Four Trends In Mobility Show Why Security Must Be On The Forefront Of The IT Agenda

By Ojas Rege, Chief Marketing and Strategy Officer, MobileIron

Ojas1If there was any doubt that mobility has become a mainstream way of work in business, consider this: the research firm IDC expects mobile workers will account for nearly three quarters of the total U.S. workforce by 2020. Organizations from every industry appreciate the value of increased productivity when people essentially become “anytime, anywhere” workers.

 

But it’s a very tumultuous time right now for IT and mobile because there is so much happening from both the technology and regulatory perspectives. There are four trends in mobility that are certain to be very impactful to business.

 

The first of these trends involves what is happening from an application security perspective. As businesses not only accept but actively promote mobile as a way of work, they stress that security has to be a built-in element to every application. Historically this was left up to application developers to achieve as they saw fit, and as a result, we’ve ended up with millions of mobile apps that all have different security methods. It’s total chaos for IT organizations that want to deploy hundreds of mobile applications where each of them is managing security in its own preferred way. Or worse, not at all.

 

In recent years, Apple, Google and Microsoft have made a strong effort to build more security functions into their mobile operating systems—iOS, Android and Windows 10, respectively. Now there is an industry effort underway to encourage the application developer community to utilize the security and configuration methods build into the OSes. The industry community AppConfig.org was launched in early 2016 to promote and provide best practices around how application developers should use the OS-native security and configuration tools that are available to them. These tools standardize and simplify the approach to mobile app security and allow developers to simply focus on making great apps.

 

A second major trend is the move to cloud that is very specific to mobile. People on a mobile device don’t want to use a web browser to access a cloud-based application. This makes for a poor user experience. Thus the major enterprise cloud services are building mobile apps as the preferred front end into their back end cloud services. A classic example is Salesforce1, the mobile app for Apple and Android platforms.

 

Having such an app on the device means that workers will now have really proprietary and confidential information on the device itself. The app-to-cloud security model requires user trust but it also requires device and app trust. Businesses must make it an integral part of their security stance to ensure that both the mobile device and the app on the device are secure before passing the user authentication request to the identity and access management system in order to access the cloud application. This is critical to build trust all around and ensure that data is well protected, even on a mobile device.

 

Trend number three is the convergence of desktop and mobile that has accelerated since the launch of Microsoft Windows 10 a year or so ago. For the past decade or two, PCs were secured by installing a system image on them and managing that image with desktop management tools. Gartner now believes that, beginning with Windows 10 devices, PCs will be managed and secured by enterprise mobility management (EMM) solutions.

 

This is a momentous shift in PC management strategy that goes beyond technology. Companies that have built different teams to manage PCs and mobile devices – and this is common in most enterprises – will eventually merge the device management tasks of the two platforms and utilize one set of processes and tools. This change has the potential to be quite disruptive to the working groups within IT departments, and forward-thinking enterprises will begin planning for the changes now.

 

A fourth trend to mention is the changing regulatory environment. This past February, the attorney general of California released a report indicating that the CIS Critical Security Controls are now considered the minimum security requirements for companies that operate in California. In addition, the Center for Internet Security released a companion document to the 20 controls that is basically a mobile version of the controls.

 

For California and other states might that follow suit, the baseline for security is moving from discretionary to being a core part of the governance and compliance model. As companies further immerse themselves in mobile computing, the requirements for security at every turn will drive how mobility evolves in business.

 

Until now, mobile security has largely been an afterthought for many organizations. These four trends clearly show it needs to move to the forefront of IT agendas.