It’s always interesting to connect with enterprise security experts and IT peers alike. Last week was no exception at RSA 2014 when I was invited to join a panel discussion hosted by Trusted Computing Group. Moderated by security expert Victor Wheatman, the “Mobile Device Security: Fact or Fiction” panel [47min 43 sec] captured several view points on mobile security.
“Keeping the wheels on” was a term Victor use to kick off the panel. He went on to describe MDM as “keeping the bad guys out, letting the good guys in, the dealing with all the necessary operational aspects to keep the enterprise and the devices secure” via a commercially reasonable security solution.
It goes without saying, security is critical for an enterprise to protect its IP as well as maintain obligations with partners and customers. BYO- is all about the end user experience, and yet, there tends to be a significant gap between what an employee wants to do, an organization’s risk appetite, and what is feasibly and commercially reasonable.
As VP of Information Technology at Juniper Networks, my team oversees IT infrastructure and end user services for approximately 9,500 colleagues globally. My participation on the panel provided a case study of enterprise best practices. When we started down the BYO-x journey at Juniper, there were many questions we had to answer, so we started with the user experience first, and then moved onto policies and a framework. As Juniper’s CIO Bask Iyer has shared via his CIO Perspectives blog, “For IT, there are three BYOD-related issues we must solve: user convenience, cost and security.”
From the start of this BYO-x journey for Juniper IT, we have had to answer a number of questions---below is a sampling of those questions I covered during the panel:
- How to enable secure productivity with employee-owned technologies?
- How to aid colleagues to take calculated and informed risks?
- How to evaluate a user’s tolerance of security measures?
- How to make those vocal, technically savvy colleagues part of the discussion and solution
- How to raise security awareness on a daily basis via a variety of vehicles?
- How to make security policies straightforward and related to a user’s role?
- How to develop a security policy and then deliver a secure mobile solution for colleagues?
- How to develop a framework that meets your stakeholders’ needs?
- Which stakeholders need to be included (colleagues, HR, legal, execs)?
- How to ensure our security policy will actually map to our reality, not what we think it should be?
I invite you to watch the panel and participate in the discussion on line.