Buried within the plethora of news coming out of the Google IO event yesterday is that Google are apparently including security features that Samsung have developed under the brand Knox into the next release of Android.
I don't know anything about Knox, but the concept at a high level seems to me to go to the root of the challenge facing us all as individuals, and for organisations and their management of IT. The lines between work and not work are becoming increasingly blurred. The idea that clear distinctions can be made to encapsulate and protect data on a mobile device as a result seem deeply flawed. My phone can barely tell reliably what words I am typing, let alone whether something is in the work or not work domain.
At the Computerworld UK event at Lord's in London that I spoke at this week, the organisers revealed research that suggested 90% of the IT people they recently surveyed believed that they had mobile device security under control. That felt like a naive belief in the extreme to me, something that Computerworld UK editor Mike Simons also picked up.
As I've proposed in the past, technological solutions to security tend to over-emphasise the ability for technology to solve what are inherently human problems. Lock away "corporate" data into sandboxed, protected areas will ultimately force end users into using unprotected, "shadow" services to get their jobs done. All such technologies will do is to give an unjustified sense of protection to those with corporate security accountability. Unfortunately security is everyone's responsibility.
If you believe that you can accurately and unambiguously determine what is "corporate" data and what is personal, I'm afraid you are just wrong. There are too many channels of communication these days for that to be the case, let alone bringing into factor that the work and non-work elements of our lives are ultimately, inextricably, intertwined.
As a case in point, at the end of yesterday's presentation one chap, from a major financial institution, came up to me, said hello, and afterwards linked to me on LinkedIn. The reason? Well, other than my scintillating presentation (obviously), I'd made a throwaway comment during my talk at cricket HQ that my only knowledge of the game was that I knew the sister of a former England international. The guy who introduced himself happens to have kids at the same school as that cricketer's sister.
Who owns the data about this new-formed relationship? And where would the data that has been generated about that relationship sit on our oh-so-secure sandboxed work/not work understanding phone?