Mobility has become the new normal for computing, but the enterprise is not fully embracing the capabilities of always-on, always-connected, devices as a result of inadequate security tools. In order to improve the capabilities of mobile in the enterprise, the next generation of enterprise mobile security solutions needs to evolve and develop to take control of both BYOD and enterprise-owned mobile fleets.
Is the Enterprise fully embracing Mobile?
But despite the sheer numbers of smart mobile devices that are being used, has the enterprise fully embraced these always on and always connected devices? Whether it is an employee-owned Android smartphone or a company-issued and controlled iPhone, are productivity-enhancing enterprise services being made available to the workforce?
Outside of email and calendar applications, there are relatively few examples of enterprise mobile apps. This is especially the case for organisations that are regulated, financial services, healthcare, government and energy. Unlike the consumer space, where mobile dominates, the enterprise has been slow in replacing desktop-based programs and web applications for managing day-to-day business functions.
So why is this? Goode Intelligence has discovered that there are a number of reasons why many enterprises are reluctant to launch mobile services to their employees. A mixture of technology constraints, security concerns, compliance to regulation and privacy law can have an impact on restricting mobile enterprise services.
Security Concerns
Security is considered to be the number one challenge that is facing enterprise mobility. Enterprises will have a security framework and policy that cover the main aspects of information security; confidentiality, access control, data integrity and non-repudiation.
Ensuring that mobile services comply with enterprise security policies can be problematic especially when you consider the technology constraints that this paper has discussed earlier. This problem can be especially acute with mobile devices operating in a BYOD scheme. This is because an enterprise cannot directly control the purchase decision for every employee and most people are not driven by security when they choose a personal mobile device. Goode Intelligence considers the top five enterprise mobile security concerns to be:
1. Device loss
2. Application security
3. Device data leakage
4. Malware attacks
5. Device theft
The Solution – Next Generation Mobile Security
Enterprises do face a challenge in enabling productivity enhancing applications to be available through smart mobile devices but there are ways in which they can combine the convenience of mobility and strong security mechanisms that meet company security policy and comply with regulation.
Goode Intelligence has covered mobile security since 2007 and believes that next generation mobile security solutions should have the following characteristics:
1. Focus on users
2. Agile Multi-Factor Authentication
3. Mobile Single-Sign- On (SSO)
4. Protect Data
5. Simplified Unified Security
Focus on Users
A next generation mobile security solution should put the user at the centre of its design and must ensure that the user experience is constant whatever the device. Mobile security apps and services should be easy to use and not put too much burden on the end-user.
Agile Multi-Factor Authentication
Strong multi-factor authentication (MFA) is becoming more widespread as a result of industry regulation and vulnerable legacy authentication mechanisms such as passwords. Mobile-based MFA solutions should be suitable for the endpoint and support a number of authentication mechanisms to meet both user choice and enterprise security policy.
Mobile Single-Sign-On (SSO)
If an enterprise user has to authenticate each time they want to access a separate service available on their mobile device it is both inconvenient and insecure. Support for mobile Single-Sign-On (SSO) is essential for a modern enterprise mobile security solution in streamlining access to multiple services from a mobile device.
Protect Data
Enterprise security policy usually dictates that data must be protected when stored and in transit and the mobile device must not be exempt from this. Enterprise data must be protected when viewed on a mobile device by a combination of strong authentication and encryption.
Simplified Unified Security
Next generation enterprise mobile security needs to take a simplified unified approach that blends multiple security features into one solution. This approach meets both the needs of convenience and security and avoids the problem of an organisation having to integrate multiple security tools, often from multiple vendors, into a single unified service.
In order for the enterprise to be able to fully embrace mobile, next generation enterprise mobile security solutions need to offer a simple, unified, solution to enable an enterprise to take control of both their BYOD and enterprise-owned mobile fleet; combining a convenient user experience, agile multi-factor authentication, mobile single-sign-on and data protection in a single elegant solution.
Sign&go Mobility Center from Ilex International is a solution that combines all of the features of a modern mobile security solution without the pain of having to mix and match separate tools into a unified service.