"As much as we think that mobile devices are inherently difficult to manage, the fact that we have consumer operating systems has actually helped us with the underlying security architecture," Rege says.
The way IT secures PCs today is largely through a system image. End users aren't permitted to install anything they want on a corporate-owned PC; they are told to use a standard image that IT determines and enforces. If a serious problem arises a technician might simply reimage the device to get it back to a clean state. On smart phones, however, an enterprise can't control the device image, even if the company owns the device. End users are going to download the apps they want for personal use in addition to the apps the company requires. Thus the notion of a standard image goes away.
The new model for security will be based on the evolution of trust that depends on the user, the context and posture of the device, the application, the data repository, and perhaps even the specific file the user wants to access. Access control that determines access to enterprise resources will have to take into account a lot more than simply who the user is. This means that application and service provisioning will become more user-centric as opposed to focusing simply on the device.
This brings us to the evolving role of the user in computing. Mobile computing, whether it's for business use or personal use, has given people a sense of empowerment. For the first time, people have choices - in what device to use, in what apps to use, in where and when to do what we need to do. On the consumer side, people have gotten used to having a great user experience. This genie is out of the bottle and it certainly affects how enterprise computing should be approached, Rege says.
Most enterprise applications today were designed to provide features and functions with little concern for how good (or bad) the user experience might be. The business user has to adapt to the application, which is the complete opposite of how the same person interacts with his personal applications. This disparity is something that companies need to address with their business apps. Rege calls this the app modernization imperative, where businesses will need to redesign their applications so that workers will have a great user experience regardless of the device they choose to use.
Privacy is another big issue that comes into play as more workers choose to use their own devices for business use. Individuals want to access company apps and data via their own smart phones and tablets, but they don't want the company to access their personal apps and information on those devices. For IT managers, observing this demarcation between business and personal isn't difficult because of the architectural properties discussed earlier: application sandboxing, isolated data, and trusted primitives. This makes it easier for IT to look at the device and see only the enterprise information without seeing the personal information.
Sign up for CIO Asia eNewsletters.