Joseph Schuldhaus, vice-president of IT for Triple Five Group of Companies
Read how Joseph Schuldhaus, vice-president of IT for Triple Five Group of Companies, balances the needs of mobile device users with the imperative of securing the network.

Canadian CIO Point Of View - Sponsored by Cisco

West Edmonton Mall installed and operates its own Wi-Fi infrastructure, treating it as a strategic benefits and analysis. Between mall tenants, hotel guests, shoppers and mall staff, the mall’s network gets as many as 10,000 devices connecting to it every day.

At West Edmonton Mall, we installed WEMiSphere – our own Wi-Fi infrastructure. Rather than going with a carrier/cable operator we felt operating our own wireless service was a strategic benefit and advantage. We first launched WEMiSphere about eight years ago, well before smart phones took off. Much of the demand originally came from hotel guests, business travellers, and those tenants in the mall that needed Wi-Fi and Internet access. Now, we get as many as 10,000 devices a day connecting to the WEMiSphere network.

Owning and operating our own wireless infrastructure allows us to provision different SSIDs for different classes of users. For example, one for hotel guests, one for mall security, one for operations, etc. – each with different service level agreements.

I think that one has to be very cautious when exposing sensitive business data to mobile devices. You need to align the security model with the stakeholder mobile profile and data sensitivity. You need to ask what are the security requirements around that data, what are the authentication requirements to ensure you’re properly identifying both the mobile device and the user and placing them on the right subnet, VLAN, or VPN. You need to ensure that storing of personal data (such as holiday photos) on the device doesn’t then prohibit people from the timely reporting of a device as being lost, misplaced, or possibly stolen (in fear that they will lose that personal data once the loss is reported and the device is wiped). This is perhaps the biggest obstacle to BYOD. I also think that the device should be as “thin” as possible. Whenever possible, I.T. should refrain from storing information directly on the mobile device. If sensitive data is stored on the device then strong encryption should always be used.

Unfortunately passwords/PIN codes alone are a very poor security model. The identification and authentication of the device itself is becoming a bigger part of the security model. But I think we are going to see a lot more options with biometrics, whether that’s facial recognition or some other means of better authenticating users on the device. I think those will be tremendous improvements for companies that are trying to balance the need for mobile access to sensitive data with the increased security risk associated with provisioning mobile access to their stakeholders.

More CIO Insights

 

How do you balance the protection of your systems with the need to offer open mobile access to a multitude of devices?

 

Canadian CIO Point Of View
Read how Joseph Schuldhaus, vice-president of IT for Triple Five Group of Companies, balances the needs of mobile device users with the imperative of securing the network. Learn More

 

 

The private cloud goes prime-time

 


Many Canadian organizations first virtualized their data centres and set up a “private cloud” that kept data and compute resources in their own domain. This Debate will examine how IT leaders determine the right path to success. Learn More

 

Watch Candid IT Conversations with TD Bank, OCAD U and more

 


CanadianCIO TV is an ongoing Web series where we talk across the entire C-suite to explore how executives can successfully move through each stage of a project cycle. We’ll offer pointed advice and actionable takeaways that you’ll be able to apply in your own organization immediately. Learn More