The idea of Bring Your Own Device (BYOD), which began in 2010 and exploded in 2011, has many modifiers – some call it a “grass roots movement,” others simply call it a “business decision,” and yet others refer to it as a “trend.”
Juniper Research goes one better, referring to it as a “concept that has been a growing trend.” Whatever you call it, BYOD – which we might also be a “phenomenon” if a new Juniper report on BYOD market size is accurate – has been exclusively driven by the surge in smartphone and tablet use worldwide, and has certainly had a major impact on how and what enterprise IT must do to accommodate it, or rather to control it.
For the most part, to fully accommodate BYOD, enterprises have had to relax security rules that in previous eras of rapid technology growth (PCs, local area networking, the Web, the Internet), always remained sacrosanct. In particular, smartphones have changed a certain key dynamic – there are now huge amounts of corporate data floating around on smartphones, and enterprises have had to loosen up the rules governing the security of that data in order to allow BYOD to function effectively.
The mobile device management (MDM) vendors have been using a lot of marketing-driven security hype to create both market awareness for security issues, and of course to create enterprise environments within which to sell their MDM platforms and services. Most enterprise IT teams are well aware of the inherent security issues BYOD creates – or the “potential” security issues, but the MDM market hype never the less makes for good headlines.
MDM vendors have traditionally provided the means for locking down lost or stolen devices, preventing unwanted programs from being downloaded by end users, ensuring that end users follow established processes for logging on to their networks, and so on.
In the pre-iPhone world, when RIM, Palm and Windows Mobile devices primarily ruled the marketplace, it was fairly easy to keep end user devices from causing undue security harm.
The iPhone, iPad and Android smartphones and tablets changed all that – the enormous surge in sales and in workforces demanding that they be allowed to use their smartphones in the workplace literally overwhelmed many enterprise IT groups for a while, and allowed newer MDM vendors (for example, MobileIron or AirWatch), to step in and create new MDM markets for themselves.
MDM allayed some security fears, in particular those surrounding the actual devices themselves.
In 2012 a newer set of security issues have emerged that center on the idea of potentially rogue applications (or even trusted applications) doing things behind the scenes, without either users or IT departments being aware of unintended consequences until possibly too late to do anything about them.
A user may legitimately have a program on his or her device, the user may have logged into a secure network, and the user might being dong little more than what security policy management rules allow the user to do.
In the world of MDM, all appears well in this scenario – the device itself is in safe hands, and the user is doing nothing that isn’t allowed. Yet the security of the device and the user is deceiving. An otherwise trusted mobile application may be accessing data it shouldn’t, a rogue app may be purposefully opening up communications channels or transmitting data…in short, MDM doesn’t fully cover all of the many security issues that can come into play. Factor in rapidly growing anytime anywhere access of data through cloud services, and the odds jump that security breaches – possibly major security breaches – will likely occur.
Security Risk Odds Rise Dramatically
Today’s mobile enterprise world has approximately 150 million BYOD users – an already staggering number of business users. But the ante is about to be upped substantially – a new Juniper Research report claims that BYOD users will jump to at least 350 million by 2017 – a number that will represent about 23 percent of all smartphones and tablets.
The ‘Mobile Security Strategies: Threats, Solutions & Market Forecasts 2012-2017’ report finds that the majority of workforce smart mobile devices do not have any form of security software loaded, nor is enterprise data adequately protected. The report provides detailed assessments of mobile security threats and the growing market for security solutions.
Although enterprises are generally aware of the security threats BYOD engenders, it is clear from the report that not nearly enough enterprises are moving in the right directions to safeguard not only their own data, but that of their customers. In some cases, such customer data can easily reach millions of users, so that even a “small” security breach that affects a small percentage of those millions of users can lead to very large numbers of user data being compromised.
As noted earlier, MDM in and of itself may not be enough security to ensure totally secure environments. As the number of BYOD users grows to over 350 million, a security defense strategy must also account for the rogue mobile apps that can bypass MDM. To do so requires MDM to evolve quickly into mobile application management (MAM). Vendors such as Mocana are now focused on securing the mobile apps themselves from rogue (or potentially rogue) activities.
It’s a start in the right direction for delivering full scale mobile security.
Many enterprises take mobile security seriously, and are moving quickly to ensure that they have the tools in place to keep enterprise data safe and secure. But not enough are doing so – as the Juniper report makes abundantly clear. In many, if not most cases, it isn’t a case of enterprise IT not knowing about security dangers – it’s a case of convenience from groups outside of IT that argue for easing up on rigorous security practices in order to allow ever greater numbers of BYOD users meaningful access to corporate programs and data.
Lines of business and executive management teams are most often the culprits here in driving the easing of security standards. The argument is almost always one of BYOD productivity and cost benefits outweighing the security risks. That is a truly critical security concern. The vast majority of enterprises must get on board with both MDM and MAM – the Juniper report market numbers strongly suggest that the time to do so is now, not tomorrow.
Want to learn more about today’s powerful mobile Internet ecosystem? Then be sure to attend the Mobility Tech Conference & Expo, collocated with ITEXPO West 2012 taking place Oct. 2-5 2012, in Austin, TX. Co-sponsored by TMC Partner Crossfire Media the Mobility Tech Conference & Expo provides unmatched networking opportunities and a robust conference program representing the mobile ecosystem. The conference not only brings together the best and brightest in the wireless industry, it actually spans the communications and technology industry. For more information on registering for the Mobility Tech Conference & Expo click here.
Stay in touch with everything happening at Mobility Tech Conference & Expo. Follow us on Twitter.Tony Rizzo has spent over 25 years in high tech publishing and joins MobilityTechzone after a stint as Editor in Chief of Mobile Enterprise Magazine, which followed a two year stretch on the mobile vendor side of the world. Tony also spent five years as the Director of Mobile Research for 451 Research. Before his jump into mobility Tony spent a year as a publishing consultant for CMP Media, and served as the Editor in Chief of Internet World, NetGuide and Network Computing. He was the founding Technical Editor of Microsoft Systems Journal.
Edited by Braden Becker