SearchCIO.com's mobility-themed tweet jam Feb. 27 touched on one of mobility's biggest issues: how to create a data protection management plan to ensure that information on mobile devices
Requires Free Membership to View
stays safe.
Enterprise mobility continues to evolve at a rapid pace, adding complexity thanks to areas such as application development, cloud computing and bring your own device (BYOD) trends. So @searchCIO asked our followers:
Q3 What can CIOs do to guarantee #DataSecurity in this brave new mobile world? #Mobility #CIOChat
— SearchCIO.com (@searchCIO) February 27, 2013
Tweet jam participants tackled the difficult topic of data protection management head-on, suggesting possible solutions like mobile device management (MDM) programs, data encryption and shifting the CIO focus from the device to the data:
A3. Data security isn't new because of mobile, mobile has surfaced the issue…means a focus on the data, not the device #ciochat
— Brian Katz (@bmkatz) February 27, 2013
@searchcio There is no guarantee. Focus on Data, not device. Ensure corporate data is always encrypted using corporate keys. #CIOChat
— Puneesh Chaudhry (@puneesh) February 27, 2013
A3 Also need to have an MDM solution that can do remote wipes of corporate data in case #BYOD is lost or stolen #CIOChat #Security
— Femi Ayan (@FemoYanx) February 27, 2013
@femoyanx A3 And we come full circle -- I'm afraid to let company completely wipe my #mobile device as part of #BYOD policy. #CIOChat
— RachelTT (@RachelatTT) February 27, 2013
@rachelattt @femoyanx But if IT can wipe corporate, containerized data and apps and leave personal stuff alone, users will consent. #CIOchat
— SearchCoIT (@SearchCoIT) February 27, 2013
That'd be a hard sell, I think. RT@searchcoit: "if IT can wipe corporate, ... apps & leave personal stuff... users will consent. #CIOChat
— Tonya Price (@tdprice) February 27, 2013
@tdprice How would that be a hard sell? IT wouldn't touch personal content. #CIOchat
— SearchCoIT (@SearchCoIT) February 27, 2013
Requires trust that isn't always there. RT @searchcoit: @tdprice How would that be a hard sell? IT wouldnt touch personal content. #CIOChat
— Tonya Price (@tdprice) February 27, 2013
As our tweet jam participants pointed out, there's no easy solution to guarantee perfect mobile data protection management. With that said, many of our followers (and it's not just the compliance guys) suggested that companies create solid security policies around mobile devices, and data in general:
@searchcio #CIOChat A3 Guarantee is a strong word. Keep #datasecurity a priority when developing and formulating policy.
— Christopher Steffen (@cmsteffen) February 27, 2013
#CIOChat A3: And when you fail the first time, keep trying 'til you get it right!
— Christopher Steffen (@cmsteffen) February 27, 2013
A3: Policy. Policy. and Policy. Employees need to be educated and understand #BYODrisk- they are the first line of defense. #CIOChat
— SearchCompliance.com (@ITCompliance) February 27, 2013
@itcompliance Policy is fine and needed, but more can be done if you focus on the data not the device #ciochat
— Brian Katz (@bmkatz) February 27, 2013
@bmkatz: yes but the policy can focus on the data- basically letting employees know to not be stupid about company data. #CIOChat
— SearchCompliance.com (@ITCompliance) February 27, 2013
@itcompliance as it should…but we both know following policy is never guaranteed…#ciochat
— Brian Katz (@bmkatz) February 27, 2013
#CIOChat Policies should be crafted to protect the company, but also be in line with whatever the employee wants to do or is already doing.
— Christopher Steffen (@cmsteffen) February 27, 2013
Even after organizations craft and implement mobile data protection management policies, there's still more work to be done. Human costs can make a security policy seem like a waste of time if employees or users aren't on board:
Need to involve users when creating policy as well as all stakeholders, many leaveusers out, then find policies aren't followed #ciochat
— Brian Katz (@bmkatz) February 27, 2013
A3. Toughest question yet. Policy, education, training, and software all help. But ultimately users must take responsibility. #CIOChat
— Andi Mann (@AndiMann) February 27, 2013
A3: A major part of #DataSecurity is securing the human, esp in the case of #BYOD #CIOChat
— TOA Technologies (@toatech) February 27, 2013
@searchcio @bitzer_waltA3: Develop an enterprise strat for doc/info sec. & educate emps on proper use #CIOChat
— Mark Thiele (@mthiele10) February 27, 2013
Q3 - Educate, communicate and keep users informed of their responsibility, compliance and input-best insurance #CIOChat
— Tina Gregory (@BPMTina) February 27, 2013
A3 #CIOchat There is no guarantee short of limiting access to employees ... the idea is to balance data security with productivity needs.
— Novell (@Novell) February 27, 2013
When it comes to developing security strategies and data protection management programs in a brave new mobile world, SearchCIO.com tweet jam participants talked problems and solutions, but in the end agreed that there is no way to guarantee data security:
RT @searchcoit: A3. You can't do anything to guarantee data security in the mobile world. #CIOchat < So true. You can help, no gaurantees.
— Andi Mann (@AndiMann) February 27, 2013
@andimann @searchcoit So true ... which is why you have to decide which risks are worth taking for the sake of productivity #CIOchat
— Novell (@Novell) February 27, 2013
A3. Focus is the key. Don't waste time trying to secure things that don't matter (i.e., the whole device). #CIOchat
— SearchCoIT (@SearchCoIT) February 27, 2013
@searchcio There is no guarantee. Focus on Data, not device. Ensure corporate data is always encrypted using corporate keys. #CIOChat
— Puneesh Chaudhry (@puneesh) February 27, 2013
@puneesh @searchcio +1 Agree that focusing on the device is a battle that can't be won. #CIOChat
— Jeff Abbott (@JeffreyAbbott) February 27, 2013
Is ensuring data protection a lost cause for CIOs? Are factors like human error, user device preferences and a lack of employee trust hindering security policy success? Let us know in the comments section below.
Read more about what SearchCIO.com tweet jam participants had to say about developing a security policy to guarantee mobile device data protection by searching the #CIOChat hashtag on Twitter. Follow @searchCIO on Twitter to be notified about upcoming Twitter conversations.
This was first published in March 2013
Join the conversationComment
Share
Comments
Results
Contribute to the conversation