The notion that CIOs should accommodate whatever mobile phones and other devices their staff choose to use has gained increasing currency in recent years.While that attitude might help attract some staff in the short term, it isn't a sensible strategy from a security perspective, Scott Totzke, Research In Motion's vice president of security, told a media luncheon in Sydney this week.
Having workers pay for their own phones could seem to be "a compelling economic argument," Totzke said, but could ultimately lead to much worse problems. "The platforms are not all created equal. It's probably a catastrophe waiting to happen. There will be a big privacy breach and somebody's going to be on the hook for millions of dollars".
Device-based anti-malware solutions were not likely to be helpful, Totzke said. "The mobile context is completely different to a PC; you've only got so much CPU, computing power, and network capacity. It's really an exercise in managing scarcity. If you spend all the time managing security by adding on products, you end up with a device where security is the thirsty elephant around the watering hole."
Developing those policies can be complicated. Totzke noted that the US Department of Defence's guidelines to securely configuring the BlackBerry run to some 150 pages. Market watchers say it may be some time before that approach is reflected more broadly.
"A big missing component for the ability for CIOs or businesses to deploy mobile fleets is around policy," said David Cannon, program manager telecommunications for analyst IDC Australia. "In the last 12 months, there has been a significant upswing in the amount of organisations interested in being able to mobilise their people properly. That's going to keep heightening this security discussion."
"What we're seeing is a groundswell of people who want to be mobilised," Cannon said. "That pushes you back to a standardised environment, We're at this inflection point in the market. CIOs have to turn around and say 'We're either standardising or we're not', and if not, there's the potential to not be able to mobilise the way you want to."
No matter what policy is in place, human error is inevitable, Totzke noted. "The reality is these devices are going to be lost and stolen -- they're going to be left behind. Today, losing your phone is more heartache than losing your wallet."
Device choice is a "catastrophe waiting to happen": BlackBerry security chief
Letting staff choose their own preferred mobile platform is "a catastrophe waiting to happen" and will ultimately restrict the ability of businesses to exploit mobile platforms, the security chief at BlackBerry manufacturer Research In Motion has said.
HOW TOP MANAGERS MOTIVATE, ENERGISE EMPLOYEESDownload an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.