Enterprises Haven’t Gotten a Handle on Mobile Security

By Wayne Rash  |  Posted 2012-06-24

iPhone Turns 5 as Enterprises Struggle With the BYOD Chaos It Launched

Five years ago, at the end of June 2007, the world of mobile IT changed forever, although few realized it at the time. Who could have guessed that the sales of the first iPhone would ultimately lead to significant productivity gains, new lines of business and new headaches for IT? At first all that the iPhone seemed to be was an upgraded iPod music player. 

But over time, as more and more people realized that their iPhones could do more than make phone calls, browse the Web and play music, the demand to make them part of the enterprise became too much for IT departments to resist. Suddenly, alongside those Motorola RAZRs and BlackBerry smartphones, a new player had emerged, and it was a new player that could do things other devices couldn€™t. 

At first those new things were pretty limited. The iPhone was cool, people wanted to have one so they could be cool, too. But it turned out that the iPhone could do email, it could browse the Web and it could run programs. While most of those programs, simply called apps, were games or personal productivity software, there were a few that would work in a business environment. 

By this time the iPhone had changed the face of enterprise computing even though the world of enterprise computing hadn€™t figured that out yet. 

But things from that time are a big fuzzy. The iPhone was introduced in January of 2007, but not shipped until late June. There was buzz, but most people weren€™t sure what to make of it. Was it a music player with a phone or phone with a Web browser? Or was it really a computer since it ran Mac OS in those days?  

If that€™s where it had ended, the iPhone might have just been a short-lived curiosity, kind of like the Newton. But then Apple made sure the iPhone would work with Microsoft Exchange. Now iPhones could start infiltrating corporate offices and IT departments had little choice but to support the iPhone. 

This was the beginning of the BYOD (bring your own device) trend,  although we didn€™t call it that back then. Suddenly many different, personally owned smartphones and mobile devices were available and people started bringing them to work, expecting to use them. Companies for the most part were going along€”after all, they didn€™t have to buy the phones. 

And it wasn€™t just iPhones. Suddenly every-day users, those that wouldn€™t normally qualify for a company smartphone, were buying BlackBerry devices. Then Android phones started showing up and everyone wanted to be on the company network. Chaos reigned, but chaos isn€™t always a bad thing. 

Enterprises Haven’t Gotten a Handle on Mobile Security


What the chaos taught us was that business had to start taking mobile security seriously. Previously, many businesses had open WiFi access points. There were no real standards as to what could live on a phone and what couldn€™t.  

People were storing sensitive, work-related material on their iPods and nobody cared, because there were relatively few of them. But when the sales of the iPhone exploded, so did the security woes of the enterprise. Security managers finally figured out that company employees were walking around with tiny computers in their pockets€”computers that contained sensitive corporate data that could walk out the door and disappear. 

And with many companies, that€™s where we are today. The IT department is still trying to grapple with the dozens of different smart devices that show up at work on any given day. They€™re coping with figuring out what devices can be made secure, what can€™t and what they don€™t know. But with the exception of a few organizations, such as the government and financial services, BYOD has arrived. 

Now, everyone knows that BYOD is here, but far fewer have any clue what to do about it. How do you cope with all of those devices? The answer, it turns out, is that a company either embraces them in the name of employee productivity and morale (BYOD does not actually save any money and it might be more expensive than company-provided devices) or ban them entirely either in the name of security or the name of compliance. 

Some companies have no choice. I have a relative who carries a government-issued BlackBerry that he€™s required to use for his official communications. I know a number of people who work in financial services who must also carry BlackBerrys for business use. The rationale is that a BlackBerry under the control of a BlackBerry Enterprise Server environment is vastly more secure than anything else, and that€™s probably true. 

But that €œanything else€ part of the equation has changed. With the addition of third-party software from Good and others, many non-BlackBerry smartphones can be made to be very secure, at least in terms of email and enterprise apps. But beyond that, security varies depending on the user and the device. This keeps the IT department awake at night, especially when they don€™t own the phone and have only limited management ability.

But like it or not, the iPhone, and the other phones from Google and Microsoft that it inspired, are here, and they€™re here to stay. Apple started the whole thing with the iPhone, but Apple won€™t be alone in moving the trend forward.

Rocket Fuel