In 2010, scaredy-cat IT and security folks wrung their hands over users bringing in their own smartphones and tablets. In early 2011, they wrung their hands over how to control the applications on those devices. Now they're wringing their hands over data leakage from those devices, prompting security vendors to offer mobile DLP (data loss prevention) tools. Zenprise is the first, but you can bet more will follow. (Have you heard of any iPad- or iPhone-related data breaches? I didn't think so.)
I have to give these folks credit: They're persistent in finding ways to say no to modern technology and the realities of today's "consumerized IT," or at least to look for new ways to bind it up in hopes maybe it'll strangle to death. (Good luck with that.) Of course, it's the iPad that seems to stoke these folks' fears the most -- ironically, because it can connect to business systems and actually work with much business data, so people want and use it.
[ Apple has much to learn about securing Mac OS X -- and Microsoft could teach it how. Luckily, iOS security is much, much better. | Compare the security and management capabilities of iOS, Android, WebOS, Windows Phone 7, and more in InfoWorld's Mobile Management Deep Dive PDF report. ]
Let's be clear: There is data to protect, and I don't believe "anything goes" is the the right policy. And there is some technology worth considering to do so, as I describe later. But I see another agenda behind much of these claims over security concerns. I notice, for example, that companies citing fears over sensitive data emailed to an iPad or of users having unapproved apps on an Android tablet don't have the same concern over data emailed to computers or over the fact that they happily let employees work after hours from home computers full of personal apps. There's a double standard that reeks of a hidden agenda to block the shift to employee-driven technology or to assert new levels of self-justified control in a perverse land grab for relevance or job security.
A good test of whether a security policy is legitimate is if it is applied equally to all endpoints. These days, many endpoints are in use, and we will not go back to the day of employees all working at a corporate office on corporate PCs unconnected to the Internet and locked out from the rest of the world. It's 2011, not 1981. A second good test is whether its cost (in money, lost flexibility, lost opportunity, and time) is worth whatever is being secured.
The fact is, the iPad and all the other mobile devices that have enjoyed so much uptake by individuals and enlightened businesses bring tremendous benefit. More work can be done in more places, improving customer satisfaction and the company's bottom line. Employees can use the tools and devices that fit their personal style, reflecting and honoring what they bring to the table -- they are not robots, after all. And they can use a mix of personal and business tools, which helps the business because now they work more and across additional hours of the day. Additionally, this compensates the employee by letting them reclaim some of that time for their personal lives.