Dr. Barbara Mandl, Senior Manager, Daimler AG
April 17, 2012 18:10
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Dr. Barbara Mandl, Senior Manager, Daimler AG
April 17, 2012 18:10
Dr. Barbara Mandl, Senior Manager, Daimler AG
April 17, 2012 18:10
Thank you now to move along. We next have Dr.
Barbara, Amanda. Apparently there are women speaking on the program at this conference and we have finally arrived at that point. And Barbara Mandel is senior manager with Daimler, and I was delighted to meet her earlier today. And I'm looking forward very much to what she's going to tell us about bringing your own device. I have this, you can have that. Thank you very much with This one. And I'm done well, good evening. I'm sorry. It's fairly late for you.
One of the things I always like at these conference, this conference specifically, I'm always inspired by a lot of speakers and it's always hard when you're one of the last ones, because a lot of new things pop into your mind, which you would like to talk about. So I'm not really talking about bring your own device. This is for me old news, but it is an interesting thing because like the former speaker just said, it's a trend. And I use this trend to try to inform the business side of my company. We need certain stuff. I'm not talking technology, I'm talking processes.
So what happened last year? When I got the invitation, I thought, I don't really know what to talk about this time. And then I looked at it and we were talking about trends and tendency. Last year we were talking about social networks. We were talking about cloud computing. And interestingly enough, we have implemented these things. We're using them. We're rolling out systems. Not only at LER, I'm not talking about LER specifically, but in all these different companies. So a lot happened, but there was one thing which is still puzzling me a lot is customization.
And so asking around people, well, what do you think of customization? Where should I start to open up for these possible new trends?
Well, a lot of people tell you, they make it easy for themselves. They say, okay, it's about bring your own device. Okay? So I started looking into all the issues with bring your own device. They tell me, you know, new generations, everybody wants to bring their own device fine. I do too. I do have my favorite devices as well. And they fade away. They come, they go, but in principle, I need to be ready for this. So I think it's not so much talking about bringing your own device. I think it's more that people, and this is to Mr.
Mardini, who always has some dreams. My dream is that there is a certain flexibility in life that for an individual, he can, he or she can have a certain flexibility where he and she feels comfortable with. So this can also apply to device. You would like, and also access the data which the former speaker just pointed out the data you really want to have. You don't wanna have all the data out there on the internet, but the data you really want to see. So I started looking at what about company, own device versus user own device?
Not so much because I think technology wise, it's interesting or have to do it for the company. But what I found was people who have a company owned device. So it's owned by the company user own device. They own it themselves. But if I go on a business trip, I want to take my company owned device with me. Of course I want to, because the roaming is paid for me. If I take my user own device, nobody's gonna pay my bill. So probably I will take my company own device, but I would like to do some private stuff on it. I'm traveling.
So I might wanna use my social networking, my personal emails or other things I have to finalize also privately on the other hand with a user own device, if I'm on a vacation and I would take along my user own device, suppose I really have two devices. I wanna be able to do some corporate work on it. Now that's also a difficult question. Obviously I wanna see my emails. We all agree. Emails might not be so important anymore, but other media in your corporation will be important. You want to know if your organization changed and certain things like that.
Now let's stick to these two questions, the question, private usage or corporate usage or both. I had to answer many, many questions. So there were many questions I had to resolve, which were mostly obviously legal issues. One of the main that I am not allowed and one shouldn't do that makes certain business data with personal data. And I really mean personal private data, my rent or whatever, my, my other stuff. So I'm not allowed. I need to separate it. Okay. We're in it. Security. We sort of know how to do that, but it's not as simple as it sounds.
Another one, which I found interesting because most of them, you will know one, which we really shocked me was software. So if I have software on my company, own device, most of the purchasing agreements are that you're only gonna use this software in your work, in your business. So if I let you use your company owned device for private usage as well, you might be breaching some of our purchasing agreements. So the legals will go, oh, Barbara, you can't do that. That's gonna be very difficult.
On the other hand, you have that on you bring your own device as well, because if you have software on those and you bought them, or you have your license agreement to do this for personal stuff, basically you're not allowed to use this in the business side. So there were all kinds of questions coming up. And for me, one of the questions is always what about the work life balance?
And obviously then in a big corporation, you roll into the most difficult issue is tackling this with a working council, very different in Germany from the us, but still these are really controversial discussions you have to lead. So these were just a couple of the questions just to tackle this small problem, this small problem saying you have a company owned device you're allowed to use it privately. How much are you allowed to do on it? How is it limited put that in your policies?
And on the other side, the corporate usage on your own device, which you bring that took about eight months and I'm still, you know, we have all the policies now in place. It had to go up to the CEO to be signed off everything. So that's a, it's a, it's a hard way. But if you don't start doing this and solve this, you will never get to the other visions. You will never get to social networks because if you haven't solved this minor problem, which just shows up in a discussion, bringing your own device, it will kill you if you wanna do social networks.
