Editor's note: In this CIO Minute on mitigating mobile security risks, O.C. Tanner Co. CTO Niel Nickolaisen lays out a common sense approach that includes identifying the sources of risk then determining the likelihood of them happening. A plan comes next. Watch the video and read the transcript below.
Niel Nickolaisen: Whenever we talk about security -- and our topic today is mobile security -- I think it's always important to start the conversation from a perspective of risk. What are the sources of the risks? And then, for each of the sources of risk, what is the likelihood and impact of those risks?
So, if we are talking about mobile security, the sources of risks are things like: What would happen if there were a breach? Did somebody have a mobile phone that was stolen or compromised? What are the sources of those risks? Do we have client data, do we have employee data on those phones? Are there apps on those phones?
Once we have answers to those [questions], we can assess the likelihood and impact. Once we know the likelihood and impact of each of the risks, we can then figure out how to mitigate the sources of risk, the likelihood of [them happening] and the impact of those risks.
This helps us take a common sense approach. Otherwise, there is a chance we might go overboard on our risk controls, our security policies and practices -- and we might clamp things down too much. That wouldn't make sense, because the thing an IT leader can't do today is try and control -- through some rigorous process -- what people are going to do with their smartphones, because they are a work, business, organization and also a personal device.
But, by taking an approach where we assess the risks -- and in a logical, practical, pragmatic way mitigate those risks -- we can get what we need without going too far.
That's the approach that has worked for me.