The mobile computing evolution is underway, with changes on a number of fronts. Mobile tech is becoming more sophisticated, but malware continues to propagate. The network perimeter is disappearing, but enterprises still need to enforce mobile policies and protect devices. CIOs have a greater need than ever to protect business systems from mobile threats while also exploring ways to meet customer and employee demand for greater mobility.
In this webcast, mobility consultant Bob Egan explains why mobile security and mobile information management should be top investment priorities for businesses.
Editor's note: The following is a transcript of the last of four excerpts of Egan's webcast presentation on mobile security. It has been edited for clarity and length.
The world of mobile security from a tactical standpoint ... is a big, top priority. The attack vectors that are presented continue to increase. But at the same time, we as individuals are becoming more apathetic toward security. We want our workplace, we want as a consumer, companies that we do business [with] to keep us secure. We want to trust. And so this puts new priorities and new approaches that we need to be thinking about in terms of security.
Now, some of the baselines started with mobile device management. And I really think that there's still a need for that baseline security. It's become very cheap, there's been a lot of consolidation in this market, and there [are] a lot of good companies operating in this market. It does provide seamless device control, it forces encryption to take place, and it's not necessarily replaceable by mobile application management schemes that are out there. But I think that it's a good place to start, and then we start thinking about other schemes. And one of those -- perhaps one of the best, most tactical -- is mobile information management because at the end of the day, it's about securing information: how it is accessed, how it traverses the network, how it is at rest, how it flows through your data centers and your networks, how people are authenticated.
Information is the most valuable asset. It allows you to apply prudent policies. This is especially true when you think about the more regulated industries of financial services and healthcare, using things like Secure Content Locker and understanding the policies of who, what, why and when. And it also can provide some policy-based avenues that have a lot to do with location, about people flying into a particular area or access during a particular time of night that may set off a new kind of security flag that you otherwise didn't have visibility of, and then you can revisit what the evolution of those policies have to be. ...
With remote access of laptops, it was a "one and done" with VPN, and I think that ... some companies [live] under grand illusions that we can translate that laptop remote access metaphor into the world of mobile. And in the case of mobile, the beginning of deploying a solution is really the easy part. The hard part is keeping up with that evolution, continuing to invest, continuing to look over the horizon of this very fast-paced suite of technologies, especially when you consider them coupled with cloud and IoT and all of the analytics that we wrap around this.
So, mobile information management is really the core and it also gets tied into the [concept of] identity management. So, I think we need to be thinking about the cross-platform command-and-control costs associated with security that are driven by MIM and MDM. And we need to be [examining] how do we add up performance? How do we take that information, use the information that we gained from the analytics? How do we build applications? How do we create identity and policies around that identity? And what does that mean for access, and how we build the agility into the networks that we want for our workforce, to drive the capabilities and the desired business outcomes that we want within our organizations?
I think it's also about managing corporate reputation. A lot of people don't think about this, but when you're making these architectural changes and developing cloud strategies, mobile strategies, social media strategies and smart system strategies (which is another word that I use for IoT), you're creating digital exhaust within your company and external to your company, to your consumers, your partners and throughout your workforce. And so as you're making these investments around security, around access, around collaboration, decision-making and so on, you're creating this digital exhaust. And at the same time, you're creating this reputation management challenge, which I think is very new. And so you want to take a really close look at what that means, what you want it to be and the lifecycle associated with digital exhaust because it's real. I think more and more companies need to pay a lot more attention to it.
Beyond the device ... it's really about developing an application pedigree and about securing and managing the information and less about the device. I think it's about building in end-to-end analytics, not just because of what we can learn about our workforce or about our consumers or about people that are attached to these systems. But also [it's] about how [to] do a better job at creating contextual, personalized solutions that deliver high performance across a diverse range of networks -- those that are proximity-based systems like Bluetooth low energy, but also through Wi-Fi and some of these wide area networks, certainly 4G today and 5G in the future.
I think that there's a lot of debate around different operating system styles and different tools and the way we build applications, but my advice is to treat all mobile devices as hostile and build infrastructure to manage the information, manage access. And don't be afraid to fail because at the end of the day you're going to fail. Everybody does, and you really have to learn from it, pick up and move fast.
So the takeaways I'd like to leave you with [are]:
- Mobile really is the new platform of both scale and investment innovation from an architectural standpoint, but also as you redefine the edge of that workplace and the security perimeter.
- Prepare yourself for an explosion in network consumption. I showed some of the data [around] growth and we don't expect to see that growth slowing down. If anything [it will] accelerate over the next four or five years.
- If you haven't already, it's really time to start modernizing your back office to be at least as agile as the people that you expect to use it.
- Success in digital business really is about not just providing security, but earning trust by securing and ensuring safety.
- Think about shifting your asset mix. [Consider] the contrast between traditional companies and new-idea companies to create the highest value, especially on the return on assets and the return on people.
- Use analytics and business intelligence to become predictive and deterministic -- not just in the services you provide, but in the way you ... secure information, provide trust and build on the capital associated with the data that comes from this mobilized evolution.