Morris also notes that by focusing on the device level, IT security efforts can get fragmented, creating an inconsistent, piecemeal approach that increases risk through the gaps between methods and through annoying users to the point where they do more workarounds. He recommends that organizations start with their laptop security policies, given how much critical information they store and have access to, then see if they have or can get tools to apply the same policy goals on other devices.
In other words, policies should be about security goals based on a risk/cost assessment for what you're trying to protect, and the low-level requirements should be derived only after the policies, and not confused with the policies themselves. "You need to separate the detailed execution instructions from the functions they execute," Morris says. You want to protect information, not blindly apply technology.
It sounds simple, doesn't it? IT should partner with the business it supports. We've heard that "IT/business alignment" mantra in IT publications and consultant recommendations for more than a decade. But the reality is that many IT organizations have done the opposite: They've set them apart from the users, stereotyping them as drooling idiots. In their minds, these IT pros have divorced users from the organizations, and set themselves up as the high priesthood of how to do business.
Both business and IT need to be active partners, learning to trust each other and focus on the goals of running a successful business with risks managed appropriate to getting that success. That's easier said than done, but if things keep going the way they are, IT can only lose. After all, not only does "the business" far outnumber the IT group, but "the business" ultimately controls the money and the policies. Not IT.
This article, "Does this mean war? BYOD exposes IT's deep distrust of users," was originally published at InfoWorld.com. Read more of Galen Gruman's Smart User blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.