Rise of “shadow IT", not BYOD, should be a concern for organisations: IBRS

Security analyst shares his view on MDM and how it fits in with BYOD

The entire MDM space is dead when it comes to the bring-your-own-device (BYOD) trend, according to IBRS security analyst, James Turner.

He made the claim during the launch of Kaspersky Endpoint Security for Business in Sydney, explaining that one can not claim to control something that one does not own.

“You have two ways of controlling the data, either by presenting it to the device via HTML5 or by having an encrypted container on the device,” Turner said.

“Either way, you don’t own the device.”

Instead, Turner said MDM is applicable for devices issued by the organisation.

To highlight this disparity, Turner referenced two organisation he dealt with recent, with 10,000 employees between the two of them.

Over the last 12 months, one organisation gave their employees a choice of Blackberry or iPhone.

After that time, Blackberry now only represents 40 per cent of their corporate fleet.

“The second one has been doing it for two years and did the same thing, though also gave the choice of Android,” Turner said.

“In this case, Blackberry represented only 10 per cent.”

Turner highlighted these two cases to show the massive appeal of the non-Blackberry devices among employees.

People who have been interested in these devices are already using them, a trend that Turner refers to as “shadow IT”.

“It is already happening, so organisations are not trying to reclaim control, they are catching up with what users are doing and then provide guard rails around that,” he said.

Field work

When data loss prevention (DLP) was a trend a few years ago, one of the scenarios Turner discussed with clients was how to stop someone from looking at their iPhone, taking a photo and sending it via their Gmail account, essentially passing the IT system.

In terms of gauging what IBRS’ client base is doing in terms of BYOD, Turner said it is already there.

“We talk about BYOD in the same sense of being hacked,” he said.

“Either you’ve been hacked or you’ve been hacked and don’t know it.”

Instead of BYOD, Turner prefers to call it bring-your-own-other-device (BYOOD), because there is a distinction between the gear the company has provided to an employee, and the actual tools used to get the job done.

Turner came to this conclusion after going out and talking to line managers across the field, conducting dozens of interviews with organisations spanning thousands of people, and talking to the staff about how they use the device.

As an example, Turned mentioned one organisation that received a call in the office from someone in the field, who then asked the employee for the information to be sent.

“The person in the field pulls out their iPhone, takes a photo and sends it as an MMS to the other person’s phone,” Turner said.

“That was sensitive information, and it was suddenly there on an outside communications channel that the IT department in the organisation has no record of whatsoever, as well as no ability to control it.”

Turner admits an incident such as this is nothing new, as he has spoken about this for years and it has “been around for as long as IT departments have,” notably with people plugging in their own wireless routers.

“It is the concept of the shadow IT department,” he said.

“That is what BYOOD is about, users out there in the field finding other ways to use technology, which has been consumerised, work for them.”

As such, the best thing an IT department can do is go out and start interviewing the line manager on the field, asking how they use the information and the devices.

“Everyone out there is using Gmail and Dropbox, so how can we provide you with the same capabilities and play catchup, and provide some method of control, which the organisation needs to keep track of what happens with their data,” Turner said.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

CHANNEL CHOICE: Vote Now for your favourite in the three categories: Vendor, Distributor and Reseller. Voting closes August 8.

Tags BYODIBRSiPhone

More about DLPDropboxIBRSIDGIDG CommunicationsIDG CommunicationsIDG CommunicationsKaspersky

ARN Directory | Vendors relevant to this article

Comments

Comments are now closed

 

Latest News

12:20PM
Zendesk expands Melbourne operation
12:18PM
Planet Tel acquires Via IP to move into wholesale aggregation
11:18AM
Apple grows Mac sales by 18 per cent on the back of the MacBook Air
10:45AM
Vodafone relying on high-value subscribers amid 137,000 customer loss
More News
23 Jul
Dell Connected Security: Listen to what the experts have to say about security
24 Jul
The Rise of the Challenger Marketer
24 Jul
Veeam’s Crazy 8 Roadshow
24 Jul
Executive Sales Breakfast Briefing
View all events