As 2013 progresses, two mobility issues, namely security and collaboration, are becoming increasingly intertwined. Security has always been at the forefront of corporate mobility concerns. However, providing the right access is no longer enough; employees expect to be able to collaborate as they would at their desks. Enabling better interconnectivity -- securely -- will be a hot topic for some time to come.
The need for a secure corporate mobile device environment comes down to a matter of "when," not "if." In its February 2013 report, "2013 Mobile Security Strategies and Vendor Leadership: North American Enterprise Survey," Infonetics claims that it expects that “nearly all enterprises will experience significant mobile device security incidents by 2015.” Infonetics also expects that there will be over 1 million attacks on devices running Android in 2013.
Some analysts expect the urgency of the situation to rouse the industry into action. In its full-year 2012 Trend and Risk Report, IBM’s X-Team makes the claim that mobile enterprise devices should be more secure than ‘traditional’ ones by 2014. The IBM team supports the assertion by stating that the drive to control the security situation will bring about the changes needed and that most of the methods needed are maturing already.
However, there is no consensus on how to come to the X-Team’s more secure future. And while the media’s headlines are currently focused on devices running Android, the problem is much broader. Regardless of the OS, devices, the apps running on them and the corporate infrastructure supplying data all need to be protected. How this protection is implemented depends on each IT department’s choices, and several strategies are currently used.
One security method mentioned by name in the X-Force report and also for different reasons in our recently published Part 1 is BlackBerry Balance, which compartmentalizes the company’s smartphones into corporate and private sections, thus making it easier to control enterprise-supported apps phone use."
Balance also enables companies to ensure that data is not stored on the phone itself. This feature is missing from most Android-based solutions, and the X-Force team focuses on time-based or remote data wiping as an increasingly used method instead. Companies focusing on the greater number of apps available for Android users will need to consider data wiping as an important tool.
Likewise encryption key management in Balance is handled by the server site. This prevents a "man in the middle" attack, as it is impossible even if you have root-access to the device. Blackberry also converts attachments to a company-specific form in order to prevent malware from being attached to documents.
McAfee is just one company taking an approach focused more on a BYOD or multiple-platform supported device paradigm. McAfee Enterprise Mobility Management aims to protect data on the device itself through data wiping -- the partial or full erasing of data on the machine -- at least for devices running Windows Mobile. Android and iOS machines do fall under enterprise control for network access, device firewall and decommissioning.
Come Together, Right Now
The premise of enterprise of mobility is that productivity and decision making rise with greater access to corporate data. However, more and easier contact with colleagues is just as important.
While it makes sense to expect companies to adopt a holistic approach that takes into account enterprise social networks, content sharing and email, much of the actual strategy and implementation is still piecemeal. A survey taken in February 2012 by CIO Magazine and SAP showed that while an overwhelming majority of senior-level respondees see enterprise mobility as "transformational or strategic," only 18% had worked out a comprehensive strategy.
According to the report, 62% of corporate mobile app development will have some in-house component, which leaves at least the fine-tuning of the app in an ad hoc state.
Seamless Enterprise Collaboration
In a BYOD environment being able to do something such as finding a meeting time for a dozen coworkers is on the horizon at best. Companies know that they want to import the social experiences found outside of work into the mobile office, but while access to company figures by the sales team is easily imagined, the need to get to a corporate wiki or knowledge base from a mobile device is just now being perceived.
At this time, enhancing corporate collaboration seems to be an open-ended process. While security developments could realize the IBM X-Force prediction that mobile devices will be better protected than traditional ones by 2014, this is because of the urgency of the situation. Solving collaboration headaches is not at the same point, and integrating potential solutions into a strengthening security environment may be a challenge precisely because of the greater maturity of the protection issue.
Title image courtesy of watcharakun (Shutterstock)
Editor's Note: Read more about mobile enterprise security in Debunking Five Mobile Security Myths