KuppingerCole Webinar recording
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
KuppingerCole Webinar recording
KuppingerCole Webinar recording
Good afternoon or good morning or good evening, depending on the time zone, ladies and gentleman, welcome to our Ko co webinar and training. Preparing your enterprise for the generation, Y B Y O D and mobile device management. My name is Martin Kuppinger I'm founder and principal Analyst Cole. And you could reach me, MK copy call.com. Before we start some channel information calls is Analyst Analyst company.
We're providing enterprise it research advisory, decision support, and networking for it professionals based on our research services, our advisory services and our events, our research services include a lot of reports. We are publishing regularly. Our advisory services are focused on end use organizations as well as when they're supporting them and their strategy definition in their decision support in other areas, and our events include our webinars and trainings, and they include us or European cloud conference, which will be held next time, May 14th, two 17, 2013 in Munich.
It's their conference around saw leadership and best practices, digital ID, cloud, and GRC. And you definitely shouldn't miss this conference. All information is available is available at our conference website, some guidelines for the webinar itself. You are C you don't have to care about these features. We are recording the webinar and the podcast will be available most likely by tomorrow and Q a will be at the end. So you can ask questions using the Q and a tool at any time. We usually pick them at the end of the webinar. There's also the opportunity to earn one CPE point.
So it's the continuing at professional education credits. There are different learning objectives, sorry. Trust missed to copy the right ones, but you will find the correct learning objectives at the website of this training. So just go the website, I will find them, there will be the correct questionnaire available after the webinar. So you can take the test. If you take it past the task, you can earn one group internet based CPE point, given that your titles has been confirmed and so on. So you will receive an email link containing email, containing a link to the test.
Then this here will include the learning of then, as I said, you find a learning of as well as at our website where you registered for the so let's directly start. So our topic of bring your own device, generation Y and, and how to deal with these things. I think it's a very, very important topic in these days. And we are reading a lot of things around bringing your own device.
And when I look at it from an Analyst Analyst perspective, I see a lot Of proposals, but when there's a lot of promises made and in many cases, my trust feel, I'm not fully convinced to positively said in many cases, I just say, okay, you know, is there someone trying to sell a solution to the customer, which promises to solve every problem around, bring your own device, but it doesn't. And that's where I think we also be a learning.
So my, my, my target today is really to inform you about what does it really take to, what does it really need for, for secure and bring your own device? Or should you do, how should you deal with this entire topic? Why do you have to do it? And I wanna start with a picture using and a lot of presentations, which is really highlighting the customer travelers. That that's what I, what I am correct. Work. My colleague called it computing Troy car.
And there are three things which are really fundamentally affecting what we are doing in it, which are cloud computing, which are social computing, which are mobile computing. So we have a mass new devices. We are using different types of indications, doing a lot of things in social networks, engaging in different types of them. Customers want to use these networks and employees as well. And we have to shift towards cloud computing. So a trend towards the world where we have a lot of external provided services, we are consuming and that affects the way we are doing it.
And it leads to two major changes. One is cons consumerization of it. So a lot of things are really driven by the users today.
In fact, you could say that has started way back in the eighties when the PCs came to the market, but it definitely has reached fundamentally new level, the consumerization part. And the other thing is deeper imaginization. So it's not that we have a PC in our organization and a little connectivity to the outside world. Reality is that business processes and use of devices are spanning sort of the entire world going well beyond the organization. There's not the parameter anymore and bring your own devices very tight related to many of these changes we are seeing there.
And when we talk about things like generation, why or digital natives, the first question is, why does this really change corporate it, why duties users change corporate corporate? It, I'm not a part of these digital natives or generation Y I'm born 1965. So I'm a little bit older.
However, I have a son who's that age. I know a lot of people who are in that age. So I think that's, that's the other side. So who do we talk about generation? Why these are also called the millennials, the ones born after 90, 80 and grown up was the wise seven. So in that area around digital ladies are more or less the same with some more emphasizes on the digital aspect. So really the, the ones who started their life more or less being familiar with computing devices. And so why do these change corporate it? So why do these, the effect corporate they've grown up with digital devices.
