What IT can do is have policies in place for how users enter the corporate networks and access corporate data. A third difference is the sheer complexity introduced by smartphones.
When IT designed networks, they didn't expect that users would be checking their mail from a desktop, a laptop, and a smartphone (or two), said Alan DeKok, CTO of Mancala Networks. This means that for a company of 1000 people, IT may have 3K-5K end users to manage.
Added users increase costs and decrease security as IP address pools become exhausted, VPNs fill up, and firewalls get overloaded. In order to address this problem, though, IT must get a better understanding of just what they are up against.
According to the Aberdeen report, the majority of organizations that allow employee-owned devices on their networks have little or no visibility into device usage patterns and telecom costs.
Once an administrator has authorized a user to connect into the network with an iPhone, for example, the user does not need permission to add additional devices to the network. Without daily or weekly reports, IT has no visibility when a user switches their current smartphone for another type of device, said Datoo of Zenprise.
Mobile management software helps in this instance. However, before understanding device usage patterns, IT must know what devices are on the network in the first place, which requires regular, thorough network scanning.
According to Craig Lund, CEO of MultiFactor Corporation, the biggest threat from smartphones, even with policies and security software in place, is the lost device.
Corporate data roaming from work to home to coffee shops to airports to bars (look at how much trouble that lost iPhone prototype caused) will remain a problem no matter what security is in place.
Passwords can be hacked, encryption cracked, and, as mentioned earlier, users may be reluctant to report their phones as lost.
As a way to avoid this problem, Lund recommends moving to cloud-based apps.
If the data is off the devices and secured in data centers, then IT need not focus on the device, but rather on user identities and authentication, which can be centrally controlled and managed, Lund said.
When data is not stored on the device, the smartphone is simply a portal, and ITs job just got a whole lot easier.