A cloudy day for endpoint management

Services that are mobile and consumed from the cloud present a new set of challenges for IT professionals.

Commentary -Today, there’s a plethora of endpoint devices residing outside the enterprise firewall. While these devices (which include smart phones, USB drives, laptops and tablets) have increased productivity for workers, they’ve also increased the security risks. It’s hard enough to secure endpoints across the physical office space, but securing them when services are mobile and consumed from the cloud presents a new set of challenges for IT professionals. Couple this risk with the fact that more employees are conducting business via personally-owned devices and IT has a monster of a headache.

No longer the gatekeeper
Businesses need a way to deliver services to all kinds of endpoints in a secure manner, regardless of whether the service is delivered up from an in-house data center or via “the cloud.” This requires the ability to validate the identity of the employee, what assets they’re authorized to access and what rights they have to these assets.

Until a few years ago, IT managers could keep their environment secure by acting as a gatekeeper of sorts. When an employee wanted hardware or software, they had to go through organized procurement channels, which meant IT had an opportunity to ensure enterprise security rules where included on any device or application. Today it feels more like the Wild West.

Business professionals are no longer using just enterprise-issued devices. The convenience, low cost, and snazzy features of mobile devices make it irresistible for employees to get their own devices. In fact, IDC predicts worldwide media tablet shipments will grow from 7.6 million units in 2010 to more than 46 million units in 2014, representing a compound annual growth rate of 57.4 percent (Worldwide and U.S. Media Tablet 2010-2014 Forecast, IDC).

Given this easy access, more and more employees are using devices that IT has little or no control over. Moreover, employees are demanding enterprise applications on these personal devices. And because these devices contain a mix of personal and business information, IT can’t simply use brute force and demand to encrypt everything on them.

If IT doesn’t fulfill the need, the employee can easily use their credit card to buy inexpensive SaaS or cloud applications, without ever notifying IT. If, for example, IT refuses provide email access on an employee’s tablet device, there’s nothing to stop that employee from forwarding their company emails to an unsecured email system. Couple this with the fact that it’s estimated by some that much of a company’s email contains as much as 70 percent of its own intellectual property and it becomes clear that this situation creates a gaping hole in security and compliance.

So what’s an IT director to do?

Becoming a service provider
IT directors today must take a multi-pronged approach to solving these challenges. Today, IT teams are transitioning from gatekeeper into service provider. By reaching out to understand what resources business employees need to be productive, IT becomes a business enabler. They need to become part of the conversation or risk being bypassed altogether. Many savvy IT groups are moving away from incident management and instead focusing more on anticipating employees’ needs. It’s likely we’ll begin to see an “App Store” model, where employees have access to a wealth of applications, delivered at the click of a button.

Changing the security “control point”
Since they can no longer protect enterprise information by controlling the acquisition of hardware and software, IT organizations are adopting intelligent workload management (IWM) as a means to strengthen security. With IWM, the control point has changed. Instead of security being enabled through the device, it’s actually embedded in the application or workload.

This way, IT can give employees access to services whether or not they are delivered from physical, virtual, and cloud environments in a secure manner because the workload itself is intelligent. They don’t need to worry about employees subverting them by purchasing SaaS applications. This approach gives them the ability to allow SaaS and cloud applications to be consumed in a secure, compliant manner.

Before the application is served up to the employee, it verifies who the employee is and specifically what they are allowed to do. It can even recognize the environment in which the employee is working. For example, if they are accessing the Internet from an unsecure wifi connection in Starbucks, the application may enable additional security measures before delivering information to the employee to prevent a breach.

Partnering with business users
While there are no clear legal guidelines today to dictate how businesses should interact with employees’ mobile devices, endpoint management is clearly an emerging need that cannot be ignored. We’re likely to see businesses try to find a way to cooperate with employees, perhaps gaining permission to enact security on the device in exchange for maintaining the stability of the endpoint itself.

These shifts within IT’s approach to service delivery not only help to mitigate risk, they improve the perception of IT as a whole – an important factor as many departments are experiencing budget shortfalls. After all, it’s far easier to justify budget increases when your department is seen as an enabler and not an obstacle.

Conclusion
One thing is clear, there’s no “one size fits all” solution for tackling today’s security and compliance challenges. However, what is clear is that IT is evolving into a business service. It’s no longer about finding a way to say “no” to business employees, but how to get to “yes” together.

biography
Richard Whitehead is director of Solution Marketing for Novell. He frequently blogs on this and many other cloud-related topics on Novell’s Workload IQ Blog, www.workloadiq.com.