I’ve recently done several webinars that hit directly on the issue of the evolving nature of mobile enterprise security and the now non-trivial emergence of mobile application management (MAM). The webinar presentation that I created for one of these events, Managing Mobile – Now and in the Future is, I think, worth downloading and taking a spin through. It’s also embedded at the bottom of this blog post.
The presentation offers a perspective that is to some fair degree outside the still-common mainstream thinking on enterprise mobile security. My goal here is to provide a quick overview of my thinking – much of it derived from recent research I’ve conducted and reported on in several Blue Hill research reports.
I also spent some time recently discussing MAM during a episode of the Life in the Mobile Enterprise (LiME) podcast. The host of the show, Tiffany Early (who of course claims she is always late to meetings) and I go into some depth on MAM and enterprise security perspectives that I’m only going to touch on briefly in this blog post. Listen in!
To make a longer story shorter, the crux of the matter is that today’s enterprise mobile world now deals with enormous numbers of users, including a rapidly emerging “extended enterprise” that reaches outside of a company’s workforce via mobile apps to include contract employees, partners, and, in many cases, business customers. These mobile users are now using many mobile apps and newly mobile-extended versions of legacy enterprise apps (e.g. CRM, ERP) that require access to exploding amounts of usually sensitive corporate data.
One particularly thorny issue – the potential for breaches of that highly sensitive corporate data – was well-documented in 2014 and throughout 2015. The exploding use of mobility and the anytime, anywhere 24×7 need to access this same data exacerbates the problem tremendously.
The common mainstream thinking on mobile enterprise security I referred to above refers of course to the yet-extant notion among a still-majority number of enterprises that mobile device management (MDM) continues to offer the best mobile security and best mobile data security platform. Let me just put it in plain English – it doesn’t.
In our current age of rapidly proliferating mobile devices and the desire of enterprises to create work environments that are now quickly moving to create “mobile-first” environments, there is a conundrum that requires addressing: if enterprises want their employees to take a mobile-first approach in terms of the hardware they primarily use throughout the workday, then these same enterprises cannot primarily make use of a mobile security platform that first and foremost looks to shut down devices as its primary means of securing those devices if they are lost or stolen. MDMJ focuses on mobile hardware as the means to mobile security, not on the mobile apps and access to corporate data.
I won’t go into the many issues that concern me with utilizing MDM as a modern day security platform here – but I do recommend reading through some of the reports I’ve provided links to as related reading. I go into significant depth not only on the issues with MDM but also on the benefits of both enabling a powerful top-down and centralized mobile enterprise security strategy and the means to getting to that top-down strategy.
Large scale mobile security hinges in great part on ensuring two things – a powerful underlying security platform that is easy to deploy and utilize from the enterprise side, and a powerful underlying security platform that stays entirely out of the way of mobile end users. There are many issues surrounding the “how” of delivering a highly effective mobile security platform that also delivers on delightful user experiences. The webinar presentation focuses on how and why MAM is able to solve these issues, includes overviews of who the key business stakeholders are that must drive MAM solutions, and provides an overview of the ultimate benefits of taking a MAM-based security approach…today.
As with MDM, the related reading I’ve provided dives deep into and goes well beyond everything touched on in my webinar presentation and in the LiME podcast discussion I noted earlier. Here is a summary – and a checklist – of the essential MAM attributes to include in any MAM-driven mobile security strategy.
Granted, there is a great deal of complexity to unpack from this admittedly incomplete checklist. For that you will need to refer to the research reports.
The important takeaway from this blog post on the other hand is exceedingly simple – start building a MAM-driven mobile enterprise security strategy today. It is urgent that you do so.
Side Note: The earliest bit of recommended reading below is actually a blog post I wrote dating back now about 21 months. That is a long time ago in the world of mobility, but the post anticipates where enterprises are today relative to their mobile realities. Amazingly, most enterprises have yet to reach the point of building a mobile security plan as I outlined 21 months ago!