Mobile security is becoming a lot more than providing data kill switches, containers, and enterprise app stores to secure BYOD devices. As big data starts streaming into containers on-demand and mobile software encompasses more “smarts” with things like mobility-on-demand, IT shops need a stronger, better mobile security arsenal to keep company data safe. Here is what your company is facing next on the mobile front.
In the first round of mobile computing’s boxing match with desktops, mobile apps landed some devastating blows. In a one-two breath-sucking punch, apps pummeled both the mobile Web and desktop applications. It became clear that the lightweight mobile would soon deliver a final knock-out punch to the heavyweight desktop champion.
But then the next round began wherein enterprises battled mightily to protect their data against jail-broken devices and rogue consumer apps. CIOs came out of the corner swinging hard with enterprise apps, app stores, and containerized data. Those are some great moves, but there are more rounds to go.
Here’s how and where the next round is being fought and the blows you need to throw and land to win.
Mobile faked us out. We thought we had it mastered and down for the final count. We hit it with remote wipes, app use governance, ironclad corporate usage policies, and two-step verification for user access… and down it went. But it didn’t stay down long. Mobile computing got right back up and made a quick dodge, foiling our efforts again.
Today, mobile computing is morphing from a purveyor of siloed apps and rather sickly mobile websites into a data-exchanging behemoth. Data is no longer just pulled to the device but pushed out as well, often without the user’s awareness or control.
In other words, IT managers no longer only have to worry about hackers riding into the datacenter on the back of requests for data from users, or their capturing enterprise data residing on the user’s device. Now we also have to worry about the data being collected about the user by the likes of Google, Facebook, and mobile apps of all kinds. Device microphones, cameras, and GPS systems all can be tapped and the data collected by more people and companies than we can easily count. It’s no longer a question of the applications your users decide to install, but the data collected and shared by those mobile applications.
That was an underhanded blow. No one suspected how far the data would travel. Data on where key employees travel, shop, or visit online, or what they email, text, IM and share could be (and often is) enterprise data that shouldn’t be open information. So now we have to figure out how to go about securing that information too.
Unfortunately, that wasn’t the last move mobile would take to challenge our defensive skills.
Big data is a maneuver anyone can use so, of course, we in IT use it too. What better way to make our mobile warriors more efficient than to arm them with big-data-fueled apps? Democratization of data is the battle cry, after all.
However, tapping into the Big Data craze means we have to provide not just enterprise data to users but also external data. That means IT is pumping someone else’s data (sometimes complete with malware) into our highly protected, often containerized enterprise data on the user’s mobile device. In other words, we spent all this time trying to keep others out of our data – and now we’re both inviting in others’ data and mingling it with our own enterprise data.
In our fight to secure data on mobile, this is a bit like punching ourselves in the face. So now what? Hold on and try to catch your breath, because the next punch is coming right up.
Wait! you might say (or rather gasp, at this point), mobile and mobile-on-demand is the same thing, isn’t it?
No, actually it isn’t.
You see, mobile computing is changing its game. It’s no longer an extension of the office or a tool with which the user can observe the world. Now mobile technologies are the means for the world to observe the user and the actual interface between everyone and everything in the world.
Take, for example, mobility-on-demand. Mobility-on-demand connects all forms of transportation to treat them as though they were a single system. This differs greatly from a user using one now-antiquated mobile app to summon one mode of transportation (a taxi or an airline for example). In mobility-on-demand, one app can summon any form of transportation, no matter who owns or operates any given mode.
The first city to undertake such an effort is the Finnish capital, Helsinki. An article in The Guardian describes that effort this way:
“Subscribers would specify an origin and a destination, and perhaps a few preferences. The app would then function as both journey planner and universal payment platform, knitting everything from driverless cars and nimble little buses to shared bikes and ferries into a single, supple mesh of mobility. Imagine the popular transit planner Citymapper fused to a cycle hire service and a taxi app such as Hailo or Uber, with only one payment required, and the whole thing run as a public utility, and you begin to understand the scale of ambition here.”
The city is working to have that system in place and fully functional by 2025. This would make car ownership inefficient in the Finnish capital; it also would mean, according to the Guardian article, “hundreds of thousands of riders looking to coordinate transportation, specifying pick-up points and formulating optimal routes.”
This is not the only kind of innovative and mobile intensive efforts that smart cities are taking on. As cities around the globe become smarter, every citizen’s mobile devices increasingly become central to accomplishing anything. Along with this comes new hacker and automated data collector opportunities to access data on these devices too – including, possibly, your company data.
As your mobile workers move around the world, you’ll need to be prepared to deliver the support they need to function in each of these environments, while also protecting your data and datacenters at home base.
In order to secure your data on or accessed by mobile devices, you need to first understand that these are not things that might happen but things that are happening. Mobile computing is widening its maw to consume more data and more forms of data than anything we’ve dealt with in mobile before. And it’s pushing and pulling and punching in every direction.
End-point protection and corporate data governance will become even more vital than it is today. Scalability and flexibility in both will be extremely important. Choosing a vendor will also take on heightened urgency, since you need a product and support to meet each of these challenges as they arise and wherever they occur.
This next round is the toughest yet. Keep your gloves up, your elbows tucked, and your end-points protected. The bell has already rung.