Four years ago, in June 2010, Forrester Analyst Michele Pelino wrote a blog post that summarized the top questions that Forrester clients asked about mobile devices and mobile applications. Pelino wrote that in the previous 12 months, 700 of the 22,000 inquiries that Forrester analysts fielded from clients were related to enterprise mobility issues, a jump from 360 in 2007.
The key focus of the 2010 inquiries were mobile applications, mobile devices, and mobile employee segmentation. To put those questions in context, At the time, the iPad was barely three months old, and businesses were still reeling from the impact of the Great Recession. Businesses were still supplying company-owned cell phones for selected employees, and just starting to consider whether or not iPads had a place in the company’s mobile strategy.
Approximately 20% of enterprise mobility inquiries back then focused on mobile devices, operating systems, and device management processes. Most of these questions focused on comparing the benefits and challenges of using specific devices or operating systems. Blackberry was king, trailed by iPhone, Android, Windows Mobile and Symbian.
Another 20% of inquiries for Forrester analysts during the year focused on understanding the profile of mobile worker segments. Forrester identified three mobile worker segments in 2010: mobile information workers who spend a significant amount of time on the road, mobile task workers, who are away from their desks most of the day and use mobile applications to complete specific work-related activities and mobile wannabes who are non-mobile workers such as executive assistants and human resource personnel, but want to use their personal mobile devices in a work setting.
“It is the mobile wannabe segment where significant growth will come from in the future. In the coming year, we expect more inquiries concerning which users should have access to various mobile applications and how to cost effectively deploy these applications and support workers using a range of mobile devices,” Pelino said.
“The idea of calling people who bring their own mobile decides ‘mobile wannabes’ seems outlandish in today’s workplace environment. The way businesses and individuals look at mobile devices is drastically different today than it was four years ago,” says Jared Hansen, CEO and founder of secure mobile printing leader Breezy.
Redefining the Network Perimeter
A decade ago, companies focused on securing the network perimeter. The world for IT was divided into an internal environment made up of secure devices running approved applications – and an unsecured, external environment. A digital wall separated the two environments, and there were policies and procedures in place that were designed to keep out the Internet vandals who were viewed as pranksters targeting company data.
But the corporate network perimeter isn’t what it used to be, Hansen points out. More importantly, the external hackers who want to gain access to company networks aren’t teenage pranksters. They’re organized criminal gangs engaged in corporate espionage, identity theft, and financial crimes.
Add in the fact that employees bringing in mobile devices and nomadic employees who work from a wide variety of unsecured locations outside the corporate network, plus short-term contract employees working within the company’s offices, and you have a network that has no clearly defined perimeter.
So it was no surprise to Forrester analysts that the top question posed during 2013 had less to do with deciding which mobile devices and applications to use than with finding a way to manage and secure the devices that were already connecting to the network – without causing a mutiny by the device owners. In July, 2014, Forrester security analyst Tyler Shields wrote, “As enterprise mobility strategies have shifted from simple BYOD support to the rapid enablement of a digital workforce, mobile security strategies have naturally shifted from a focus on securing the device itself to securing the sanctioned and unsanctioned mobile applications that employees use to best win, serve, and retain customers.
“Today, an effective mobile security strategy must prioritize the security of the dozens, even hundreds of mobile applications in use in the enterprise. Two of the most popular solutions, application wrapping and containerization, provide different approaches to mobile application security, and they each offer very different employee experiences and results,” Shields said in a report called In The Mobile Security Bout Of The Year, App Wrapping Beats Containerization On Points.
Forrester’s Shields spoke at the BlackBerry Security Summit on August 3, and noted that the speed at which mobile devices are penetrating the enterprise is “absurd.” “What we’re talking about is an absolutely absurd pace of change – the speed at which companies are having to deal with new mobile apps, new mobile platforms, and new security threats is simply breathtaking.”
To put it into perspective, Shields looked at the amount of time it took various technologies and applications to reach 50 million users.
- Landline phone: 75 years
- Radio: 38 years
- TV: 13 years
- The Internet: 4 years
- Facebook: 3.5 years
- iPod: 3 years
- Mobile app Draw Something: 50 days
- Mobile app Angry Birds: 35 days
The Future of Security
So what are the problems mobile security must address now and in the future? Shields moderated a panel at the conference that included several experts, including Mark Weatherford, former Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security. Weatherford says that companies are facing four major threat areas when it comes to protecting the mobile devices that access their data. The four threat areas are:
- Network threats.
- Application threats.
- OS threats.
- Physical threats.
Enterprise-class solutions can address the first three, Weatherford said, but physical threats don't get enough attention and are very important. "People are the biggest problem. We can provide all the security tools and security controls that we want, but people tend to circumvent those," Weatherford said.
Tyler said that for most companies, it isn’t the type of attack that matters. “They core of it is to protect the data, regardless of where the threat comes from.”
Breezy CEO Jared Hansen points out that neither IT nor users like complex security systems. “No one wants to remember lots of passwords and processes just to use their devices. Enterprise Mobility Management (EMM) and security solutions have to be seamless, and they have to be simple to use – or people simply won’t use them.” For example, someone who needs to print a document from a mobile device won’t spend much time attempting to print it through a convoluted print solution before they take matters into their own hands and circumvent corporate security measures.
“That’s why we took the initiative to integrate Breezy’s secure mobile printing solution, which is based around on-device security, with all of the leading EMM applications. That way, users have a single sign on and true ease of use, so they can get the job done without added complexity or added security risks.”
The panel at the BlackBerry Security Summit concurs. “The last thing most workers want to do is to be educated about any kind of IT security. They just want to get their jobs done. It’s up to IT and the vendors who supply them to make it simple and smart for them, so that the data is protected without users having to worry about it,” Shields added.