Beyond BYOD

“We're struggling to understand a lot of what's coming down the road,” says John Johnson (below), global security program manager for Moline, Ill.-based John Deere, a global leader in the manufacturing of agricultural machinery. With more than 60,000 employees in about 200 locations worldwide, he sees devices from various manufacturers entering the workplace and new challenges like Windows Phone constantly coming onstream.

“A mobile data management (MDM) plan is critical,” Johnson says. “From my perspective, the reporting and management functions are as important as the security itself. We have to have the confidence that mobile devices can be managed as effectively as desktops.”

But, no one strategy will cover all circumstances, he says. “Things are changing so rapidly that it's difficult to choose one MDM solution. Companies have found themselves going back to their vendors after a year or two, looking for new answers.”

As well, while Johnson is encouraged by some online storage provisions, he says that space still has a way to go. “We need secure solutions and encryption. We want to know where our data is.”

But the threat posed by public storage takes a backseat to employee-installed applications, says Foreground Security's Amsler. “That's the number one threat vector I see. The amount of malicious code has grown exponentially. It's more sophisticated, and, increasingly, it's app-based now.”

Khan of TwelveDot Security, who has provided security analysis in 36 countries, agrees, and says organizations' security oversight must extend to app development. “Every new OS poses a security risk because of what comes with it.”

He advises clients to study the beta versions of new apps that employees might use on mobile devices, analyze the application programming interface and reflect findings in MDM plans and mobile application management (MDA) solutions.