“Mobile devices are wonderful things. They’re light, easy to use and operate, accessible, and available – and they’ve revolutionized the way we manage our personal and business live. But for most of us, the mobile devices provided by our employers have very strict “controls”…During a typical conference call when I need to refer to my iPad, it’s common for me to have to sign in with a password four or five times. I suspect I sign into my mobile devices several dozen times a day. I don’t lock the door to my home that often. “
Turn Your Mobiles Off
In the above example, Bruce McCuaig dispels the first first myth that mobile devices should always be on. While he acknowledges that it is indeed a pain to have to continuously log back into devices, he also notes that most of his colleagues (and people in general) see this as acceptable. In this instance, it is wiser to deal with continuous log-ins instead of leaving the device open and vulnerable.
Another point McCuaig brings up is IT's mindset of more being better. While it is possible to implement many controls for risks, it doesn't necessarily correlate to mitigation. He suggests having a level of oversight on any controls implemented. Much like only being allowed to choose one type of candy at the store, IT should limit controls to only those that are most beneficial.
Risk Management: Have Just Enough
McCuaig also points out that, with risk management more is not always better. McCuaig argues that controls “should be treated like medication.” Controls will be more effective if you take them only as needed. In the same vein, “just because we can” controls, according to McCuaig, are “harmful and addictive.” Just because technology is easy to use does not mean that we need to use it. Overuse of risk prevention technology can result in a reliance on devices that many not always work in our favor. Overall, McCuaig notes that analytics and driving out bad controls might be the answer. The fewer bad controls there are, the more skilled control experts are at doing their jobs.
Read the whole article here: http://blogs.sap.com/innovation/analytics/with-controls-too-much-of-a-good-thing-can-be-bad-023305