives solve the problem of security by carrying two devicesone thats owned and controlled by the company, and the other thats personal. This means that all company data is on the company-owned device, and the personal device is used only for personal data. She pointed out that this has one distinct advantage: The executive can turn off the company device and not be bothered by work. Another answer, obviously, is to use a device thats secure in the first place. Its probably significant that when I polled my panel while we discussed our presentations over coffee and bagels at the Loews Hotel in the South Beach area of Miami, I found that four of the five panelists used BlackBerry devices. One used an iPhone. None of the security experts depended on an Android device for communications. The iPhone user (we wont say who it was) expressed embarrassment. But in reality, choosing the right platform is only part of the problem. The bigger problem is using the device appropriately, and thats where the zero-sum game comes in. Editor's Note: This story was updated to correct the spelling of Jill Kneseks name.
Adding to the problem are mobile device manufacturers, such as Apple, that prevent full management of their devices. Apple iPhones and iPads always allow the user to have control over their devices, and iOS doesnt provide the full management capability that some other mobile devices allow.