The popularity of the iPad as a holiday gift has brought a bombardment of new challenges to organizations’ information systems administrators. Rapt with what seems like endless applications, owners are bringing these tablets of wonder to their offices so they can enjoy the same capabilities they do everywhere else they boot up. Leaders in government and business already threw their hands up in their attempts to ban such activity, but when devices—even smart phones—become home to sensitive material, they must take steps to protect their organizations.
Ken Dulaney, vice president, mobile computing, Gartner Incorporated, says technology trends have entered a stage where they must be viewed more like the fashion business than the computer business. Devices today are less expensive than they were in the past, which means more of them are omnipresent in every shape and size. Users also have increased control of what they put on their personal devices; they are no longer tied only to the capabilities that their information technology department puts on their desktop computer, he points out.
Issuing standards that personnel must follow when they bring personal devices into the network just doesn’t work anymore, Dulaney states. Instead, systems administrators must move to a managed diversity model. They must either restrict personnel to using only the equipment the organization provides to its employees or create and distribute guidelines for personal devices that must be followed. Organizations also can fashion a mix of these two under the watchful eye of the systems administrator.
Top executives should be the only exception to these mobile technology usage rules; however, even they can’t be allowed to treat mobile computing recklessly. It is crucial that their devices include security features because they are the most likely personnel in an organization to be carrying sensitive information, he contends.
Although mobile devices such as the iPad can open the doors to hackers, these cybercriminals are not the only security concern, Dulaney states. It is just as likely that sensitive corporate information can be transferred to a mobile device that ends up on the seat of a cab or in an airport lounge. If the information on the device is not strongly protected, it can get lost and even fall into the wrong hands, he points out.
Aruba Networks Incorporated is one company that recognized this trend toward mobile communications early and began building solutions that surpass simple user names and passwords as protection. Keerti Melkote, founder and chief technology officer, Aruba, agrees with Dulaney. He says that for organizations’ systems administrators, securing today’s action-packed mobile devices is about more than slapping in security and walking away.
His advice to companies and agencies seeing a wave of iPads entering their Wi-Fi network is to determine which capabilities they want to enable. “It is no longer about if users can enable capabilities but rather about what you want to allow them to enable,” he says. “The immediate question is security. This is a personal device, not a corporate device, so is the information that is put on it secure? Also, it is now on the corporate network, so do I need a support group to manage these personal devices? For most organizations, this is a budget issue.”
iPads especially can be troublesome to an organization because of how much more they can do and how easy they are to use, Melkote notes. Fortunately, Apple’s latest Internet operating system, version 4.0, features mobile device management. The application program interface (API) allows the iPad owners to enroll in their organization’s networks where systems administrators can assign provisions regarding which information a user can access.
“Before, if you were a valid user, you were authorized, but the device was not authorized. By invoking the API, iPad owners can enroll themselves, which puts a certificate on the iPad. Then, the next time the iPad owner connects to the network, both the user and the device is present,” Melkote explains.
Aruba Networks’ security solution, which currently is beta testing, will enable organizations to remotely wipe only their information from a mobile device. So if an iPad is lost, over the air the company’s systems administrator can ensure that sensitive information is erased but personal items on the device remain. This solution is scheduled to be available in March 2011.
Dulaney and Melkote will offer additional advice about how to manage mobile devices in the corporate environment during a webcast scheduled to take place today (February 2) at 1 p.m. Eastern Standard Time.