For corporate technology managers, it pays to be a control freak. Hackers, insiders, and rivals all pose risks to intellectual property, and it’s easy to see the wisdom in keeping an iron-fisted grip on the network.
But the spread of personal mobile devices in the workplace has forced companies to rethink old security habits, creating demand for new software that guards data from afar. These days, if you want to use your own smartphone or tablet for work, you may share more information than you thought with your boss.
So-called “mobile device management” is a small, growing niche that so far has lured some 60 developers, including SAP’s (SAP) Sybase division, Symantec (SYMC), Zenprise, and MobileIron. The market is expanding 20 percent annually and will reach about $260 million by next year, projects market researcher Gartner. Options abound—from remote ‘kill switches’ to cloud-based services that stop devices from storing any data that could later need destruction. “Everybody and their brother has mobile device management right now,” says Brian Katz, who as head of mobile engineering at Sanofi (SAN:FP) helped select technologies that the French drugmaker uses to secure employees’ devices. “There are a lot of people saying one thing works better than the other.”
Scorched-earth is the most popular approach. Companies using this strategy force workers to download an application that permits managers to remotely wipe all data from their devices—including personal e-mails, contacts, and pictures— if they leave the job or an infection is detected. This ‘kill switch’ is appealing because it mimics the kind of control they have over company-issued desktops and laptops, Katz says.
Speed and thoroughness are an obvious lure. The downside: Data might still leak if employees have backed up devices on home hard drives. “It’s a blunt instrument, and some people have trouble seeing past the blunt instrument because that’s what they’ve always used,” Katz says. He declines to discuss specific products Sanofi uses.
Kill switches are already features of iPhones and mobile devices running Google’s (GOOG) Android and Microsoft’s (MSFT) Windows 8 software. While Apple (AAPL), Google, and Microsoft have deployed this weapon against malware attacks, corporations seeking similar control over employees’ devices have had to go to outside vendors to replicate the maneuver. Only handset makers can access the built-in safety feature on phones. Big names are buying this option. AT&T (T), for instance, has a deal to deploy Juniper Networks’s (JNPR) Junos Pulse on corporate and consumer devices.
An alternative is more like seek and destroy. It allows companies to “wrap” work applications with stringent security settings that don’t attach to certain personal items on a device. Wrapped apps might not be accessible offline or might be stored on the device only after encryption. Symantec is buying a company called Nukona to acquire wrapping technology.
The lightest corporate touch on personal devices harnesses cloud computing—stashing data on remote servers and transmitting it to devices over the Internet—to block storage of any sensitive information on mobile phones or tablets. For instance, Citrix makes a product called Citrix Receiver that shows documents and applications on users’ mobile screens, but the data is stored inside corporate data centers. This way, if you leave, there’s nothing to ‘kill’ except your keys to the corporate network.
Sanofi’s Katz says technology buyers need to keep their employees in mind when making decisions about how to protect mobile devices. Being heavy-handed has its benefits, but it risks backfiring if the approach angers workers or doesn’t fully protect sensitive data. His advice to other technology buyers: “Proceed carefully. Look for flexibility, look for ways to enable and empower your users, [and] get the work done while still protecting your assets. It’s not always about controlling the device.”