They're used to use it. It's a part of the everyday life, much more than it has been for my generation or the older generations. And they expect others to use devices of their choice, choice, and business life, more than any generation before. It's not that the others like me don't text. So bring your own devices, not only driven by the young ones and so manages, maybe probably were the first one to really push this, to drive this forward, requesting to use their new smartphone, their new black barrier some years ago to access corporate email and so on.
So they were really one who brought in the GATS quite a while ago. And for sure there are other groups also for, for quite a long time in the organizations, like what I would call the Microsoft Analyst. So the apple and Linux as the platform they want to use, want to use the Linux.
They said, I want to use the device of choice, my device of choice, which also led to a situation where other types of devices came in, where devices were in controlled by corporate it. And so I think there, there are a lot of drivers generation wise important one, but it's the only one I think we should keep this in mind. But the clear point is that this generation is grown up with, I use different devices. I'm used to use different devices and that's my way to deal with it. And I won't change it for my job.
I don't really believe in that people would become an of an organization when this organization is a little bit more restrictive. However, it'll be always a pressure on doing this. And that's, I think the, to opening up this word, I think that's where we have to react on. And when we can look, bring your own device, I think it's also important to understand, bring your own devices. Not only about smartphones, there are a lot of other types of devices out there. We have the tablets accruing market in very big market.
In these days, we have the notebooks of employees for sure, which are also sometimes bring your own device devices, devices, which are owned by, or if you look at the part of co, so the corporate owned personally and labeled sometimes they're that way at that time of device. And we have for sure, a lot of notebooks, not device external accessing the corporate networks, just think about the auditors. And they're just one of these groups.
And then we have the PCs in the home office, which are also a pre your own device piece, because these are own devices which are used to access corporate versus they are far away from a smartphone technically seen. So I think a very important point. And that's a fundamental mistake. A lot of vendors make is reflecting only on smartphones and tablets, maybe, but ignoring the rest of the world. That's not correct. A lot of bring your own devices are traditional devices, PCs, and public locations. And for sure, we will see a lot of other types of devices.
We maybe not even can imagine today, which we will have to deal with in the matter our future, who of us knows, which will be the computing device of choice three years from now. Now probably borrow no one. The only thing I think is sure, it will be different devices than the favorite devices we have today. We've seen it as the iPhone. It has been the smartphone for quite a while right now, Samsung, I think solves twice smart smartphones than apple does.
So, and by the way, this devices that are using different operating systems. So some are windows most are enter rate. And there's the only thing which is sort of constant is to change. But I think it's very important when thinking about bringing your own device to understand, it's not only about smartphone and tablets, and then we have another review we could have.
So the, just build a small metrics here on one dimension, we have corporate out to personally own. So the device that's more easier or could be corporate own, or it could personally own. But the other hand, we have the sort of full control of the enterprise up to zero control of the enterprise. And then we have sort of full bring your own device here, personally, your own devices with not that much control. So this is a continuum, this dimension of control and bring your own devices here and limited bring your own device would be more where we say we have more control of the enterprise.
Even while it's personally owned. It's sort of somewhat limited because only few things are allowed. We have to corporate devices, very traditional controlled by the organization owned by the organization. We have to scope fired. Corporate owned personally enabled, which is around corporate owned. One with more or less controlled by personally enabled to trust users control, but it's still corporate own. And clearly we have in this area, the closer we are to serial control, we have a sort of gray area of unable risk where we, we are able to mitigate your risk to, to really know about risk.
So we have no chance there. So zero control probably is not the best choice if we come, if it's about corporate information. So one of the fundamental questions, many, many people race is, is there any chance to avoid bring your own device? No simply said, no. There is no chance. I think we are in a situation where bring your own devices.
