Before organizations needed to protect the business data their workers access on smartphones and tablets, they had to — and still do — protect the data employees use on laptops and PCs. So why not use those same endpoint security tools to protect mobile devices?
Two main things: the way people use mobile devices and the way mobile devices are built, said Gartner analyst Dionisio Zumerle, co-author of the recently updated report “How Digital Business Reshapes Mobile Security.”
“The traditional management models just don’t fit mobile,” Zumerle said. “You have the way that people use their mobile devices — that promiscuous way, if you will — that they use mobile devices with personal and business.”
Users are “promiscuous” on mobile devices, Zumerle said, because they’ll just as soon as use a reporting tool to prepare a business presentation on their smartphones or tablets, for example, as they will post a picture of an Independence Day picnic with their families on Facebook. Mobile devices make it easy not to discriminate.
That doesn’t happen as much with laptops or PCs, Zumerle said, “maybe because people don’t consider a laptop that personal.” Or it could be because most of the personal activity that is done on laptops — email, scrolling through Twitter or Instagram, or shopping on Amazon — happens in browsers.
Lack of oversight
Another reason traditional tools don’t work can be traced to the architectural differences between traditional devices and mobile devices. For example, laptops and PCs have been built to do things like track user activity. And if anything untoward is going on, they can be locked down.
“With certain agents on the device, you can pretty much see a lot of what’s going on, on the device and a lot of what the user is doing is with the device, with the enterprise data on the device,” Zumerle said. “And that’s something that you cannot do on mobile devices for technical reasons.”
What most companies today are using to manage and protect mobile devices, a panoply of enterprise mobility management tools, do allow organizations to see some, but not all, of what a user is doing on a mobile device. And there are newer tools, such as cloud access security brokers, that will send a warning to someone trying to, say, access a free file sync-and-share service such as Dropbox. So someone trying to move two gigabytes of data from a mobile device won’t be in stealth mode.
“Still, it’s difficult to see what data was that two gigs of data,” Zumerle said. “Just pictures from my birthday party? Or was it real enterprise data from customers?”
Dionisio Zumerle discusses the trends that are shaping mobile security today and how to get started on a strategy in this SearchCIO interview.