It's no overstatement to say that smartphones have changed just about everything. Cases in point include:
- Brick-and-mortar stores now serve as de facto showrooms for Amazon.
- No longer do you have to drive to your office to check e-mail or even get a little work done.
- Via beacons and location-enabled services, companies can now tailor time-specific offerings to customers in previously impossible ways.
And we're just getting started.
It would be folly to claim that smartphones only solve problems. To be sure, they cause or exacerbate many others. Perhaps privacy deserves to be at the top of that list, but how does an organization strike a balance between usefulness and ickiness here?
It's an interesting query and I won't claim to know all of the answers. I will, however, offer some food for thought here.
- Consider the worst-case scenario. If hackers can get to relatively secure PCs, what's stopping them from hitting webcams, cars and other connected devices? (See the 60 Minutes' piece on hacking a car here.) Armageddon may not come, but it's best to think about potential responses to a doomsday scenario before that day arrives.
- Apply different approaches to different industries. Security in a hospital or government agency isn't the same as security in an Applebee's. Nothing against the restaurant chain, but there's no classified or overly sensitive information in a lunch special last time I checked.
- Remember that BYOD is here to stay. The internet of things concurrently offers enormous potential and risk. I can't predict the future, but it's safe to say that more devices will connect tomorrow than today. CXOs would do well to remember this.
- Recognize the inherent tradeoff between convenience and security/privacy. Facebook Connect offers incredible convenience to users and developers. (Don't feel like creating a separate user name and password with a new service or app? No problem.) Still, it's important to remember that employees and consumers are effectively allowing third parties to access sensitive information about you and your network. What's more, that extension may expose you, your network and your organization to additional vulnerabilities. (That is, your information may now reside outside of a single company's servers. Apple or Samsung may well not be the only companies that possess more information on you than you would like.)
With any technology, the fleas come with the dog. Personal data lockers aren't ready for prime time yet, and even then plenty of bad actors will try to get into them. In the interim, don't pooh-pooh security as the other organization's problem. It's yours as well, whether you believe it or not.
What say you?