Guess what? IT doesn't care what's on your iPhone

Despite fearmongering over rogue and information-leaking apps, very few organizations actually control mobile app usage

CIOs and IT managers are constantly pitched the notion of managing apps on their users' iPhones and other smartphones. Beware app chaos, claim some vendors. Beware time-wasting usage on the job, suggest others. Beware information leakage, warn most. There are more than 100 vendors offering tools to manage -- that is, straitjacket -- your users' mobile devices in the name of management and security. New ones pop up almost every week.

So I was struck by data from Fiberlink, an established mobile device management (MDM) vendor, on what percentage of MDM-using businesses had the most basic form of app management applied: blacklisting and whitelisting of apps. For iOS, it was fewer than 10 percent; for Android, fewer than 5 percent. (iOS accounts for the vast majority of business-managed smartphones.)

[ Galen Gruman describes a smarter approach to mobile security. | InfoTrust: A proposal for a better approach to mobile data management. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Clearly, IT is not actually concerned about what apps are running on employee devices. The data covers both employee- and corporate-owned devices, making the low, low app management figures all that more remarkable.

It's great news because too much focus in the industry is on restricting the usage of mobile technology, demonstrating a prison-guard mentality that has turned IT into -- at best -- a necessary evil in many newly empowered users' minds. Three years of fearmongering by security vendors and some IT pros have not proven out in the real world, and I think IT is finally either getting a clue or giving up on control mania.

There was more good news in the survey of the actual policies deployed on those 2 million managed devices: When IT does blacklist apps, it now does so largely for a rational type of software -- cloud storage. Of the top 10 blacklisted apps, six were cloud storage services: Box, Dropbox, Google Drive, SugarSync, SkyDrive, and Hoccer. When Zenprise did a similar survey of policy deployments a year ago, IT was blocking Angry Birds, not cloud storage. Today, based on the Fiberlink data, IT seems to be blocking cloud storage as well as Angry Birds, plus other potential time-wasters such as Netflix, Pandora, and Facebook.

Frankly, IT shouldn't block personal apps; if employees are wasting time at work, that's a management problem, not an IT issue. Crippling the personal aspects of a smartphone for the 15 to 16 hours a day they're not working is simply wrong.

In most cases, IT shouldn't be blocking cloud storage apps, either. They're quite handy for personal use, and if the goal is to restrict information flow outside of controlled environments, the solution is to control the information at the source, not on mobile devices, PCs, and so on after the fact. Ironically, one of the most whitelisted apps was Dropbox, likely by IT organizations seeking to reduce lost thumb drives and CDs by putting data in a unlosable location -- no doubt secured through password requirements.

Still, at least the blacklisting decisions -- in those rare instances they occur -- now are more based on plausible business concerns. That's progress.

This article, "Guess what? IT doesn't care what's on your iPhone," was originally published at Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow on Twitter.