The concept of mobility has changed completely in recent years. The mobile enterprise is not just a business that optimises its website for mobile devices, nor is it one that allows its employees to work from home every so often. True mobile enterprises place mobility at their core, transforming their operations, engaging better with customers and partners, while all the time creating innovative, mobile-centric business models that benefit the bottom line.
As windows into the mobile enterprise, the security of mobile devices (whether smartphone, tablet, laptop or M2M device) is critically important. Indeed if such devices are not protected in the right way, they could well represent a weak link in the armour that protects enterprise systems and data. A good example of this comes from recent Oracle research which in part looked at how well professionals look after mobile devices.
Lost and stolen
Our survey showed that mobile devices are being lost and stolen to a fairly alarming degree – especially by the young. We found that a whopping 73 percent of workers aged between 16 and 24 admitted to having lost their mobile device at least once. Additionally, 52 percent owned up to having had their mobile device stolen on at least one occasion. The research also uncovered a generational trend: among 45-54-year-olds, device theft was reported at just 20 percent and losses at 36 percent.
The loss of mobile devices should give businesses real cause for concern.
Mobile enterprises are agile and productive precisely because they enable access to a wide array of mission-critical systems and data. The worry is that if a mobile device falls into the wrong hands it could be used to access these systems for malicious reasons. With data breaches, hacks and other cybercrimes making headlines every day, concerns over mobile security are rightly high up on the business agenda. These concerns should not, however, stop businesses moving as quickly as they can towards mobility. It means only that they should do so in a way that places security at the heart of everything.
Protecting the enterprise
If the mobile devices that are being used by employees are owned by the enterprise then much of the risk we have just discussed can be mitigated. Businesses can lock down the devices; ensuring that they are password protected and, in case of loss, sensitive information remotely deleted.
However, many workers will be put off using a device at all if it is not one they are familiar with or have played a role in selecting, especially if the usability of the device is hampered by heavy-handed security measures. The danger here is that they will instead use their personal device for work purposes. If the IT department does not know they are doing this, it cannot secure the device and the enterprise could potentially be vulnerable.
With our survey showing that 70 per cent of workers already use their personal mobile devices for work this is a challenge that business must act on now. For a truly mobile enterprise, businesses need to arm workers with the devices they want (preferably their own) and that have compelling, simple user interfaces.
COPE Vs BYOD
One solution to this challenge is COPE. A COPE (Corporate-Owned, Personally Enabled) approach is where the business allows employees, in collaboration with the IT department, to choose the devices and applications they use for work. For many businesses this is a perfect mobile solution as it brings huge productivity benefits while ensuring that IT can maintain control of devices.
Alternatively, businesses may be willing to embrace the trend of BYOD whereby employees are allowed to use their personal mobile devices for work. BYOD can offer significant savings on procurement and network costs in addition to productivity benefits.
To date, businesses employing a mobile strategy have tended to use traditional mobile device management (MDM) platforms to secure the device. The main problem with MDM is that it infringes on one of the key elements of a successful mobile strategy – usability. MDM technologies interfere with the usability of mobile devices by slowing down the user experience. This hinders productivity and can frustrate the user, in worst cases causing him or her to stop using the device altogether.
Security for all occasions
For BYOD and COPE a more elegant approach is required. Rather than securing the device, businesses should instead aim to secure the data, applications and information that the employee accesses through it.
This is a completely different way of looking at mobile security and one that will play an important role in realising the full potential of the mobile enterprise. There are three key enabling technologies that enterprises should be aware of in this respect: mobile application management (MAM for short), mobile information management (MIM) and identity management.
MAM is the successor to mobile device management and encapsulates perfectly the shift in approach to security that I have just mentioned. Rather than locking down the entire device, MAM only extends a secure ‘container’ for application security and control in order to separate, protect, and wipe corporate applications and data. Importantly it does so in a way that does not interfere with usability, making it ideal for COPE and BYOD devices.
In fact for BYOD deployments, MAM is even more compelling as it securely extends all the identity services and policies of the enterprise user to their personal mobile device. The user’s personal data and apps are therefore walled off from all work related data and apps.
For the employer this is a perfect solution. Employees can lose their phones or have them stolen on a regular basis for all the business cares, it costs them nothing (the phone is the employee’s) and their data is completely secure. From the employee’s perspective meanwhile, MAM reassures them that their employer can’t see any of their personal information or restrict what they do with their device.
Beyond the device
Of course, while lost mobile devices represent a key security threat that businesses must be aware of, it is by no means the only one. For example, mobile workers may be inadvertently saving or accessing content via the mobile that might be dangerous to the enterprise if the data falls in the wrong hands. Similarly, data might be intercepted wirelessly through data leakages or breaches, regardless of whether the employee has physical possession of the device or not.
In these cases Mobile Information Management (MIM) looks set to play an important role. MIM secures data at the document level rather than at the application level. The user accesses the document through the application in the usual way but requires access permission to actually view the document. This allows businesses to secure crucial data at a much more granular level, regardless of whether they are deploying a COPE or BYOD strategy.
A final consideration for device and data security is identity fraud. With identity fraud, the mobile device becomes an easy way for criminals to steal an identity and access a victim’s personal services (e.g. bank account) and professional services (i.e. the applications and systems of their workplace). Identity management is therefore a vital component of a mobile enterprise strategy and having step-up, multi factor authentication and authorization integrated with mobile security policies is critical.
A mobile enterprise is a secure enterprise
Mobile devices will get lost; they will get broken; and they will get stolen. But this is no reason for businesses not to embrace their use. Let’s face it: the future is mobile. Employees want to use mobiles devices to free them to work how they want and where they want.
Customers and partners are demanding mobile services and engagement channels. Business managers are looking for new and agile ways of gaining competitive edge. And executives need mobility to ensure future growth and profitability. All of these things are achievable in a true mobile enterprise and they can be achieved with complete security.
Read Suhas Uliyar's first and second parts in the series here: