Questions to Ask About Tablet Security
Do we trust the user? "I think the corporations and their executive leadership are going to have to accept more risk and be more dependent upon their people," said Petrie. "At the same time you still have this additional risk you're assuming. You are saying we're going to trust our employees a little more."
What will make this new approach work, said Petrie, is the stick that goes with the carrot of being allowed to use tablets and other consumer mobile devices. Policies need to be in place and employees should be expected to follow those policies, with a clear understanding that action will be taken if they don't. But at the same time, Petrie believes allowing consumerization within an organization also empowers people, and can be used as a leadership strategy.
"At the end of the day the finance guys are looking at cost savings, they don't have to invest in certain infrastructure anymore. It used to be the cost of hiring an employee was the salary and benefits and outfitting the person with technology. Now you're not necessarily making an investment if they want to use their own stuff. You're allowing personal liability to take affect, you're going to assume that risk."
How should we use certain new kinds of information now available to us through tablets and other mobile devices? Lawrence Pingree, a research director with Gartner, points to companies who are allowing consumer mobile devices and using mobile device management (MDM) solutions to support them, as facing an additional conundrum. That's because one feature many MDM solutions include is the ability to collect information about deployed devices, such as geo-location information. This can be both and asset and a liability.
"You have corporations which now can know where employees are at and what they're doing. That's kind of freakish and weird. So, there is a privacy aspect there and I think where most corporations are going to say "What do we do here?"
Pingree said on the one hand, geolocation information can be useful for time management purposes. But having access to that information also poses a liability question for the organization. If they have the data, can they release it? How can it be used?
"How are they liable to an end-user that has accepted this kind of monitoring?" said Pingree "That's a question a lot of organizations using this technology will have to ask."
Read more about data protection in CSOonline's Data Protection section.