In fact, in fact, it's there since PC's appeared, but the change game has changed over the course of the last few is a number growing number of devices. Everyone owns there are numbers, which says on average person has three devices, at least. So even on a worldwide basis. So there will be some 25 million devices out there, and many of them are used by the employees. So what do you have to do is controlling what can be done based on these devices. It's all about prohibiting, bring your own device.
It's about controlling things about getting a little bit better traction on this, avoiding the worst things. But we can't think about saying it's prohibiting, bring your own device, the letter. So trying to prohibit bring your own device is what I would call the donkey shot approach on bring your own device. So fighting the windmills and losing. And so let's, let's look at this more from the business perspective, what, what is, what business really wants from it. They want don't want technology. What they want is they want services.
They need to do their job and they want to keep corporate information protected adequately. And the letter is I think a very important thing because it's really about how can we protect corporate information technically in bring your own device work. It could be a call was not only company.
Some, some while ago has defined a called it paradigm, which is our guideline for the future of it. So, which is really the model we are using at the paradigm we are using to, to advise on how to move forward to your it organization, with your it services, with what to focus on in it. And there's a layer of business service delivery. So which are the services business wants. There's a layer of secure service and security management, which is about service management, which is very much about information security.
There's a production layer and there's an it governance, layers, information governance and service governance. And when looking at this paradigm information security is for a good reason, very much at the core because that's one of the things this is most concerned about.
And when looking at bring your own device, what you really should look at is how can we solve the, bring your own device challenge in a way that corporate information still is secure, adequately secure, which doesn't mean that everything has to be, everything needs a strong security it's about adequate security, which means the level of security you need for a specific piece for information. And when looking back to this computing Triar so I have another picture here with cloud computing. So deployment models to social computing, the mobile computing, the device types.
Traditionally, we have looked at the inner part, which said, okay, we have everything internal. And right now it's looking at the broader part. So information security is fundamentally changing. And when looking at information security, it's not only about supporting different cloud deployment models, it's not only about supporting enhanced user populations. It's also about supporting different device types.
And so when, when looking at this, this thing at our, our it paradigm in the context of computing and in the context of bring your own device, so how does the supply, so how does this fit to each other? So information security has cover all services regardless of the deployment model for all potential types of uses. Well beyond the employees using all types of devices, that's what we really need to do. That's our, one of our car focus saying thin it, a role information security and putting information security in center allows to follow an information center approach and bring your own device.
And that's really the point. What we want to protect is not the device. What we want to protect is the information. That's the reason why we bring your own device. We want to protect our information regardless of the device used focus on protecting corporate information that fulfills the real business need, by the way, bring your own device is also about providing a business really wants to their trouble. They want to have the device of choice. That's a part also of our it paradigm. So bring your own devices tightly related and, and looking at this paradigm. And we way to focus on that.
There are a lot of answers in for bring your own device, but there are some more specific answers. And that's what I wanna dive to keep right now. So when we look at approaches for secure, bring your own device, there are some standard approaches and there are, I think, four types of M there. One is the UI centrism. Then there, we have the application centric approach network-centric approach and the information centric approach. So the UI centric, that's what usually is covered by, by technologies.
We we've find with the name MDM or mobile device management, not mix up with smart data management, same acronym. So mobile device management, the problem, or the questions you have to raise here is will you ever be able to manage all devices and especially all devices beyond smart phones and tablets, because when you look at bring your own device, it's not only below mobile devices, it's about all devices. What about classical devices here?
When we look at the application centric parts today, we found the name of mobile, mobile application management, then the questions, what about the standard apps? So there's a Porwal approach, which allows us to deliver some apps in a controlled way and other things. But what about the standard apps? That's one question, sometimes it works.
And, and what about web access? So what about the situations where we still access websites? That's the next question? What about devices without apps and all these things? So there are also a lot of questions which are usually not fully answered. Then we have the network centric approach, which really builds on the network. So more having devices, which still the edge of the network network, where graphic passes through which they analyze, where they might, might require an authentication or other things. The question is what, when access bypasses these apps devices.
