(For more, check out BYOD: If You Think You're Saving Money, Think Again.)
We're touching on the topic of virtualization on the smartphone or tablet, basically enabling separate areas for business and personal apps and data. Do you think this is where BYOD is going?
Mensel: It's a really cool idea, and you can solve an immense number of problems. But until it works on iOS devices, it's not useful. The whole point of BYOD is that people can bring whatever they want. It's central to the value proposition. A substantial portion of the time, it's going to be an iOS device.
Until those mobile hypervisors work on iOS, which isn't going to happen anytime soon, it's a non-starter.
John Mensel, director of security services
There's an alternative to virtualization that offers many of the same benefits. Here's what we've been doing: A client has an application that we have to put a lot of strict security protocols around. But a few principal users need to access it from a mobile device. Well, we use terminal services with SSL-based VPNs wrapped around it.
It's been a really good solution. The user can call up a remote desktop and access the privileged data. It's just the remote desktop protocol, so it works brilliantly on iOS devices as well. You can implement it with technology that 99.9% of the companies already have. Most IT folks already understand this at a deep level.
It's cheap, fast and secure.
Security seems to be a hot topic when it comes to BYOD. I often hear the standard response of remote wipe. But this isn't really security management, right?
Mensel: We advise our clients to tell their employees that, in the event the device is lost or stolen, they'll remote wipe it. I know that's a contentious point with lots of legal issues surrounding it.
But in our market space, a lot of our clients aren't able to make huge investments in things like Mobile Iron where there's really granular control. The wipe-your-device policy provides a lot of blanket protection for everybody. You need to have a kill switch.
That said, I think you've really hit the nail on the head. If you have to remote wipe a device to prevent a serious security breach, you've already lost.
Almost all of the really severe security problems surrounding mobile devices can be mitigated through basic network security and data protection. Your most critical data, such as customer credit card numbers, need to be locked away behind another layer of security protocols.