Mobile Enterprise Errors (Unintended) #3: CXOs really do not always understand
This delightfully simple Mobile Enterprise Error (Unintended) comes from the energy industry, courtesy of Husam Kinawi of Wedge Networks (of Calgary, Canada). It is a downright simple example of what does occur when people do not understand what they are asking for when they demand mobility and simultaneously do not listen to professionals who do.
In this case the CXO of an oil and gas company in North America wanted an iPad. He went and bought one and brought it to his office. There he summoned his Head of IT and asked to connect to the enterprise’s network so that he could access corporate resources, much as he had previously done with his PC but in a neater format.
The Head of IT resisted. He explained that he had not had enough time to evaluate the access and security implications of adding an iPad to the corporate network and that it was his understanding that various aspects of iOS connection needed careful implementation if this is to be successful and secure. He said he was not yet prepared.
That did not matter. The CXO knew what he wanted, which was to use the iPad to access corporate systems and data.
Reluctantly the Head of IT felt obliged to connect the iPad, even knowing that what he was doing was not secure to the degree normally required by the enterprise. But the CXO was part of the executive suite to which he reported. He thought, however, that he (the Head of IT) would have time enough research what he needed and would be able to implement the necessary controls before too long, with minimal exposure. The risk seemed minimal and acceptable.
All the same time he was alert. On the first day of access he saw the CXO go to the bathroom, with iPad in hand. Keeping an eye out he observed that when the CXO left the bathroom, there was no iPad.
Entering the bathroom, there was the iPad — with full access to that enterprise’s applications and data — sitting beside the washbasin, ready for anyone to remove and exploit.
The good news was that he could pick it up and return it to a shame-faced CXO. This opened the door to execute security properly.
You think this untrue? It happened — so simple and yet so dangerous. A tablet (or other mobile device) is all too easily picked up, and may not be missed in the same way that a mobile phone is. If that tablet or smart device does not have the requisite security, it becomes a security liability. This CXO behaved like many others have done and will continue to do — too often failing to appreciate the power, sophistication and mobility (in all senses) of smart mobile devices.
Fortunately, in this energy sector example, no damage was done. In other circumstances it might have been.
Previous Mobile Enterprise Errors (Unintended):