- Or, control access for some of the devices, granting or blocking access to resources based on need and risk.
Addressing BYOD by itself makes little to no sense as BYOD is not really a business objective, but rather a movement, not to mention a very narrow way of looking at connected systems. Therefore, it seems likely that the BYOD marketing phrase will lose its charm within a few years, if not sooner, leaving us with the real challenge: secure mobility. The real need is to enable secure access to only relevant resources from any and all securely managed devices and locations. In other words, while it's important for organizations to manage device access to their networks, it's even more important to manage what these devices can and can't do while they have access, an approach combining "mobile device management" (MDM) and "mobile application management" (MAM).
With this groundwork laid, it's important to note that secure mobility isn't limited to only those devices owned and brought into the office by employees, partners or guests; it also includes corporate-provisioned and personally owned home office desktops, laptops and any other network-connected devices available now or in the future (i.e., the Amazon Kindle, Apple TV, or maybe even the Sony PlayStation).
It's also important to understand that BYOD and MDM/MAM are two very different things and should be viewed as complementary. BYOD is about access for mobile devices, and MDM/MAM provides the option for establishing granular control over these mobile devices and their applications after they join the corporate network and/or while they are being disconnected from the network.
Protecting the organization's network and its data from attack and misuse requires more than just a BYOD mentality; establishing secure, mobile-enabled operations requires a mobility access control program that includes corporate-provisioned, approved employee- and partner-owned devices as well as unmanaged guest devices.
So, what are the end-to-end secure mobility requirements? Here's my take:
- Control access, using different levels for different devices, different OSs, different connections (wired/wireless), different users, etc.
- Manage authentication to the devices to ensure the device is being used by its intended owner.
- Ensure devices comply with defined policies (corporate/regulatory) -- validating items such as the device's unique International Mobile Equipment Identity (IMEI) number, expected OS version, rooted or jailbroken status, and specific applications installed or missing.
Sign up for CIO Asia eNewsletters.