The latest mobile security darlings won’t work either

I’ve been skeptical for some years now of the straitjacket technologies proposed by security vendors to antsy IT organizations seeking to lock down users’ mobile devices. The whole reason smartphones and iPads became the most quickly adopted technologies in history is because they support people’s freedom to get stuff done the way they prefer. Yet these tools try to convert them into the limited-functionality, hard-to-use devices that people are trying to escape.

Of course they fail.

[ How the mobile industry should tackle information security. | Buckle up — here comes the hard part of mobile management. | Get InfoWorld’s BYOD Deep Dive guide. | Subscribe to InfoWorld’s Consumerization of IT newsletter today. ]

I was reminded of this basic foolishness in a recent CITEworld story warning how the current darling of security vendors — containerization — risked IT delivering separate business environments on modern devices like iPhones and Androids that would be as bad as IT-managed BlackBerrys and Windows Mobile devices that users quickly threw overboard in 2009 through 2011. Sure, a container might be more secure, but it would also be less useful and harder to work with — which means it won’t get used, and once again employees will maneuver around it.

Remember that old saying: Complexity kills. Anyone who’s seen the stream of promises since the mid-2000s about using similar technologies to secure the PC knows they’ve all failed because they’re too hard to deploy, too hard to manage, and too hard to use. Yet somehow these same technologies will magically work on mobile devices, where usability is actually important?

I don’t know why this reality is so hard for many organizations to accept. Many don’t, so they waste lots of time, money, and productivity trying to to fight reality and human nature, rather than leveraging them for business benefit.

The CITEworld story was particularly instructive because a few months earlier its author had praised Samsung’s Knox containerization approach (which BlackBerry 10 also offers via its Balance technology) as the way for the Android world to beat Apple in its business stronghold, precisely by satisfying IT’s wants.

It takes some time to work through the real-world implications, and it’s easy to get excited by the latest and greatest, especially in the hypercompetitive technology sphere. I’ve seen that same “feast to famine” dynamic occur in many publications’ stories. (I cite the one from CITEworld mainly because it’s published by InfoWorld’s parent company, so I can’t be accused of being mean to competitors.)

Containerization is the latest proposed silver bullet for safeguarding businesses from their employees. A few years ago, EMC VMware was all over the notion of using virtualization to create some sort of separation. No one bit, and VMware was distracted by other issues, though it returned to the virtualization-based dual-persona game this year. Citrix Systems has more consistently carried the virtualization torch, though with little to show for it as yet. So does General Dynamics, which is working on a variant of the technology in hopes of selling dual-persona devices to the military. Never mind that the U.S. military later decided that single-persona iPhones meet its security needs just as well.

Like virtualization, containerization is a notion that keeps getting resurrected by security vendors trying to make a sale to IT. Before the dual-persona form was the simpler notion of the secured app container, which at least doesn’t create an entire environment that is hard to use; even if the business apps are bad, the rest of the smartphone works as it always has. Many vendors sell such app containers, but they’re tied to proprietary APIs and management tools, making them nonportable. Until that changes, they won’t take off.

Security is important, and sometimes usability should be sacrificed for it. But most IT organizations and most vendors secure too much too hard, and they devalue the utility of usability too often and too broadly. Corporate execs don’t want to be accused of being soft on security, so they support the bad technology and the IT-as-jail-guard mentality while quietly allowing employees to do what needs to be done to get the work done. (That’s how PCs, the Internet, Salesforce.com, and iPhones got into the enterprise in the first place!)

So we waste time, money, and productivity rather than get realistic about what should be secured and what are the appropriate trade-offs. If you want a competitive advantage for your business, don’t fall into that trap.

This article, “The latest mobile security darlings won’t work either,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Smart User blog. For the latest business technology news, follow InfoWorld.com on Twitter.