designsoliman - Fotolia
The Boston Consulting Group
Published: 11 Nov 2015
I've worked in IT infrastructure and operations for 15 years now. For my entire career, the mantra has been to keep the lights on, protect the perimeter at all costs and plan for a 20% annual infrastructure expansion to support business growth. In short, we've played things safe -- but that won't cut it in today's world.
Prior to the mobile era, most organizations stored their critical data inside heavily secured enterprise resource planning (ERP) systems or relational databases. Employees could only access this data from approved applications while on the company network.
Now, users expect to access their company's most sensitive data from their phones wherever they are. Changing our infrastructure to adapt to this mobile world requires a fundamental shift in the way IT admins think about mobile data access.
Ditch the perimeter mindset
First and foremost, we must change how we approach security. Conventionally, the firewall is the single greatest weapon in an IT department's security arsenal. But the firewall's effectiveness is based on the assumption that perimeter protection is paramount. With mobile, you need to turn this philosophy on its head, because mobile data access comes from more locations and on more devices than ever. Focus instead on securing the data itself -- regardless of where it lives, either on or off the corporate network.
Enable API access
We must collapse the abstraction layers we put in place for accessing information and enable direct, controlled mobile data access to infrastructure systems from mobile applications. For example, most enterprises running SAP have a data warehouse of some sort, and the majority of reports run out of there. Personnel use the data from these reports for critical decision-making and sometimes even export the information to other systems. But historically, it was rare for other systems to call data from the main ERP system -- and, for fear of corruption, even rarer for other systems to be able to transmit data to the ERP system.
Now, real-time data must be available directly from the ERP system to mobile applications. Direct API access can make these systems and their data available.
Let data flow
Users should be able to access critical business data from wherever they are, using the mobile applications that make their work most productive. Organizations must also categorize this data based on its importance and sensitivity and provide as much mobile data access as possible without compromising its integrity or organizational policies.
To do so, organizations should create tiered levels of data in the same way we tier storage: based on frequency of access. A lot of organizations just put all their information into one relational database, ERP system or business warehouse, then use all their reporting tools to access them. But if your most sensitive information has the same access methods and level of security as the rest of your data, you're asking for trouble. In theory, a general access application (such as order tracking) could become a springboard for unauthorized access to more sensitive data.
Emerging identity access management tools can help prioritize data by role, as can most system authorization structures that many organizations already have in place.
Face the usage music
Finally, IT departments need to change their year-over-year infrastructure growth goals from 20% to more like 50-75% increase. Admins can't stand by and let the infrastructure stagnate, especially with data- and graphics-intensive applications becoming more popular. Mobile business apps require significant amounts of data and throughput to properly function, and so IT's ongoing efforts to expand and upgrade the infrastructure must significantly accelerate.
This article originally appeared in the November/December issue of the Modern Mobility e-zine.
How much data access should BYOD users have?
Create APIs to empower mobile workers
How to build a data warehouse for mobile access