If you have to wipe a mobile device because someone was able to download a database of your client's social security numbers onto it, then the problem isn't the mobile device. Your security policy is out of line anyway.
Another problem with remote wiping a mobile BYOD is that the employee will lose personal data, too, right? That's why lost or stolen devices aren't reported to the IT department right away.
Mensel: I don't necessarily agree with that, at least the part about not wanting their personal stuff wiped. We could take all 40-something personal mobile devices that my engineering team owns and throw them into a pit of lava. I don't think we'd lose a shred of essential data.
Sure, there would be some inconvenience. We'd have to buy new phones, punch passwords back into them, and synch them up with our iTunes libraries. But smartphones and tablets allow you to view and interact with data that lives elsewhere.
If people are keeping personal data on their smart devices, and that's the only place where the data lives, then they're not using the device properly.
I've heard about some companies having BYOD user policies that forbid employees from using iCloud.
Mensel: If you want to have a draconian user policy, the company needs to own the devices. I don't think it's appropriate for a company to say, "You have to bring your own device, it's your responsibility, but you have zero control over it."
I know a lot of companies that will and do abuse that, but I wouldn't work for them.
Companies want to have the cake and eat it, too. They want all the advantages of BYOD, like not having to make huge investments to outfit their people with really nice technology, and want it locked in a set of steel hoops.
Sorry, you have to pick one or the other. If you want total control, then you supply the device.
(For more, check out BYOD: Time to Adjust Your Privacy Expectations.)
There's a lot of hand-wringing over the BYOD mobile security threat, yet I haven't run across any doomsday cases. Is this "threat" being blown out of proportion?
Mensel: I'm at odds with many of my security-minded brethren. Yes, it's being blown way out of proportion.
We've been dealing with this same problem for years, only worse with laptops. I can hardly think of a better method for stealing data or introducing viruses into a company network than connecting a laptop to it over a VPN.
A laptop is a much more flexible tool for causing damage than a tablet or smartphone will ever be.
Sounds like the BYOD mobile security threat is a red herring by IT. Why is IT so worried?
Mensel: I keep hearing people asking, "Is the consumerization of IT the end of IT as we know it?"