Confession time: Two weeks ago, while I was at a tradeshow doing a demonstration on how our ITSM software could be run on a mobile device, my iPad was stolen! I felt horrible and completely vulnerable. The only consolation was that the iPad was locked and my IT team was able to wipe it remotely.
Security is by far the biggest issue I'm reading about when it comes to bring-your-own-device (BYOD) programs. It may seem straightforward, but IT cares about security, and we as individuals or employees care about ease of use and convenience!
A recent study conducted by the Ponemon Institute concluded that mobile devices are a mixed blessing for employees and organizations. Their “Global Study on Mobility Risks” reported these alarming, but not surprising, findings:
- Fifty-nine percent of employees circumvent or disengage security features;
- Fifty-one percent of organizations experienced data loss resulting from employee use of insecure mobile devices;
- Thirty-nine percent of organizations have security controls to address the risk; and
- Forty-five percent of organizations have enforceable policies.
Here’s the challenge:
- Organizations are concerned about malware, spyware, malicious downloads, and the loss of sensitive data (i.e., security); and
- Individuals are concerned with convenience and ease of use. I have read that less than ten percent of tablet owners lock their tablets, and less than 25 percent of smartphone owners lock their phones. (Do you?)
In the Ponemon survey, 77 percent of respondents agreed that the use of mobile devices in the workplace is important. But because employees want ease of use and convenience, IT is often viewed as tyrannical. And, to be fair, IT has to admit that it has, at times, taken the approach of not trusting its employees. Employees often feel like IT automatically says no, without thinking about the benefits.
So how do we achieve harmony in the workplace? Four things can go a long way:
- IT needs to start by believing that end users really do want to be productive and that mobile devices make them more productive, and by operating out of trust instead of distrust.
- Employees need to realize they can't have their cake and eat it too—some level of security will be required, and graciously accepted, on their mobile devices.
- A good governance strategy.
- Well-defined policies and procedures.
The HDI community and I would like to hear from you. How does your IT organization manage to balance security versus ease of use and convenience?
Follow me on Twitter.