Most CIOs recognize the enormous opportunities that enterprise mobility offers – including heightened employee productivity; greater collaboration between employees, work teams, and business partners; and opportunities to engage with customers in a preferred channel.
Yet despite the enormous benefits offered by mobile computing, security remains a top concern among the C-Suite. Nearly half of respondents to a study released in July 2014 by The Information Security Community on LinkedIn, an online community of more than 200,000 security professionals, reveals that employees bringing downloaded apps or content with embedded security vulnerabilities into their organizations as well as malware infections rank as chief BYOD (bring your own device) security concerns.
To harden the enterprise against malicious attacks, there are a number of different approaches to mobile security that CIOs can apply.
For years, a common approach to enterprise mobile security has been the use of a mobile device management (MDM) methodology which maintains control over an employee’s device. However, there are a few drawbacks to using MDM as a standalone approach.
For starters, the BYOD movement has resulted in many employees bringing their own personal devices (smartphones, tablets, PDAs, etc.) into the workplace. In fact, Gartner predicts that by 2017, half of employers will require employees to supply their own devices for work purposes.
When employees use their own devices for work, it’s important to remember that these smartphones and tablets also contain personal emails, photos, and other data that are used and stored by each user.
Under the device-specific approach to security with MDM, companies have the ability to wipe all work and personal data from these devices. While the ability to remotely delete sensitive company information from lost or stolen devices is useful for the enterprise, employees are resistant to a company’s ability to lock or wipe personal data from devices they own.
Moreover, MDM is focused on securing devices – not the proprietary apps and data that represent the pulse of the organization. To protect data and apps at the app level, a growing number of organizations are using mobile application management (MAM). MAM can enable organizations to quickly distribute and manage mobile apps.
A holistic approach to mobile security
A hybrid and more comprehensive approach is the blending of MDM, MAM, and mobile information management (MIM) techniques under what’s known as enterprise mobility management (EMM). While all three technologies address specific security concerns (MIM focuses on allowing only approved applications to access or transmit corporate data), each approach is limited to a specific area of concern. EMM applies a more comprehensive and layered approach to mobile security.
As escalating security concerns continue to pose serious threats to the enterprise, a far-reaching approach to protecting mobile assets is needed.
“We need to move past the old mindsets and look at security from a holistic perspective,” says Patricia Titus, Chief Information Security Officer at Freddie Mac in a conversation we had on the topic when she was CISO at Symantec. “In the modern global economy, companies increasingly need integrated, end-to-end solutions that address the challenges created by mobility, cloud, and big data.”
Which security model is best suited to protecting the 21st Century mobile enterprise? Please join the HMG Strategy network discussion to share your thoughts on these challenges and opportunities.