The bring your own device (BYOD) movement is constantly the topic of discussion in tech publications, on social media and at industry conferences. At a recent Ba Gua (Chinese martial arts) class a new spin on the topic came to me as I was reminded of a powerful principle – dynamic balance.
Dynamic balance is a concept that holds Yin and Yang not to be opposites (which I had believed at one time), but two distinct principles that work together toward a common goal in a complementary fashion. This concept can be visualized (metaphorically) with a well-known martial arts move, the strike of the hand. If we strike with a closed fist, the weakest point is between the face of the fist and the wrist, however if we strike with our palm open and use the point at the base of the palm with the hand flexed, the weakest point is now extended between the base of the balm and the elbow. This becomes a powerful strike because we have combined Yang (strike) with a passive gesture (open hand).
Tying this concept to BYOD, we can make an analogy similar to the Yin and Yang—enterprise security and mobile end-users in the enterprise.
The balance of power and control is shifting away from the IT department and into the hands of employees – and this is bringing significant consequences along with it. Employees are more empowered than ever, and many reports suggest that there has been a resulting increase in employee productivity and satisfaction. On the other hand, enterprise IT is losing administrative rights and the power to control which operating systems are permitted, whether or not security patches are installed, which third party applications can be used and what happens to a device after an employee leaves the company. Simply put: IT is losing control over the endpoint-computing device.
At the same time, IT departments are under more pressure than ever to provide access to business data anywhere, anytime and on any device while ensuring they maintain corporate security, integrity and compliance. Being sued, fined or shut down as a result of data leaks from compromised, exploited, misused or lost mobile devices is becoming a greater risk every day for organizations in regulated industries. And not only is the job of maintaining compliance becoming increasingly difficult, but so too is the job of proving it.
The overall generalizations are that:
IT/security personnel tend to always be on the side of strict policies and enforcement, saying “no” to requests whenever possible.
- End-users don’t care about security policies in place and the protection of corporate data; all they care about is the freedom to access their corporate data.
A lot of times they are both right. While both parties need to work together—like the Ying and the Yang—to achieve an enterprise mobility policy that is both secure and allows users to be productive, the two groups are not often working in unison on such policies.
IT should “never underestimate an end-user on a deadline.” If the end-user doesn’t have what they need at the time they need it they will go around security. End users need the ability to work on the data that they need to in order to do their job, at a time and place of their choosing, on the device that works best for them. Security personnel need to focus more on how to protect the enterprise data regardless of the device that the data may be processed on.
In mobile, a great way of implementing dynamic balance is through the use of the secure container.
The container must have as many tools necessary for the end-user to do their job, i.e. email, contacts, calendar, office application, pdf annotation, secure browser, file sharing, and Sharepoint applications. In order to satisfy security, the container has separate authentication credentials, encryption, built in data leakage protection and can remove the data upon the employee termination.
By embracing the dynamic balance principlel, security and end-users can work together to be more productive while working in a secure manner.