IT lockdown challenged by ubiquity

When iPhones started getting accepted into work places, people became disenchanted with not being able to download apps they wanted onto corporate handsets. File photo / Thinkstock

Everyone now seems to have a smart phone, at least everyone in modern business seems to. This can either be embraced or rejected by institutions' IT departments, whose initial reaction was a regime of so-called mobile device management.

MDM secures smartphones and other mobile devices and evolved from the way IT had always handled technology in the workplace for desktop computers: systematised installations and lock-down, basically.

Sometimes strict device management is clearly the best idea (ie in schools), but times are changing.

MDM may no longer be that relevant. Even years ago, IT departments felt challenged by Macs arriving in the work place, partly because they didn't have experience of them (or want it) and partly because Macs often seemed to plug in easily to existing networks and work fine straight away, without requiring the lordly touch of the IT guru being required. To their dispossessed fury.

Some IT departments, of course, could handle Macs, but then the impulse was to treat them the same as company PCs: create a baseline configuration for all computers of one type complete with corporate settings and needed applications and files, roll that out, and then use client management tools to ensure users couldn't make major system changes, install their own applications, or alter core operating system components.

I've seen this for Macs, using ghosts and imaging, in the same way it's deployed for PCs.

Trouble is, just as with Macs, people started bringing their own devices to work in preference to some of the corporate clunkers out there being foisted on the workforce (not in all cases, of course, but in far too many).

And when iPhones did start getting accepted into work places - or at least in pockets and purses - people became disenchanted with not being able to download apps they wanted onto corporate handsets, resulting in a "tension of ownership" in the words of Cult of Mac.

There is definitely a security issue, make no mistake. As another CoM article points out, four out of five workers think that removing confidential data from the office is an offence that should get a person fired ... yet 90 per cent believe it happens regularly.

This is a fraught area open to many inconsistencies. I know a guy, for example, in New Zealand who grabbed the wrong portable hard drive to take home to do some company work on the weekend. The 'wrong' hard drive had corporate training documents. When, a little later, the Mac-based firm decided to drop a few staff members, this was brought up as one justification for his dismissal: that he had taken home sensitive files the company couldn't afford to lose to anyone else.

Sounds OK, except in this case the training guides on the disputed hard drive had been written by the same guy in the first place.

Anyway, my point is, a lot of people have iPhones and other smart phones these days. Sometimes, their own devices are preferable to what they are 'supposed' to use.

Even some of those anti-Apple IT guys of old are converting, for themselves anyway - the lure of an iPhone, or even an iPad, simply too great to resist. But it still leaves the business model up for debate: should a company supply devices or cope with those being brought in?

It is possible, of course, to secure a smart phone, apart from the fact somebody can leave it lying around. I mean, even Apple employees have been known to sink a few beers and stumble off, leaving precious prototypes lying around in bars. Or so it's said (I often wonder if it's a publicity stunt).

Security is one area with which RIM, with the BlackBerry series, really ruled the roost, but that is changing.

Even in RIM's Canadian home: sales of the iPhone surpassed the BlackBerry in Canada during 2011, according to research from IDC and Bloomberg.

Perhaps RIM will refocus its brand to create security apps for iDevices? That might be too hard a pill to swallow, but in March it was reported RIM was looking for iOS developers.

It was considered that RIM planned to develop an iOS management solution around the aforementioned MDM frameworks. Apple makes these available to every company in the mobile management space. An on-device app would be one of the only ways RIM could differentiate its solutions from dozens of mobile management options already on the market, and it has a proven record.

In the meantime, iDevices have improved, from iOS4 onwards. Read Write Enterprise tells us there are seven basics to follow: require email session encryption; wipe devices if they are lost or stolen; protect devices with a passcode lock; auto-lock devices after periods of inactivity; auto-wipe devices after failed unlock attempts; protect the configuration profile and continuously refresh policies.

Add to the mix Apple's free Configurator that allows a company to deploy apps to multiple iDevices from a Mac.

Also, look at FileMaker's announcement that Go for FileMaker Pro 12 is now free, meaning 100 people in your company can all access that FileMaker database from their iDevices. This may start an avalanche of people 'extending' the reach of their computer applications and services out to networks of devices, which could be pretty exciting, useful and empowering.

In fact, while the proliferation of apps is the biggest asset of any iDevice, it may also be the biggest headache, with in-app purchases, ads and other services leading to potential security flaws or avenues for sneaky intrusions that other agencies might find hard to regulate or lock down.

Norton is one of several vendors planning iDevice security tools. Norton's Con Mallon told PC Advisor that although its mobile security focus was currently on Android, the company was looking to expand into different mobile operating systems, with a Norton iOS security product due possibly in the next 12 months.

The market is still expanding, so that means the target is, too.