What’s Next For IT Security? Post-PC Devices

Greetings!

As I have pointed out previously in these pages, this year, the number of post-PC devices such as tablets, eReaders, and Internet-capable mobile phones, will eclipse PC devices, such as desktops, laptops, and netbooks. I heard a story earlier this week about a CEO who went to a board meeting and felt a little cranky because he was the only person at the meeting who didn’t have an iPad.

The invasion of non-traditional computing devices into the business sphere is a big deal for Security and Risk professionals. It changes the perception of what computing is, and creates what my colleague Jeff Hammond calls “the mess of many.” And when it comes to security, the changes are even more profound. Not only are these devices smaller and more personal, but they are more likely to be lost or stolen. And as your favorite security vendors have been pointing out, they just might be riskier too.

At Forrester we have a slightly different take than the security vendors. Post-PC devices aren’t like general-purpose PCs. They don’t run general-purpose operating systems, and they have distinct security characteristics that make them more risky in some ways, but less risky in other ways. 

If you are trying to make sense of all this, as your IT staff struggles to field increasingly loud requests to connect every imaginable device to your network, you aren’t alone. Trying to navigate the post-PC era is a hugely popular topic with our enterprise clients right now. But fortunately, we also have a report that tells you What It Means. Introducing my new report, “Security in the Post-PC Era: Controlled Chaos.” From the abstract:

The surge in post-PC devices that do less but do it in more places means that security and risk (S&R) professionals no longer have the authority to veto the use of mobile devices or limit use to a specific brand. But these devices increase the risks enterprises face, with the prospect of increased theft and rogue apps and questions about data ownership. On the other hand, post-PC devices are safer to use than traditional PCs and require less security aftermarket products as a result. S&R professionals should aim to bring a measure of control to an increasingly chaotic environment but not stifle employee flexibility and innovation. To be successful, enterprises must let device capabilities, not brands, drive support decisions; build a multidevice management infrastructure; set up a company app store; and use thin clients to keep sensitive data off of endpoint devices.

I’d love to hear what you think about this report. While you’re at it, check out the vibrant discussion security and risk pros have been having in the Forrester Community site. And if you’d like to know just what your users think about all this, see this Community discussion on consumerization from the end-user’s perspective.