BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
What are the best security tools for mobile collaboration?
We're talking about collaborating in teams that you may not have a pre-existing relationship with. Are you going to force your MDM on all those devices? Well that's not going to work, right? Managing all those devices is not going to work in that situation.
If I'm malware, and I'm running on this device, can I access data that lives in the context of another application? Generally these devices are pretty secure. The only way to do that is by rooting, jailbreaking, or otherwise getting privileged access to the device. Well guess what, if I'm that clever then I can write malware that breaks the privileged levels of that device and I can probably disable anti-malware as well, right? So anti-malware isn't really going to help you with protecting your data.
Luckily many of the modern mobile devices have pretty good data protection and access control on the device itself.
We [also] have container solutions, we have mobile application management and we have more and more enterprise solutions like enterprise file share solutions that do a very good job protecting the data that is stored on these mobile devices.
But ideally, the user or company would be able to protect the data itself, not just the applications through rights management control -- dictating who can see or alter the information you share and who cannot -- and to do the data protection locally, right on the mobile device itself.
What I really would like is to protect data itself and not care about the applications. Using rights management, for example. If we cannot use that, then we have to rely on, for example, enterprise file sync and share that run[s] on your device to do the access control and to do the local data protection on the device itself. And believe me these solutions are getting better and better at doing so. And forget about managing the whole device because that's not going to work in mobile collaboration.
Move mobile collaboration environment to the cloud
First of all, we use cloud services not only to avoid opening up your internal network but also because many of the cloud solutions are actually well equipped to support mobile devices, to support multiple user groups from different organizations and be very reliably available. The risk, of course, is that you lose control. You have to relinquish some of your own control and trade it with trust.
[But] the best bottom line is to avoid using internal networks all together. Go to the cloud with your collaboration environment.
Cloud solutions remediate the risk of giving remote access… the only thing you have to take care of here is that you trade the risks of giving more access to general applications with having trust.
Secure apps by offering users alternatives
Make sure that you have enterprise alternatives for collaboration applications that have a user friendliness that can actually match the solutions that people get for free. Now it sounds hard to do, right? How can I match the usability of Dropbox? Well you can because you are an enterprise. You can provide for your users a solution that not only syncs and shares files but that syncs and shares files plus gives access to internal home folders, plus gives access to your SharePoint environment, plus integrates with your presence information. You can make a much better solution than the free solutions can. So that's an opportunity.
You can also again… use rights management control to control the data itself. Now I control access to that data irrespective of the application I use. Whether it's enterprise file sync and share or just cloud storage or email I don't care… and I can change the policy at any moment that I want.
From Mario de Boer's presentation on the "Five Biggest Security Issues in Mobile Collaboration" at Gartner's Catalyst Conference in San Diego. De Boer is a Gartner analyst for the Technical Professionals Security and Risk Management Strategies team. His main areas of focus are endpoint and mobile device security, Web browser security, and social media, email and collaboration security. He has more than 15 years of industry experience in security, risk and compliance topic areas, working for enterprises, government organizations and consulting firms.
Put security in the hands of the BYOD user
Six steps to block mobile app security problems
Mobile app security trends
Secure mobile business apps