At AFCEA’s DOD CIO Mobility Industry Day, Department of Defense CIO Terry Halvorsen said that the government has to stop looking for secure mobility solutions and instead look for “secure enough” solutions. This line of “good enough” thinking is a clear culture shift for the risk adverse government market, but it does not have to be as scary as it sounds.
The idea of being “good enough” suggests IT professionals do not have to solve every issue, but instead look at what mobile access the workforce needs to be productive and find ways to secure that mobility. An article in SC Magazine looked at a recent Forrester report which demonstrated that the focus on securing BYOD has meant organizations are buying device management solutions in favor of security solutions. These BYOD solutions are doing their job, but they are not allowing better access to corporate systems. Even further, the study shows employees are finding ways around current tools to get the access they need.
Consequently, the push for mobile access will grow as millennials make their way into the workforce. The focus of mobile security should switch from restricting access to allowing security. The solution must be convenient or users will find other ways to get at the data and systems they need.
So what are federal IT organizations to do? The focus needs to change from BYOD control to secure enablement. The main emphasis should be on securing the application, not the device. If the app is securely accessing organization systems and does not leave data on the device, then the device is inherently secure. Furthermore, mobile security should be invisible to the user; the user should not have to go through extra steps to get their work done on the move.
Government IT managers can grow comfortable with the concept of “good enough” by working with trusted IT companies. VMware recently announced the launch of a new Identity Manger solution. This enterprise-ready tool does not solve every mobility issue, but it is a strong means for ensuring that the right people are accessing data within systems. Using IP from its AirWatch acquisition, as well as others, this identity management appliance is simple for users and provides the rigor that customers expect from VMware.
In the world of mobile security, being “good enough” doesn’t suggest being substandard; instead, it suggests providing users the access they need to be productive without compromising basic security tenets. We will not solve the mobile security challenge overnight, but taking “good enough” steps will get us there faster.