So what about a mobile device used to access the cloud service that that necessarily ever touches the enterprise, but it might touch cover information. What about a situation if someone blacks in his notebook into the land of this organization. So again that everything works here, some of them then support at least wireless land. You can do a lot of things. You can integrate a lot of things, but it's, I think again, we have a lot of open questions, information centric, it would be, I try to protect information.
However, we are also touching some borrows. I think it's my clear perspective from my clear expectation is that we have to move forward towards information centric, approaches, understanding which information to protect, trying to protect this information encrypted. When we store it encrypted. When we transported using information rights management approaches also on, on all types of devices.
However, the problem is how mature are these approaches right now? Is there really a hope for an information rights management across all devices, devices? I think we will see over time, but it's still a long way to go there. So simply said, if you look at all these approaches, none of these approaches, which are the typically discussed, ones, answers, all questions, all of them, we will easily be able to find more questions for all of them.
We can raise a set of questions, which, which we should keep in mind and which trusts say, okay, this approach for itself, obviously isn't the holy CRA, the Niana of secure bring your own wi and there are other approaches out there. So, so we can look at the Royal virtualization in that game. So there's the approach based best virtualization where you access the corporate desktop is pretty traditional from different devices and with a broader productive devices. So brought us Porwal for mobile devices. There are new opportunities in that area. That's particularly interesting.
It's an, an interesting approach. There's a good level of control.
However, still a risk of malicious access. If the devices compromised or stole, if passwords are still on there or, or other information stored, it still might be used to access information. So it's not a hundred percent secure thing. And in many cases it's not extremely convenient for users because the paradigm of these environments is different because it's more the set client for additional desktop user interface and, and paradigm than it is for the mobile device. So it's left the perfect solution there.
And you'll quickly after people asking about why can't I use my mail app on that device and why do I have to go to that corporate desktop to use my outlook or whatever application there. The other thing is device virtualization. So what we see popping up right now is device virtualization, running virtual mobile device environments and on mobile devices. So sort of the private environment is the host OS relatively insecure and non control.
So that's sort of the, the traditional environment we, we know within this environment, sort of a guest environment, guest or restaurant lighting, sort of the same, the same environment. So sort of iOS running on iOS or Android, running on Android or windows phone running on windows phone or whatever which, where the guest OS is than more secured. So the guest, or is it controlled by the corporation by the organization? The private environment is controlled by the user itself.
I think it's a very interesting approach will be interesting to observe how this turns out and, and how seamless, and, and it works for my experience on looking at virtualization, for sure. There's some lessons learned you could apply to this. So several things which took some years in the classic dust commercialization will be implemented faster.
However, I think it will take quite a while until we have a smooth solution at the area might be interesting to see probably also once follow for our problem. There's another area which is run for your own device, which is another piece of the security story we have to look at. And this piece of the security stories around the role of context and risk based authentication authorization, looking at it's sort of from, from a little bit different perspective.
Again, this perspective in this case that we say, okay, we know our information risk. We have context information. We have an information about who is using the device, which devices he using, which is look what, which location is he there? And then we say, decide based on information risk in the context information about, can we authenticate, can we also authorize this particular access, which is requested right now? That's from my perspective also part of the entire bring your own device story.
So really saying based on device, based on matter factors and based map to information risk, we, we fact aside about authentication and authorization. So that's more about saying we might know the device isn't very secure, but we restrict access to a lot of things, depending on how well security devices, what type of device is used at all. So that's another element with citizens. So when we look at this, it becomes clear.
We not only have our, I intent discussed approaches like MDM, a, there are a lot of other pieces within that story, which include things which go well beyond the device centric or the app-centric approaches. And very important element of this is something I've, I've mentioned more than once.
