Informed CIO: Striking a Security/Usability Balance
Challenges IT Faces
Employees expect IT to support their personal devices--as well they should, because there's great value in such tools when performing business functions. But the main challenge facing companies that are enabling the use of these devices in business operations is the security risk of having a variety of mobile platforms accessing enterprise networks: How do you ensure that sensitive data isn't compromised and that vulnerabilities brought about by personal devices are mitigated?
Clearly, the answer is not to keep personal devices from accessing corporate resources. IT can no longer credibly stand in the way of the adoption of mobile technologies--the business drivers are too strong. But neither can you fail to enforce policies and slack on governance. That will lead to an increased number of security exposures. The odds are that one will be catastrophic to the business.
An additional consideration is the theft or loss of a personal device containing corporate data. Security mechanisms such as remote wipe, PIN-based entry and centralized management can satisfy many basic security requirements.
For a successful mobile implementation, CIOs must ensure that everyone’s interests are represented. That means balancing security requirements with the user's device experience. Core areas of a successful and mature mobile information security program include governance, risk and compliance; mobile policies; and the security infrastructure.
In this report we'll discuss best practices to securely integrate mobile devices into the enterprise. We'll also cover some security considerations around adaptive security, a critical element of an enterprise mobility framework, in the context of an area called secure user access, which refers to providing users with access to the network and its resources without compromising corporate data. We'll review the levels of capability in this discipline and discuss in more depth what elements, at each level, you should investigate in terms of policy, technology and people. (S4140112)