Tip

Mobile device security: Rewards outweigh risks

    Requires Free Membership to View

Niel Nickolaisen, CIO
Western Governors University

I don't want to upset anyone or give the impression that I am off base or naive or somewhere in between, but it seems that VDI, bring-your-own-device and mobile device security should not be that big of a concern.

Stated differently, are security concerns about a virtual desktop infrastructure (VDI) and mobile devices the last refuge of the scoundrel?

Perhaps the story of my VDI/bring your own device (BYOD) project will explain why I ask this question.

Over the years, I have tried various ways to balance uptime, service levels and customer satisfaction. I was an early adopter of the managed desktop concept. While I loved the service levels associated with almost immediately getting a customer up and running after a hard drive failure, my customers hated not being able to install software or save anything to their hard drive. When desktop virtualization came along, I decided not take an immediate plunge, but first experimented to see if it really offered the balance between operational excellence and customer service.

Our first experiment involved members of the IT staff. We purchased a couple of tablets and worked out the VDI issues -- which were numerous. At its core, VDI shifts the computing power from the device to somewhere else. This shift puts additional load on the network connection and the data center. From our experiment, we learned that some of our locations were VDI-capable while others were not. Knowing this set us up for our second experiment: unleashing VDI on a group of customers.

More on mobile device management

Evaluating mobile device management products: Seven categories

A CIO's guide to mobile device management in the workplace

Balance business and IT when creating a mobile device management policy

For our customer experiment, we had a ready and willing pilot group. Many members of our staff already had tablets and wanted to do something with them besides play Angry Birds during boring meetings. We selected 50 volunteers and deployed to them a virtual desktop. This experience went well enough that we quickly expanded the pilot.

This experiment worked so well that some people on my staff -- the "scoundrels" who seek refuge -- could sense us trending toward a BYOD policy and imagined the big changes that would make their skills less necessary (much less device configuration, management and computer break/fix). With bring your own device becoming more of a reality, they raised concerns about BYOD and mobile device security. The same people who did not think that security on a laptop -- which can actually hold a whole bunch of sensitive data -- was too big of a deal were suddenly experts on the security risks of tablets and smartphones. Since VDI shifts data to the data center or cloud and behind our traditional, tested and proven security systems, it is likely much more secure than on the laptop or PC that the BYOD device replaced.

As with all things security, I have found it is good to assess the risks before implementing policies and technologies.  Let's start with the sensitivity of our data. The most sensitive information on my device is the salary information of my staff and the status of my projects. If someone unauthorized gets a hold of this data, it might be embarrassing to me and others but will not hurt my organization. If someone hacks into my smartphone and reads my email, I suspect they will feel sorry for me rather than get some juicy competitive information. My risk assessment considers the types of information retained on a BYOD device and the sensitivity of that data. In all but a few cases, the risk is pretty low.

So, don't let the scoundrels with concerns about security slow down your VDI, BYOD and mobile strategies and projects. The advantages far outweigh risks. And, as the devices get smarter, someone will develop enough mobile device security measures to satisfy the need. This allows you to be more strategic, innovative and rational.

Niel Nickolaisen is CIO at Western Governors University in Salt Lake City. He is a frequent speaker, presenter and writer on IT's dual role in enabling strategy and delivering operational excellence. Write to him at nnick@wgu.edu

This was first published in October 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Expert Discussion

Does VDI make mobile device security a nonissue?

Niel Nickolaisen
What's your opinion?
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.