The addiction for tablets has gone right to the head of many organisations, with even hard-headed CEOs of global corporations falling for the style and convenience of tablet computing.
One analyst tells of a client whose CEO summoned the CIO to his office one day and demanded his iPad be supported – right now. It was no use explaining that a Windows gadget would better fit in with the existing infrastructure and workflows – the CIO had come face-to-face with the unmovable desire by CEOs and their staff to switch to using tablets for every business process, driving a coach and horses through all the CIO’s defences – the firewall, the codes of conduct, and the mutual concessions made when the CIO consented to letting users bring their own devices into work.
The tragedy is that CIOs will still be held responsible should personal or company information be leaked. It’s not entirely their fault that a user downloaded Dropbox then unwittingly started distributing sensitive data all over the place, nor that a lawyer left his iPad in a bar and that confidential client information is now in the hands of a newspaper. But the CIO will be held legally responsible.
On the other hand, strict enforcement of company policy can put you in an equally tricky position. Wiping the boss’s family photos off a mislaid iPad, though understandable from a compliance standpoint, could leave you open to legal action. Especially if they subsequently discover that their daughter borrowed it and change their story to say it was never reported lost in the first place. If you didn’t record the conversation, how do you prove it wasn’t your negligence that destroyed their personal property? In short, you could either face an FSA rap for compliance irregularities, or a civil case for damages from your boss.
“Until the legalities of device wiping are tested in the courts it will remain an area of uncertainty. It’s one of the main factors that deters CIOs from implementing BYOD policies,” says Paul Vlissidis, technical director at NCC Group.
Will the IT industry come up with an answer to this problem? Rob Sheppard, business client marketing manager at Intel, seems hopeful that the evolution of mobile technology will offer some answers.
“Towards the end of the year, when all the Android and Windows 8 devices come out, there should be much better choices available to the end user,” says Sheppard of the Intel-powered devices. A shift in sentiment could help the CIO persuade users to rally around Windows, which could help the IT department regain control.
“We could see the IT department get a chance to put their foot down and specify a particular device that fits in with company workflows,” says Sheppard.
Aside from raising their game on touch and user experience, Intel-based Windows tablet and smartphones could tighten up security controls with a new range of options. Lost devices could in future be stunned from the bootup process, the chipset paralysed by a remote command that would effectively turn any device into a brick. Anti-theft support developed by Intel will offer CIOs a more subtle range of options, says Sheppard. You could become a lot more selective about what you delete from a tablet, so that a departing employee wouldn’t have to have their entire personal life deleted. Deep Defender technology, loaded at sub-operating system level, will identify destructive and dangerous behaviour a lot earlier too.
According to Andy Dancer, CTO at Trend Micro, the IT department’s baseline security should be a combination of encryption, device partitioning and remote wiping, with users encouraged to back up personal information.
In future, promises Dancer, encryption will become part of the operating system, which will make enforcing company policy a lot easier.