“Everyone talks about controlling these devices,” O’Berry said. “I don’t care about device control. What I care about is device resiliency and insulating my agency against risk. In doing that, though, I don’t want to impede non-traditional productivity. Devices like the iPhone increase operating efficiencies.”
Invariably, solutions will come as the devices mature, if not from the smart phone vendors themselves, then from third-party security vendors. And if Apple continues to buck third-party software development, some other smart phone vendor will likely play to the enterprise and eclipse the iPhone in that market. After all, you don’t hear a similar chorus of warnings against the BlackBerry. The difference is that BlackBerry started as an enterprise product and has spread to the consumer market. The iPhone has taken the opposite path.
As of today, though, smart phones represent a threat matrix for corporate networks. IT has little visibility into the devices, and device-side security is limited at best. Until the phones are more secure, IT must do something to mitigate risks.
“We need to get beyond the mentality of IT versus users,” O’Berry added. “Instead, we should collaborate with users on how best to strike a balance.” Whether that balance means education and training or network edge controls or putting pressure on vendors for more secure products remains to be seen.
What’s clear, though, is that IT will have to figure out how to handle these devices soon. They’re coming whether you like it or not, and the first step towards recovery is admitting you have a problem.