This article by Jerod Brennan first appeared in Jacadis' quarterly newsletter. It created quite a few conversations with our customers. I thought it was useful to share here as well.
Smartphones and tablet devices are making their way into the workplace. Unfortunately, the decision to connect these devices to the corporate network is often made without first consulting the IT department. The worst part is that the information security team is frequently kept in the dark for fear that they would tell the business no.
But does security really need to say no to this request?
Of course not! The security team should be helping the business find a way to do what they need to do securely. Companies that embrace mobile technology in a safe and secure manner will reap the benefits that come from the increased connectivity and mobility. The key to avoiding a security incident or data breach related to these devices is in the security details.
A few questions that the security team needs to ask the business:
• What information do we need to include in that policy?
• How are we going to keep track of these devices?
• What steps do we need to take to secure devices before they connect?
Permitting mobile devices in the workplace should be a business decision based on a clear business need. Before that decision has been made, engage the security experts in order to ensure that you deploy those devices safely. You need to involve the right players from the very beginning if you want to securely integrate mobile technology into your business processes.
Remember: It’s better to end up in the news for a record-setting quarter, and not for a security incident that could have easily been avoided.