Listen
The latest wave in the tide of internet revolution has been the amazing spread of mobile devices and the gradual closing of the gap between the personal computer and mobile telecommunications. Thanks to the global proliferation of smartphones and their associated networks, mobile devices are now ubiquitous in developed countries and elsewhere as personal information resources. We are now witnessing the inevitable movement of mobile devices from personal uses to work and business applications as mobile information technology gradually supplants the old wired model and the division between voice communication and the internet. With this change comes an inevitable rise in the security risks that businesses must face.
As their employee's lifestyles change and increasingly integrate mobile devices, businesses can no longer resist the incorporation of mobile devices into company workflows. Where companies once were able to see security exclusively through the lens of company IT systems and internal gate-keeping, they must now cope with the security situation on every individual employee's mobile device, insofar as these devices are used for work.
However, in what's being called the "Bring Your Own Device" era, the old monolithic enterprise solutions may no longer be adequate. But what are the alternatives to centralized gate-keeping on the command and control and risk avoidance models? These days, security companies are talking in terms of "risk mitigation" and focusing on the control of data loss and hacking. These two elements of the growing mobile security consensus suggest the following:
- It would be both too expensive and simply counter-productive to attempt to police every employee's personal device with the old methods.
- With mobile devices, loss of sensitive data (including data which enables hackers) is a far more significant issue than malware infections of company IT systems.
For better or worse, businesses have decided that the most cost-effective approach for the mobile device era is to permit employees to use their own, personal devices for business purposes, and vice versa. This allows the company to save money on furnishing devices and permits security measures to be concentrated on the points of access from device to company systems. On the one hand, this improves the security situation by mitigating the risk of employees introducing malicious software into company systems, since their activity is confined to personal devices which access company resources remotely.
On the other hand, this means that these points of access, and the data they carry, are now duplicated across many privately-owned and uncontrolled devices. Needless to say, the risk of hacking is also inevitably increased by the BYOD model. Since companies can't control every personal mobile device, yet need to grant their employees access through these same devices, the security situation has become significantly more complicated than in previous years.
Unsurprisingly, a number of players in the IT security world have stepped forward to meet this challenge and offer enterprise mobile security options, many of which focus on the risk of data loss and hacking. While approaches differ from provider to provider, the elements of the new security consensus seems to be common to all. That is, these mobile security solutions are focused on the realities of BYOD workplaces, in which restricting user activity is counterproductive or simply impossible and the threat of malware is considered less serious than hacking and data loss. In general, this can mean automating things like regulation of device security parameters and deletion of company information, monitoring and control of the apps used for company access or adaptive solutions that update risk profiles of individual devices in real time.
Lookout, for example, has partnered with Samsung in order to fine-tune their security methods to this particular provider's newer Knox devices and tap into their already large base of users. In principle, a company could subscribe to the Lookout service, and by either providing Samsung smartphones or requiring that employees use them, have access to a pre-packaged mobile device security suite without needing to adapt their policies to different devices.
Marble Security, by contrast, has aimed at multi-platform solutions that companies can use to regulate different kinds of smartphones, although obviously with more fine-tuning to cope with the variety of employee devices.
Fixmo's approach to enterprise mobile security points directly to the limits companies face in restricting BYOD employees, frankly admitting that regulating OS choices, passwords and other issues is impossible with centralized IT security solutions. Solutions from this company include software that creates encrypted containers for company data on employee devices, automated device locking services and tools for companies to centrally manage standardized access apps.
Featured images:
Jeff Oxley is a business marketing consultant that helps enterprise companies adopt high technology.
