Office mobility: Consumerization of devices

There are best practices for keeping data safe as Apple and Google devices capture the enterprise. Beth Schultz reports.

Not so long ago, enterprise mobility came with a set of well-defined security best practices that typically looked something like this: Control access through a virtual private network (VPN), encrypt data while in transit and at rest, and only allow the use of IT-controlled, password-protected devices, such as a corporate laptop or a BlackBerry.

“Over the last few years, most companies have had a pretty good angle and knowledge on regular device security that had been beaten into them,” says Marco Nielsen, vice president of services at Enterprise Mobile, a mobility services outsourcer.

But that was so yesterday. While laptops and BlackBerry devices haven't disappeared from the enterprise, many business users are pushing them aside for the latest consumer-oriented smartphones and tablets. The Apple iPhone and iPad, and their Google Android counterparts, are where enterprise mobility lies today – or at least this is what many of today's workers believe.

Enterprise IT hasn't been so certain, with its predominant focus on such matters as buttoning down the corporate network and keeping data secure. At the most obvious level, an iPhone or Droid is small and considerably more lightweight than a laptop. And that makes such a device far easier to forget as a CFO disembarks from an airplane or a sales executive exits a taxi. 

What if during that ride the sales executive had used Microsoft Outlook Web Access to download email with customer-sensitive information – and hadn't bothered to password-protect the phone? He is going to be bummed that he lost his personal device, but the company will be in a much more precarious position due to the sensitive data sitting in an email cache ready for any Joe Hacker to read.