So far, the discussion around enterprise users and mobile has been around “Bring Your Own Device.” As we discussed here before, software to control the devices is readily available, allowing IT to maintain a level of security for both usage such as email and for protection if the device is lost or stolen. The challenge facing organizations now centers around the use of software by enterprise users on their devices, which can be as problematic as the device security issues.
Quite a bit of the transfer of control to the users comes from cloud apps, such as Evernote and Dropbox. Instead of users being tied to Microsoft Exchange, Lotus Notes and corporate servers, users move their busy lives, both personal and work, to the cloud, sometimes threatening corporate security while meeting a work ethic that expects continuous connection. And this is where the contradictions arise.
Employees are now expected to be always online, always available. Evenings, early mornings, weekends, and vacations – many employees no longer disconnect. The value to the company of a response to an email on Sunday can be critical. But the employee – out at their child’s ball game, at dinner with friends, or lounging at the beach in Costa Rica with a drink in their hand – can respond, through their mobile device, to a request for information. But that information can require access to documents that may be difficult to find or retrieve through a phone. The user may put important and potentially relevant documents into Dropbox and pick them up from the beach chair on the phone. Problem easily solved, but corporate security is compromised.
But Dropbox isn’t secure and it isn’t limited to corporate documents. From a consumer perspective, it’s a wide-open sharing service/app that can be used for business documents. And while companies can lock down the use of Dropbox at work, that only results in new services being developed that bypass security requirements. In the end, users will find a way to make their jobs easier, and that means less security.
Locking down users may very well be a no-win effort for IT departments. And the best strategy may be to accommodate the users in their usage of services that allow them to access cloud data on their phones and focus on training on security and usage.
Then there’s the next problem, apps that truly disrupt control of communications services. A good example is the conference calling features of an app such as CrowdCall. Conference calling matured years ago, and little has changed from the toll-free number plus PIN method of access. However, the old method is painful for mobile users. The mobile user needs to find the toll-free number, call in, and dial a PIN. This is not friction-less to the user in a car, an airport, or at the beach they shouldn’t be at. In a car it requires stopping. It may require several cut-and-paste operations. It’s too much trouble.
CrowdCall lets users initiate the conference call directly from a mobile phone and dials all the participants. There is no dial-in and no PIN. And the risk to IT is that users drop the corporate conference calling and use an external service like CrowdCall for needs that were previously met by the IT department. It’s a simple model that takes away centralized control yet meets the needs of users far better than what IT can offer.
At this point, it’s safe to assume that this is just one of many services that will accelerate the transfer of power from enterprise IT to the user due to the proliferation of mobile devices. The best strategy for IT is to help users with their job requirements and train them to use external devices, services and apps in the most secure way. This will ensure full-time productivity meshed with the best security possible in the new, always connected world.