DOC RABE Media - Fotolia
To truly enable mobility, IT can't totally lock down smartphones and tablets -- despite their risks of mobile data loss.
Organizations must approach data protection differently in the mobile era, which can be challenging. Here, Brett Hansen, Dell's executive director of end-user computing, talks about the role of security in an enterprise mobility strategy.
What does modern mobility mean to you?
I want to do two things that are often in conflict with one another: On the one side … I want to empower my workforce to work smarter, more productively, more efficiently. At the same time … data is the lifeblood of business, and protecting that data has to be forefront in my mind.
[Modern mobility brings] these two trends together. It's allowing my employees to work in a highly distributed mobile environment, but doing so in a way that I can be ensured my company data is being protected.
How can IT keep up with today's changing security needs?
Having a plan is the first step. Where do you want to go as a business? Understanding the business direction is an imperative to then taking the next step and saying "OK, what do I want to do in terms of my security posture?"
The second element is what am I going to be protecting? Do I have a lot of data that is going to have to be especially secured because we're in the engineering sector and the [intellectual property] is absolutely essential for us?
What are some of the new attack vectors that come into play with mobile?
You're bringing in more devices. You're bringing in more operating systems. The days of a ubiquitous Windows environment have long since left us. Second, the movement of data and the velocity of data itself has dramatically increased.
Mobile devices naturally lend themselves to cloud environments. It's very rare that I'm going to pull up a document and save it to my mobile device. Where I might save it to, though, is a Dropbox, Box or Google Drive account. So considering the implications of employees storing company assets in a public environment has to be forefront in your mind.
Is there greater risk to corporate data through mobile devices or cloud services?
There is high risk as employees store data in more locations. It's so easy for me send a bunch of pictures out to my family. But the problem is that also creates risk: ‘Oops, I also included in those pictures a document that has 5,000 customer names and addresses on it.' Now we have a data breach.
Know what the data you have out there is, and consider the risk-reward situation. Am I willing to let that data leak out of my environment? That might be acceptable, but if it's financial information or serial numbers, I might need to be more restrictive.
How can IT balance those security needs with a good user experience?
It's not about being restrictive. You want to have very clear policies. Increasingly, people are more aware of the importance of adhering to those policies. But it can't be so prohibitive that it stops them from getting their job done.
It's accepting how the changes in the workforce are going to impact your world, having conversations with your business leaders to find out where they need to go and aligning your IT strategies to work with them -- and then applying technologies and policies that will enable employees to get their job done, while at the same time protecting and securing your data.
What's your all-time favorite movie?
Monty Python and the Holy Grail.
What's the best dish you can cook?
I'm very proud of my fajitas with my homemade guacamole, and of course, homemade margaritas.
Top methods for data loss prevention
How to back up mobile data
- Discover the Risks and Rewards Behind a Mobile Workforce –SearchSecurity.com
- Essential Enterprise Mobile Security Controls –SearchSecurity.com
- Mobile security moving to a unified approach –ComputerWeekly.com
- Top 5 Enterprise Mobile Security Issues –SearchSecurity.com