Listen, this is understanding the risk of information. So it's about product providing adequate access to information. It's about adequately securing information that need, that means we need to understand the information risk here. So risk what it is this about. It's about a threat we have with a specific probability, which has an impact on the asset. So we can have a valuation this, which does have an impact on our business process. That's a risk, risk is something we can calculate. We can have a look at, and there are different types of risks we are facing.
So strategic risk, reputational risks, operational risks, and it risk. And the important thing when, when looking at is many organizations still tend to think about, okay, we have it risks, and we have sort of business risks, which is wrong because every it risk we are looking at is associated with a business risk. So it's operational and or reputational and or strategic losing data, compromise, cover information, all these things have an impact.
And if you have a situation where let's say a device is used and some contact data stored device, or is accessible and it leaks out to other apps in an uncontrolled way, because you just don't know that this operating system leaks such data and allows access to the contact data in an uncontrolled way. And you have some contact data which are PII of your say, clinical trial patients or whatever. You could imagine something which is really related to regulatory compliance issue.
Then you have a problem which is reputational, which could cost you a lot of money, which even could affect your entire business. And that's the reason why we have to look at these things and understanding risk is an important part. And information risk is a key element within this. And so it becomes clear when we look at, at risk, it's not about a risk of a system for device or a backend system, but if we have, in any case, at least to look at the information risk and the risk of a system becoming compromised, maybe also services used.
So if you don't look at information risk, and that's our model of how to move forward is with different types of governance saying the target should be that we understand what is used in the business process, which services, which information is used, and then relating all these things to each other. That would be the ideal world, but at least sort of the, the level two, the advance or the information governance approach is mandatory.
If you want to manage to bring your own device environment, you have to understand information risk, and not only a technical risk for a system, because at the end of the day, you need information center approach, understanding which information can be used on this. What is the risk for this information? What will it cost me in the worst case?
What are, what is my really my risk calculation behind this? There are different ways of risk ratings. And I typical are saying, okay, we have different levels of costs, 10,000 Euro or dollars, 100,000. And so on. We have a probability and some things we, we might understand this relatively uncritical because the probability isn't that high and the impact isn't that high and the higher things become the higher, the risk. There are a lot of things which we can use. So we can look at information, risk of process, system service, or system risk and can build up such risk ratings.
There there's a lot of methodology shelter. We have to do it because we need to understand, bring your device. What are our information risks? So the fundamental prerequisite for successful bring your own device, or for secure, successfully secure in bring your own device is understanding the information risk. We need to understand what are the risks, which information is at risk. What does it mean? And then we can decide about policies saying, okay, that type of information, which has a high risk might be only accessed under specific circumstances.
So for example, using specific types of apps we have provided instead of the standard apps or the information not be, might be not access at all from outside of the parameter of our organizations, if we have this perimeter. So there are different different approaches to do this, but we need them to define the policies. And we need to understand not every information can be accessed the same ways we need policies. We can define controls based on that, where we analyze the status of these things.
We have them to track the legal aspects, not a very important topic when we're looking at bring your own device. So if you have more to cope approach, the corporate owned personally enabled, we are better able to, to enforce agreements. If it's about bring your own device, the legal aspect for the negotiation of contract is much more complicated because it's the wives of our employee or someone else and enforcing things.
There is a little bit more complex, but at the end of the day, it always nails down to saying, okay, if you don't fulfill specific prerequisites, you're not allowed to access specific type of information. And then you can start implementing technical solutions to this policy enforcement and risk mitigation.
However, what frequently sees that someone says, okay, we have a problem with our bring your own device, but we need to enable it. So we pick an MDM tool and then we are done.
No, unless you don't understand information risk, unless you have defined policies. And unless you have defined the controls and legal aspects behind this, you're definitely not done. You probably have something which might might help you for your C UA strategy a little bit, but it's only a very short term thing. So to really secure yourself and to really secure your organization, you have to do more. So bring your own device is definitely about combined approaches.
