The mobile security market has matured, but some IT departments haven't gotten the message.
The fear, uncertainty and doubt that dominated headlines three or four years ago have given way to the concept of secure mobile enablement -- protecting corporate data on smartphones and tablets, but not at the expense of user-friendliness. Still, some administrators insist on locking down mobile devices as if they were company-owned laptops.
This mobile security strategy may be necessary in some cases -- highly regulated industries, for example -- but often is overkill, said Kurt Roemer, chief security strategist at Citrix, which has supported bring your own device (BYOD) for its employees since 2008. Roemer spoke with SearchConsumerization about the evolving mobile security market and how IT should adapt.
When consumerization and enterprise mobility first hit the mainstream, there were serious concerns about mobile malware and corporate data loss. But today we still haven't seen a large-scale attack or breach. Were those concerns legitimate?
Kurt Roemer: The concerns were legitimate. The response [that IT needs to lock everything down] was not legitimate. The response carried over from the old IT style.
How hard is it to get IT admins out of the traditional, desktop-centric, lock-everything-down mentality to security?
Roemer: It depends on the maturity of the organization in many cases. That level of control is hindering business and not really providing the level of security they thought it would. We need to make sure security meets the use cases that IT is supporting, and it's not just to use a set of technologies. As we like to say here, protect what matters instead of doing security generically across the board.
Was it hard to make that transition internally, given Citrix's history in desktop computing?
Roemer: We definitely had the same challenge as we approached BYOD. Anyone could have found different reasons to say we can't have mobile, we can't do BYOD. We all got together to find ways to do it and to do it securely. There are so many productivity gains from BYO, and the ability to support different work styles.
Should BYOD shops approach security differently than corporate-issued shops?
Roemer: I wouldn't necessarily say they need to approach security differently, but how they have solutions stratified does make it different. If they own devices, they can lock devices or wipe devices. Most organizations need to have that capability, but it's for a much smaller segment of their user base than they think. It really gets back to the use cases.