As the age of desktop computers gives way to that of mobile devices, mobile computing is undergoing rapid change. The technology is of course increasing in sophistication, and among enterprises the focus has shifted from mobile device management to enterprise mobility management. Malware is evolving, and antimalware tools are being developed to address the changing threats. In addition, the network perimeter has eroded, but policies must still be enforced and privacy protected. With all of these dynamics at work, CIOs need to set strategy for securing their business' mobile systems with an established mobile security framework.
In this webcast, mobility consultant Bob Egan outlines the business economics of mobile security and explains the balance between doing too little, too late and doing too much, too fast in deploying a mobile security framework.
Editor's note: The following is a transcript of the third of four excerpts of Egan's webcast presentation on mobile security. It has been edited for clarity and length.
We all want to get ... better business economics, and we all want to drive through accelerated business velocity and gain more and more wallet share. But at the same time, some organizations have to make this balance between being too tactical and doing too little, too late so that the competitors are able to attack them. Maybe the security parameters aren't right and the malfeasants are all over them. And every day we wake up to new breaches that we needed to adjust to. ...
And then if you do too much, too fast you take on a different sort of risk. And so maybe that's investing in an unproven security technology or an unproven architecture, where you haven't spent enough time vetting that in a way that allows you to make sure that what you're investing is exactly what you think you're investing in. One of the shortfalls that I see quite often has to do with people using third-party calls, APIs, to outsourced vendors, only to find out that a lot of these application interfaces and SDKs begin calling home and all of a sudden enterprise data is being distributed and resold into places that nobody really has any visibility [of]. And that's really not good practice, and it's becoming more and more of a surprise to a lot of organizations as they race to build applications and mobilize their businesses.
So, there's definitely an evolution of IT infrastructure that needs to take place, but I think in the same way that we probably saw a lot of companies rushing to extend some desktop functions too quickly or enable new processes via mobile, we also need to take a close look at how do we -- thinking about what are the stage bets -- minimize our risk, maximize our return, and the time frame is well within sight, certainly well within the year? And then [take] a look at the stage bets, which have a longer time horizon. Maybe you're taking out a little bit more risk across the entire security and application development and architecture portfolio, but you could still define in a year or so what success would look like and how to measure what that success is. Then you can also take a look at what ... the bigger transformative disruptors [are] and what that might look like for your organization, and balance risk versus reward, accelerated business velocity versus the better business economics that you're trying to get to.