As corporate networks open up to mobile devices used by both employees and customers, CIOs are looking for new ways to manage their formerly enclosed environments. Endpoint management is emerging as one of the key weapons in the arsenals of CIOs hard-pressed to manage and secure their networks and the corporate data they contain.
Mobile growth - explosion might be a better word - is truly changing the way that IT is used in business. CIOs face two main challenges. First, the consumerisation of IT, or bring your own device (BYOD), means employees are demanding the opportunity to use their own devices to perform work functions. And second, consumers increasingly want to interact with their service providers using their mobile devices.
Corporates are typically using mobile apps to provide functionality to both employees and customers. What all of this means is that CIOs have neither the comfort of a defensible firewall to protect corporate systems from external threats, nor a defined internal environment they can control. This changing IT landscape raises a number of angles for the CIO to ponder, says Ziaan Hattingh, managing director of IndigoCube, a company that focuses on improving the productivity and predictability of key business processes in large organisations.
For example, what are the implications of an employee using a mobile device that contains company data at a WiFi hotspot in a coffee shop - especially as these venues are increasingly being targeted by hackers? How will the corporate software on employee-owned devices be upgraded?
Other questions pertain to customers: What are the implications of the company's app being used by a consumer to commit an illegal act? How can we deliver updates or patches to an app which is resident on an unknown range of devices, in order to prevent reputational damage?
"The answers to these and other questions are not yet always clear. What is clear, though, is that CIOs need to rethink their very approach to system management and security. The smart way to do this, it increasingly seems, is to perfect one's ability to manage these mobile devices," argues Ziaan Hattingh, managing director of IndigoCube, a company that focuses on improving the productivity of the application life cycle in large organisations.
In other words, when the basic architecture of your world changes from a walled city to an octopus, become an expert in tentacle protection.
One part of the answer, Hattingh says, is good quality endpoint management software. This type of software tool should allow the corporate IT department to enforce policies and standards across all devices used by employees and fix issues anywhere within short timeframes, regardless of bandwidth or connectivity challenges. Endpoint management tools should automate the delivery of patches or software updates, and ensure continuous compliance - across all platforms.
From a practical level, it should also be easy to deploy, and should not consume large amounts of processing power and bandwidth.
Perhaps most important (or reassuring) of all, the software should enable the company to wipe clean any device that is lost or stolen: the ultimate protection.
The same solution may also be used to deliver patches or upgrades to users of commercial apps, where it's deemed necessary either to close critical vulnerabilities or simply to provide excellent customer service.
However, Hattingh warns, software can never be the total solution, especially given the complexity of the issues. CIOs will need to give thought to the standards they want to enforce when private devices are used by employees - what may employees do and what not? Access rights are also a key issue to consider. User agreements for employees, and terms and conditions for certain consumer apps, should be thought through carefully.
"Taking an endpoint management view about how the extended IT system is structured and managed, and responding appropriately to the challenges of the mobile revolution is growing in importance," Hattingh concludes. "Finding the right software solution is part of the answer, but the CIO needs to spend the time to understand the issues - probably with help from the legal department, the brand custodian and the chief data officer or equivalent. There are no easy answers, but one needs to begin finding them."
Share