The evolution of mobile computing is underway, with changes on several fronts. Mobile technology is becoming more sophisticated, but malware continues to spread. The perimeter of the network is disappearing, but companies still need to apply mobile policies and protect devices. CIOs have a greater need to protect business systems against mobile threats while also exploring ways to meet customer and employee demand for greater mobility.
In a webcast from our sister publication SearchCIO, mobility consultant Bob Egan explains why mobile security and mobile information management should be the top investment priorities for companies.
This is a transcript of the last four excerpts from Egan’s web presentation on mobile security. It was edited for its length, with the aim of offering clarity.
The world of mobile security from a tactical point of view … is a high priority. The attack vectors presented continue to increase. But at the same time, we, as individuals, are increasingly apathetic towards security. We want our workplace, we want, as consumers, that the companies with which we do business keep us safe. We want to trust. And so, this puts new priorities and new approaches that we should be thinking about in terms of security.
Now, some of the baselines began with the management of mobile devices. And I really believe that there is still a need for such a security baseline. It has become very cheap, there has been a lot of consolidation in this market, and there are a lot of good companies operating in this market. It provides seamless device control, forces to include encryption, and is not necessarily replaceable by existing mobile application management schemes. But I think it’s a good place to start, and then we start thinking about other schemes. And one of those – perhaps one of the best, most tactical – is the management of mobile information, because at the end of the day, it is about securing the information: how to access it, how it crosses the network, how it is at rest, how it flows through its data centers and its networks, how people are authenticated.
Information is the most valuable asset. It allows you to apply prudent policies. This is especially true when thinking about the most regulated industries such as financial and health services, using things like Secure Content Locker and understanding the policies of who, what, why and when. And it can also provide some policy-based avenues that have a lot to do with the location, with people flying to a particular area or accessing during a particular time of night, which can trigger a new type of security flag that which would not have visibility otherwise, and then you can review how the evolution of those policies is supposed to be.
With the remote access of laptops, it was to make a connection to the VPN, and I think … some companies live under great illusions that it is possible to translate the metaphor of that portable remote access in the mobile world. And in the case of mobile phones, the principle of deploying a solution is really the easy part. The difficult part is to follow that evolution, continue investing, keep looking at the horizon of this set of fast technologies, especially if it is considered coupled with the cloud and the internet of things (IoT) and with all the analysis we offer around this.
Therefore, mobile information management is really the core and also joins the concept of identity management. Therefore, I think we have to be thinking about the command and control costs between platforms associated with security, which are driven by MIM and MDM. And we have to examine how can we add the performance? How do we take that information, use the information we have obtained from the analytics? How do we build applications? How can we create identity and policies around that identity? And what does that mean for access, and how do we build the agility in the networks we want for our workforce, to boost the capabilities and desired business outcomes we want within our organizations?
I think it is also about corporate reputation management. Many people do not think about this, but when you are making these architectural changes and developing cloud strategies, mobile strategies, social network strategies and smart systems strategies (which is another word I use for IoT), you are generating digital exhaustion so much inside your company and abroad, for your consumers, your partners and all your staff. And so as these investments are made around security, access, collaboration, decision making, etc., this digital escape is created. And at the same time, this reputation management challenge is created, which I think is very new. So you want to take a very close look at what that means, what you want it to be and the life cycle associated with digital escape because it is real. I think more and more companies need to pay much more attention.
Beyond the device … it’s really about developing a pedigree of applications and about security and information management, it’s not so much about the device. I think it’s about building end-to-end analysis, not only from what we can learn about our workforce or about our consumers or about the people who are linked to these systems. But it’s also about how to do a better job in creating customized and contextual solutions that deliver high performance across a wide range of networks – proximity-based systems such as Bluetooth low energy, but also over Wi -Fi, and some of these wide area networks, no doubt 4G today and 5G in the future.
I think there is a lot of debate about different styles of operating systems and different tools and the way we build applications, but my advice is to treat all mobile devices as hostile and create infrastructure to manage information and manage access. And don’t be afraid to fail because at the end of the day you will fail. Everyone does it, and you really have to learn from it, pick up the pieces and move fast.
So, the key points that I would like to leave are:
• Mobility is really the new platform for innovation of scale and investment from an architectural point of view, but also as the edge of that workplace and the security perimeter is redefined.
• Prepare for an explosion in network consumption. I have shown some of the growth data and we do not expect to see growth slow down. Rather, it is expected to accelerate over the next four or five years.
• If you have not already done so, it is really time to start modernizing your back office to be at least as agile as the people who will use it.
• Success in digital business is not just about providing security, but about gaining confidence by ensuring and protecting security.
• Think about changing your asset mix. [Consider] the contrast between traditional companies and new idea companies to create the highest value, especially in the return of assets and the return of people.
• Use business analytics and intelligence to be more predictive and deterministic, not only in the services you provide, but also in the way you … protect information, provide trust and leverage the capital associated with the data that comes from This evolution mobilized.