It’s funny, BYOD is like that Far Side cartoon “la la la la Spot! la la la la.” What an IT manager hears when people talk about BYOD is “la la la la la UNTRUSTED la la la.”
Why? Because, the very fact that IT did not issue your mobile device makes it an “untrusted” device – doesn’t matter what brand or model. At least with laptops the IT manager can require specific protection software to make it a 14-minute boot cycle (intrusion detection, anti-virus, edge-point analytics), and the firm is fairly protected (maybe not very productive, but at least protected).
In tablet-land, this is a challenge – since tablets generally don’t have enough oomph to run the software to protect a VPN-like tunnel, they represent a vector for malware (which ironically CAN run on a tablet).
So, if you can’t secure the edge, and you can’t let the device access your data center, what do you do?
Interestingly, one possible answer is to build a “trusted” zone outside the firewall in a neutral territory where the device and data center can meet to conduct business. Exchange hostages. Get a good look at each other. Decide whether they should trust each other and exchange value. Such is the nature of the new SaaS platforms. Creating a zone where one client-server session is terminated and another started creates an effective security barrier for device-borne malware. Include a disposable footprint in the neutral zone, and the “attack surface” is pretty minimal…
And with a manageable risk profile, suddenly those tablets that can shed that “untrusted” label and even have a shot at being man’s best friend. Or at least IT’s.
This post also appears on Stephen’s Getting a Grep blog.