When going back to the different ideas or different concepts around bringing your own device, there's not that single approach, which solves everything. It's about combining different approaches and understanding risks and prohibiting access and in specific situations. So bring your own device doesn't mean that's not a part of the concept that everyone can access. Every single solve limitations. That's not about it's about controlled access to corporate information, which is allowed for other devices.
And when, when going back to this serial control to full control, the closer are to serial control. The more it's about minimal access are to full control the are to fuller, comprehensive access. Even while we have to keep in mind that most of the mobile devices trust are not as secure from their inherent security from the building security as traditional devices are things are making some brokers, but still a long way to go. So the level of control, the level of access are tightly related. The higher level of control, the higher level of access can be.
So when looking at them, they're looking at selecting technologies. So which technology technology should we select? What are the main criteria I've picked eight main criteria out here. And I think these are very important ones. The first question you you should ask is, are all types of old devices supported. And going back to this slide I had at the beginning, the list of devices is much longer than the most vendors and most organizations think about at the beginning.
So if not, what do you need in addition? So if a tool only supports iOS and Android, what do you need else to support all the other types of print your own devices there? Others are there. You need more. And it's interesting to see that some of the lenders are especially vendors, which are more driven by traditional clients, management or system lifecycle management have a much tighter integration saying, okay, we can support everything up to the mobile device. So it's a much broader scope there. And there's good reason for that.
So trust, securing specific types, sorry, going back, specific types of devices, that's not a solution there's more out there and you need to cover all, maybe not just one technology, but at least within your bring your own device security concept. The second question you should raise is, is there a good chance? A new types of devices will be supported immediately after availability.
And, and if you're the answer of your vendor, and maybe for example, today, do you support the windows phone?
And if his answer is no, not yet, because there's not enough demand out there, then that's a very good reason to forget about its vendor because the next device of choice, a lot of people will bring in, might be then again, one which isn't supported by that vendor because the vendor says, okay, I'll wait until this new type of device has a enough direction in the market because that's the, the part behind this answer, because my solution requires a lot of effort to support all these types of devices. And that's where, where device and technologies at the end of the day usually fail.
But the effort of supporting a lot of versions and a lot of types of devices and all the Android versions and all the windows version and all the type of stuff, that's, it's a recent little amount of work. And so when time to support all the most important ones, but if you want to support your users in enabling them to use also the newest type of device of trials, then you will struggle with these device, these types of solutions. They're not sufficient, at least not sufficient to cover everything.
It might be helpful to address some of the aspects, but again, they are not the holy Crail between your own device. Security. Another point is that's the approach comply lead aspects. So that's especially interesting in multinational organizations where these legal aspects might differ a lot between different regions.
So, so in many situations, there's, for example, if you look at Europe user concern, this pretty high on list, so it might be very important to support in an adequate way. You can collect less information without involving that's probably for Germany called the so a selected, selected group of employees, which are representing them. And so there are a lot of things to consider as a solution, flexible enough to cover your needs here. How complex is the deployment? Another very important question. Can you deploy it? What does it mean for you? Organization-wide how to maintain it.
Can you centrally and efficiently manage this approach, especially if you have to look at more than one solution and at the end of the day, it will be usually more than one solution. That's the next question? How about management? How well integrated is this what you have, especially when you think about modern one type of bring your own device. What about user acceptance? So the side of the story, so that's, that's a very difficult balance because if you want to secure information, there's a price to pay in sort of convenience for the user many cases.
And so that's a balance which is really difficult to find. And I think it's also very important to explain it in the correct way, but some solutions are more easier to use there than others are. And you also have to think about this, does it mitigate the single solution, at least some of the server information security risks. So if the solution doesn't really mitigate some similar information, security risks, there's it's of little value. So you have to know your information risks again, to decide about, can I mitigate them?
