Users' fear of data loss on personal devices must be balanced with an organization's need to protect sensitive information, says ZixCorp's Nigel Johnson. He explains the evolution of mobile device management.
Johnson, vice president, business development and product management, says that mobility used to be simple, with a company issuing and controlling an employee's mobile device. But today, many employees want to use their own devices on the network, creating new security challenges.
"The most concerning thing is the idea of the company controlling their personal device," Johnson says. "People realize that if you have MDM on your phone, and the company is controlling it, they can see your photos, or can wipe them out."
In an interview recorded at the Gartner Security & Risk Management Summit, Johnson discusses:
- The evolution of BYOD and MDM;
- How specific solutions allow for a balance between personal and corporate needs;
- Why employees should be asking for better BYOD solutions.
Johnson joined ZixCorp in April 2004 and serves as vice president, business development and product management. He has more than 20 years of IT security experience, and leads efforts to develop ZixCorp's OEM channel and set the development direction for the ZixCorp Email Encryption Service. Prior to joining ZixCorp, Johnson held senior management positions at Entrust Inc., including vice president of product management and vice president of business development.
ERIC CHABROW: What troubles employees today about BYOD?
NIGEL JOHNSON: The thing that troubles people the most is the idea of the company controlling their personal device. When people look at their phone, it's not just a piece of equipment; it's what they use to connect with their friends and their loved ones when they're not near them.
CHABROW: Why is that a problem?
JOHNSON: If you think about all the information that you have on your phone, or on your iPad or Android, it's all the personal things about how you live your life; the places you've been, the places you go, the photos that you have. With the MDM solutions that have been in place to date, the company is allowed to take control of that device.
Mobile Device Management
CHABROW: What is MDM?
JOHNSON: Mobile device management - it's about managing a device. MDM is what came about when the Blackberry started to fall away and people started using iPhones. It didn't have the security that was required. Companies would give employees an iPhone, and then they'd add mobile device management so they could control the phone, force passwords and be able to wipe data.
Then, people started to bring their own phones because they wanted to have their connection to their family. They wanted to have all the coolness and convenience of a smartphone, and the company said, "You have to have mobile device management if you want to get access to corporate data on your phone."
At first people accepted it because they were kind of intimidated and didn't understand what was happening. But now, people realize that if you have MDM on your phone and the company is controlling it, they can see your photos; worse even probably is they can wipe out your photos.
CHABROW: Which is more of a concern for the employee?
JOHNSON: Loss of the photos, because you only get so many instances to get those photos of your kids, those magic moments. And speaking of magic moments, imagine if you wanted to go and take a picture of your kids as they were playing on the beach, and your company has forced you to enter a complex password, and you have to bring up the keypad and type it in. Then, the kids have stopped and you've missed it. And this is on the device that you just paid $500 for.
CHABROW: It sounds that, whether it's the younger generation, there's less concern about individual privacy in the sense of not being concerned that their employers could see the photos but the photos being wiped away.
JOHNSON: Yes. It's just loss of the things that are most precious to you, your memories of your children and your friends.
The Security BalanceCHABROW: Why don't you say something about the technology behind the ability to have the best of both worlds?
JOHNSON: This fear that people have about loss of their data, loss of control of their device has got to be balanced with the IT department's requirement that they protect sensitive information that belongs to the company.
So what we've done is create a solution that allows employees to get access to corporate email without ever having to keep that corporate email on their phone. That means that IT doesn't have to manage their phone, so they get to have all the freedom that they would expect from owning a Smartphone.
Applications for MDM
CHABROW: So you have applications on the email servers that allows people to do that?
JOHNSON:We have a product called Zix-1 that allows employees to connect into the corporate exchange environment, view their data and email, move their email, make calendar appointments [and] get access to their contacts without it actually ever residing on the phone for longer than they need it.
CHABROW: Do you have to do this over a special network or can they use the phone network to access this?
JOHNSON: As long as you have an internet connection, then you're going to get seamless interaction.
CHABROW: Does it look any different to the employee?
JOHNSON: The employees really can't tell the difference. We've created something that we believe is unique in the world. We've created a special set of protocols for communicating between our servers in the cloud and the employee's device. It looks and feels just like the interactions they have with the mail clients they have on their phone today. I think that employees should be standing up for their rights for privacy and asking their employers for a solution that protects them and the company.