A New Model
When it comes to security, traditional IT departments seldom consider “flexibility” or “choice” as adjectives to describe their initiatives. However, as BYOD continues to gain traction in enterprises around the globe, security professionals are finding that the strict security postures of the past do not go hand in hand with today’s mobile environment.
Rather than having users reject or circumvent strict policies, and create further blind spots, security teams are leveraging new hybrid deployment models that help empower users to make better security decisions, while simultaneously granting users more choice in what types of apps they can leverage to be more productive in their daily lives. It all comes down to finding the right balance between security and functionality of mobile security solutions.
Recently, Rob Greer contributed a BYOD piece for DarkReading which raised some great points on this topic, including:
- Gartner’s Managed Diversity Model references ‘semi-managed devices’ for which information security and end users split the responsibility.
- In a semi-managed device environment, IT can, and should, shift some decisions to end-users
- This model presents three service choices to users that range from the traditional ‘IT controls and manages everything’ to ‘user free-for-all’ device management.
- Security management tools should be launched at the content and application level, not the device level.
Shared Use, Shared Responsibility
With a semi-managed device environment, IT gains more flexibility in the types of policies they choose to enforce, and how these policies can be implemented, shifting some of the responsibility back to employees. However, as employees gain more responsibility over the apps they install on their devices, it’s important to also provide employees with the right tools to make informed decisions.
The Appthority mobile app, for example, has a great feature called PASS – Proactive App Security Search. With this feature, employees whether on a BYOD, CYOD, or corporate owned device, can search for apps from the app store and see whether or not the app complies with corporate policies before the apps are ever installed on the device. This way, IT doesn’t have to manage and enforce an ever growing whitelist or blacklist, while employees know any possible risks found in apps they’ll use for work, or personal use, before the apps are installed.
We see our customers trying to find the balance between security and productivity on a daily basis. As Rob notes, “The key for a happy balance between employees’ wants and IT security management is two-way communication that addresses each party’s concerns.” Engaging and empowering employees to be part of the solution is critical to enhancing overall enterprise and employee security.