And then finally it's about dust, a combination of chosen approaches, mitigate all information, security risks. So all S have to be mitigated in some way. And that's about a combination and you have to find sort of the simples combination, the most simple combination of solutions to do that, that might include not only allowing access to some information with specific devices from specific locations. So you might say, okay, I can't mitigate at risk, so I don't allow it, but this not the type of thing. So that's what you have to do. I think these are some very important criteria.
There aren't that many, but when you look at different solutions, you will very quickly identify that you most likely will not find the single solution results that we're seeing besides a very, very specific use cases. So there might be some very specific research use cases, very single solution. So most of the things, so sometimes in healthcare or in education environments can do a lot of specific type of solution. But even there, if you look at the entire range of things, usually it's not about one solution which covers everything, looking at the policies again.
So what are they based on things which truly influence the corporate policies are information, risk, understanding this, the legal aspects. What do you have to do? What can you do? What can you enforce the user requirements? So what does the user want to have? How can you implement contractual agreements? How do you do it? And then finally the technical solutions, but it's definitely not about starting with the technical solution. It's understanding what you need and then picking the right set of technical solutions. So bring your own device.
This, from my perspective, first of all, about looking at it from an information centric perspective, unfortunately we are not yet there that we could say. We use also an information centric technology, which perfectly solves everything. These segmental aren't out there yet. So there's no single solution, but the view from information, from information perspective, information prospect, now the information center approach is a key thing, bring your own device and always is a balance between user acceptance, device support and information security. It's not easy to solve.
And it's always about finding compromises, but a compromise regarding information security is only feasible in a limited way. So at some point you can say, okay, no way to do it because the information risk is too high. So you need to understand your information, security risk.
First, you have to information centric and you need to accept that there's no chance to limit the breadth of devices and use. There will be always new devices and they are people quicker than you can can imagine. And you can embed on that. Maybe once Microsoft start selling it's, it's new, newly announced te device. There will be some uses, which have to device and say, I want to use this windows a wise right now. And then it's another type of device you have to support because they're always the people who want to have the new Garet. There's a single technology, which covers all needs.
I don't know one. So if when says I have it, I'm very willing to, to have a look at it, but I also will then very bluntly say, when I don't feel that I'm convinced, so you should start with information, security risk, then pick the set of technologies, which helps to mitigate the most risks so that you at least have addressed them. And you have to add contractual agreements for technology can't mitigate risks or very can't afford technology, all the technology, which would help you to mitigate all risks or where it's trust that feasible, not acceptable.
And for situations where a block access approach can't be. And for so block access saying, you're not allowed to do it with that advice is a good option. In some cases, it's not about Infor in that case, you need very clear and very tough contractual agreements, at least. But if things go wrong, it probably won't help you in that situation. So these are the points I wanna bring to table when it's about, how do I deal with this clearly it's we need to support premium device.
We will need more, more than one technology, and we need to need to understand our information security risks, to take the appropriate technologies, to implement, bring your own device correctly. Right now I'm open for questions. So if you have any questions, you might enter them using the questions tool and go to webinar. I will see them on my screen. I will read them and try to provide answer in them. So you might right now start entering your question so that we can have a short Q and a session right now.
And maybe as just one addition, reassemble Analyst, we are looking at a lot of different products, a lot of offerings of vendors. And as I've said, I haven't so far, I've looked at a lot of solutions in that area.
So far, I haven't seen anyone which really has, has fulfilled the promises and expectations have I don't see that type of devices yet. So if you have any questions, it's latest time to answer, to answer these questions so that I can pick them. If there are no questions, I just wanna quickly mention again, our European identity conference and have a look at our websites regarding our references, by the way, also a pretty interesting program called the select program, which allows you time limited access to our, okay.
So if there are no questions, then it's up to me to thank you for your information. And thank you for participating this company called webinar. There will be a series of webinars on other topics soon. There's also bring your own device report at our website, and there will be other research in that area following soon. Thank you for your time. Thank you for your attention and hope to have you back in our, one of our upcoming webinars. Thank you.