Use of mobile devices in the enterprise has forced those in charge of maintaining the integrity of business networks to consider new security strategies and new tools. All the old assumptions about how to protect endpoints have been under challenge.
For one thing, IT often has little or no say over the type of device connecting to the network – let alone what applications are being deployed or what other resources users are connecting with. Plus, workers are ever more resistant to rules and regulations. Consequently, the threat picture continues to only grow.
Of course, organizations aren't standing still. Device makers are recognizing – belatedly perhaps – that they need to do more. Vendors of all stripes are offering a spectrum of technology solutions. And, rather like parents watching teenagers getting behind the wheel, IT and security organizations are adjusting to a different style of management and control.
Not so long ago there were plenty of reasonably secure mobile devices. BlackBerry, in particular, was a staple for a decade, notes Andrew Braunberg (below), research director at NSS Labs, an Austin, Texas-based analyst firm. However, when the new wave of technology with increased usability and functionality – epitomized by the iPhone – hit the market and the price points came down, making it a mass phenomenon, everything changed. The early adopters of many of these tools were C-level people so IT's ability to enforce security practices quickly eroded. “You can't say to someone at that level that they can't access the network with an iPad or iPhone,” says Braunberg.
The trend has been happening in parallel with personal cloud adoption, where almost everyone has a Dropbox account. Both are waves we still haven't recovered from, Braunberg says. “IT has lost those fights,” he adds. Still, although Braunberg admits there is “no cure yet,” technology and the market are evolving rapidly.
Initially, the main focus for mobile security was on securing the device itself. Mobile device management (MDM) players offered a range of solutions, Braunberg says.
Jon Oltsik, an analyst with Milford, Mass.-based Enterprise Strategy Group, agrees: Everyone looked first at device security and that's where the MDM players grew up, he says. “In general, this was about establishing secure device configurations, device authentication, application controls, etc.”
However, after this basic housekeeping, most companies increase focus on protecting the local data on mobile devices, usually with MDM providing encryption and remote wiping in case devices are lost or stolen, he says.
Today, notes Braunberg, while MDM offerings typically include a good selection of cool features, “many of those capabilities are rapidly moving to the mobile operating system, making MDM a less critical play.” For instance, he notes, “Apple is being fairly aggressive in moving security features into its operating system.” Android devices will likely follow. As those features get built in, the focus will switch away from securing the device because it will inherently be a lot more secure, he says.