From coffee shops to planes, trains and cruise ships, workers have become accustomed to readily accessing data from just about anywhere. The problem is that it is easy to forget how vulnerable that makes us to security threats. At IBM, this challenge is no different than the one virtually every company faces today — with the potential exception that there is a staggering scope of mobility inside a corporation of its size.

IBM has roughly 400,000 employees and contractors, approximately 50 percent of whom are mobile or work from a nontraditional office. The company manages more than 700,000 laptops, 5 percent of which are personally owned, and more than 140,000 mobile devices, 85 percent of which are personally owned.

Given that kind of scope, what was the thinking that went into ensuring a diverse global workforce of this size — and the devices used — would be secure? What kind of solution could be flexible enough to give employees access to data they need and simultaneously provide the security necessary to manage a globally integrated enterprise?

These are the questions Bill Tworek, executive architect for the IBM CIO Office, answered Monday in his IBM InterConnect 2015 session, “Security in a Mobile World.”

“Many reports will tell you that mobile is actually supposed to be more secure than traditional computers by as early as 2014,” Tworek said, “but the reality is, for IBM and virtually every other company out there, it’s not just about managing and securing mobile devices. It’s about managing the intersection of several different forces blossoming today: mobile, cloud, IoT, social, consumerization, big data and more. So, you can easily see how the complexity rises incrementally with not only the increasing number and diversity of devices connecting to corporate data, but also the external environmental factors that have to be considered as well.”

Managing Mobile Security

The trick, according to Tworek, is to make sure you focus security where it really matters and give more flexibility where it doesn’t. IBM solves that problem through a five-step philosophy to manage the intersection of the cloud, mobile and other factors:

  1. Establish policy-based legal protections
  2. Recognize the employee as the first line of defense
  3. Create granular and data-focused security paradigms
  4. Focus on design and usability
  5. Leverage cloud speed

The solution for IBM was to effectively eat what it was cooking. IBM deployed its own MaaS360 (previously IBM MobileFirst Protect) solution across the company. The results were pretty impressive, with 70,000 employees enrolling in only one month and projected savings of more than $500,000 from migrating to a software-as-a-service model.

“For IBM, responding to the vanishing state of ‘in the office’ meant we needed to manage both a wide array of devices and locations, coupled with both employee demands for access and the vast amount of environmental factors converging on mobile,” Tworek said. “We had to do all that and retain enough control to keep our data secure and our compliance requirements satisfied. Now, we can.”

Learn more about how other companies are managing mobile in a way that balances the philosophy of giving employees the access they need with the reality of keeping their data safe.

more from Endpoint