So if you have this ownership, which I don't think should be important resolved, or it's your device, or it's the company own device, then the question comes, where are you using it? How are you using it? I'm not saying that people sit in the office in mobile, they travel, they are on our networks, but at home, the situation of your user own device, there are questions which obviously the legals ask, they ask, but you know, Barbara, if that device lies on your coffee table, your daughter is going to use it. How are you gonna secure that your daughter is not gonna use company data?
So there are very different scenarios there, which you have to, it's not about technology the whole time. It's a question about the processes and the risks and the risk management behind it. So what do I really want? I don't really care about where this device comes from or what this device is. The people want this flexibility. They won't access data. So if we would have data, which obviously most companies have, if you would say your data, which is residing partially in your enterprise or on some cloud, you have data in that you have your home data, you have data.
Well, I, you know, personally I have some own devices where I have things in, in other clouds as well. So I can always reach those clouds wherever I go, because that's the nice thing of the cloud solution. If I'm somewhere in the us and I can get to the internet, I can access the data. I want to see at that moment. But what does this ask for? And this comes back to the former speaker, this asks for a very strong access management. And when I talk about access management here, I'm not just talking the way. I'm not only talking about identity management.
I'm not only talking about authorization. I also meant what Mr. Kuppinger said at two, this is very important part is the data leakage. Because when I say you can access data, corporate data, whatever, with your device, whichever device you want, I'm not so sure I want you to download it. So these are the questions you need to be sure that then the data rests or it moves. You need to be sure because that's where I can't function anymore because I don't have a right to go onto your device.
So access management for me is not just what we've been talking about the last couple years about applications, but it's also, how are you using the application? Are you downloading? Are you changing something? Are you having a communication with this application? These are the things we need to move forward with. And that's why I don't call it last year. We called it context based access management. I think I would rather call it more intelligent access management behind it. So the challenges for the future with bring your own device, but please remember for me, bring your own devices.
Just an example for consumerization. I'm not even questioning whether it's going to come or isn't there. I'm just saying, where are we at at the moment working on these, bring your own device stuff. We sort of know a bit about hardware and software, which is out there. The green check does not mean it's all solved. That's not what I'm saying there, but there are some usable products out there.
You can, you can apply in certain surroundings, then the data I do believe. And, and obviously I'm a security person. So you worry about the cloud. I worry about the legal stuff, but I really strongly believe that data, which is important for you as a person and as a business person should actually be in a cloud because then you can access it maybe from everywhere. And also that obviously the security has to be in place, all that kind of stuff, but it's coming there. What I'm seeing and there's a lot of work to do is an identity and access management with all these different usage scenarios.
Am I downloading? Am I changing applications? What am I doing? That's something where I see. We still have luckily a lot to do in the next coming years. The last two problems also get into the area which Mr. Kuppinger said, I'm not so sure with all these devices and also these different methods that the users will be happy. If there is absolutely no service, what you can do with self service, what you can't do. I'm not so sure where we are heading in the next 10, 15 years, because it's still there.
If you use a device in your business and I would be very upset if my employees would tell me, oh, Barbara, I can't read your emails. And I say, why?
Well, my device just crashed. Now, nowadays, if they have a company device, I can replace it. But if it's their own device, what am I gonna do? So these are questions. This is a very simple question, but there are lots of questions behind that to understand what are we gonna do as an it internal it department? Are we gonna do something about it? Are the cloud, maybe cloud providers can provide some basic services. What are we gonna do about that? And the last one was also in the former talk is the guidelines or the standards, processes, rules, personal habits.
We've been talking a lot about these. I don't like it very much to talk about the next generations, but there has been some surveys that some of the younger people at this moment, I don't know if the services are, the surveys are really correct, are a bit careless about, let's say it security or security. And obviously if they bring this in to your company or wherever, even for themselves, it's not such a hot idea, but also for the company, this gets to a problem.
So I think the coming together, the ization and corporate usage could help to sort of support each other, to get into better personal habits, how you really use your data and how you access them. So I don't think bring your own devices very interesting.
I mean, basically we understand how it works. I think it's not a question I'm posing anymore. Is it coming?
Yes, it's here. We should provide it and we should work on this, but I think it's much more important to think. How can I have data accessible from every device and at any time, and this ties into all these targets Mr. COER had at two o'clock, all these things have to be resolved. Some of the things can be resolved in short time, but many things I think in the access management realm to move to this world, why strongly believe in, we still have a couple years to go.
So I would end here because for me, it's not a question that you, that I can tell you, well, if you use that device, you're not allowed to access these data. I don't think that's a solution. That's a temporary solution. It's an interim solution. We can go step by step, but at the end of the day, people, the data they want to have, they want to have access to all the time at any time. Thank you. So I'm also quicker, right? Yeah. A lot quicker. So Thank you very much.