'Failure-Proof' Mobile SecurityGartner's Girard on Key Security Challenges in Mobility
Before the heyday of mobility, enterprises could be reasonably assured of data integrity and confidentiality on company-issued devices that were in use for business. Mobility has changed the landscape considerably and existing mobile infrastructure in organizations is poorly governed and full of holes. What challenges do practitioners need to address to 'failure-proof' this ecosystem?
With mobility, even on organization owned devices, the prospect of true management is limited. Add to this the broad diversity of devices and the difficulty in managing and enforcing patches across numerous OS versions, and something is always at risk, says John Girard, Senior Vice President and distinguished analyst at business consultancy Gartner.
"This is really the head of the problem - the chaos created by the numbers of devices, the diversity of their capabilities to be managed, and the complexities of trying to come up with a common management framework," he says.
The concept of mobile device management promised to address challenges unique to the mobile ecosystem. However, CISOs still cite BYOD and mobility as one of their biggest headaches today, a slew of MDM solutions notwithstanding.
Information Security Media Group caught up with Girard when he was in India as a speaker at the Infrastructure and Datacenter summit in Mumbai organized by Gartner. He spoke at length about mobile security and 'failure proofing' existing mobile infrastructure. In this interview, Girard shares tips on how to do just that in addition to touching on:
- Broad challenges in the mobile domain today;
- Negotiating your BYOD program with users;
- Mobile governance and threat vectors. [Please see: Emerging Mobile Threat Landscape]
Girard is a VP and Distinguished Analyst in Gartner's Info Security and Privacy Research Center. He is an expert in business security and privacy solutions for wireless and mobile road warriors, extranet, remote offices and teleworkers. He specializes in predicting future security technologies to help clients to avoid getting backed into a corner with dead-end investments and get the best payback on their investments.