News Stay informed about the latest enterprise technology news and product updates.

Mobile security market moves away from FUD

Citrix's chief security strategist says the lock-everything-down mentality can hinder mobile productivity.

The mobile security market has matured, but some IT departments haven't gotten the message.

The fear, uncertainty and doubt that dominated headlines three or four years ago have given way to the concept of secure mobile enablement -- protecting corporate data on smartphones and tablets, but not at the expense of user-friendliness. Still, some administrators insist on locking down mobile devices as if they were company-owned laptops.

This mobile security strategy may be necessary in some cases -- highly regulated industries, for example -- but often is overkill, said Kurt Roemer, chief security strategist at Citrix, which has supported bring your own device (BYOD) for its employees since 2008. Roemer spoke with SearchConsumerization about the evolving mobile security market and how IT should adapt.

When consumerization and enterprise mobility first hit the mainstream, there were serious concerns about mobile malware and corporate data loss. But today we still haven't seen a large-scale attack or breach. Were those concerns legitimate?

Kurt RoemerKurt Roemer

Kurt Roemer: The concerns were legitimate. The response [that IT needs to lock everything down] was not legitimate. The response carried over from the old IT style.

How hard is it to get IT admins out of the traditional, desktop-centric, lock-everything-down mentality to security?

Roemer: It depends on the maturity of the organization in many cases. That level of control is hindering business and not really providing the level of security they thought it would. We need to make sure security meets the use cases that IT is supporting, and it's not just to use a set of technologies. As we like to say here, protect what matters instead of doing security generically across the board.

Was it hard to make that transition internally, given Citrix's history in desktop computing?

Roemer: We definitely had the same challenge as we approached BYOD. Anyone could have found different reasons to say we can't have mobile, we can't do BYOD. We all got together to find ways to do it and to do it securely. There are so many productivity gains from BYO, and the ability to support different work styles.

Should BYOD shops approach security differently than corporate-issued shops?

Roemer: I wouldn't necessarily say they need to approach security differently, but how they have solutions stratified does make it different. If they own devices, they can lock devices or wipe devices. Most organizations need to have that capability, but it's for a much smaller segment of their user base than they think. It really gets back to the use cases.

Dig Deeper on Enterprise mobile security

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How does your company secure employee mobile devices?
The company requires all mobile devices to be connected via a server that is protected from a central location by the company. Via the server, the company can place blocks or monitor what information you are accessing. If you are found to be accessing things via mobile devices that you should not be, the company can prevent your mobile device from reconnecting. The company also issues work related mobile devices to some people, which can be subject to some of the same restrictions.