PC sales continue to decline, mobile sales continue to climb, people work at home, and the notion of strict work/life separation for equipment is on its way out for many information workers. Yet most IT organizations and security vendors insist on applying legacy thinking for information security that simply cannot work in the modern world of heterogeneous, anywhere, and mixed personal/business computing. They keep trying to build mobile prisons, extending perimeter defenses across the digital world or creating satellite fortresses on every device. No one willingly enters a prison, and the gulag and straitjacket approaches favored by IT and security vendors simply will be bypassed by business users, who've been doing so for years on the desktop.
It's time to stop the madness and protect what really matters: the information that moves among all the devices. To do so, the industry needs to stop trying to turn smartphones into fortresses that people can't use and forcing the use of proprietary app containers that can't scale a heterogeneous, interconnected digital environment or that provide read-only access (what's the point, then, of having the file?). Instead, it's time we focus on protection at the information level, essentially using the notion of digital rights management (DRM) that travels with the data itself. The only way to make that work is through an industry standard.
There are two great models for how this can work. One is Microsoft's Exchange ActiveSync (EAS) protocol, which provides a de facto standard for basic device security that ensures good security hygiene such as forced device encryption and enforced password use. This single protocol, if broadly adopted, gets rid of most of IT's often-stated "what if the user loses the device?" fear.
The other is the Wi-Fi Alliance, the group ensuring interoperability of the 802.11 devices that in the beginning could not talk to each other though they were based on the same IEEE standard. The alliance is now trying to create the same assurance of interoperability for video streaming via its Miracast standard. By having an interoperable information-level security standard, IT would be assured that critical information remains protected no matter what apps are accessing it and no matter on what devices.
Today, we have a muddle of competing proprietary standards from more than a dozen companies. Their containers typically work only with IT-developed apps that use their specific API and management tool, and sometimes with commercial apps that adopt that proprietary technology. That proprietary nature puts everyone at risk: IT and developers are wed to a single company in a frothy market where vendors come and go. Users are severely limited in the apps and devices they can use — most of these systems, for example, don't work on Windows or OS X, even though PCs remain the biggest source by far of data loss, whereas mobile is a minor factor.
Sign up for CIO Asia eNewsletters.