Mobile security in the enterprise: What does the future hold?

There is no doubt that the use of mobile devices has become commonplace – globally people are using their smartphones to shop, socialise, and stay up-to-date on news. The use of smart mobile devices (SMD) is also rising in the work environment; the number of SMDs managed in the enterprise increased by 72 per cent from 2014 to 2015 alone.

However, despite the increase in the number of SMDs being used, the enterprise is still not embracing the use of mobile devices to its full potential. There are many examples of applications that could help increase business efficiency, yet outside of email, very few are being used. Unlike for personal use, mobile has been slow to progress in the business-world. This is due to a number of constraints faced by businesses.

Mobile devices: The constraints to businesses

1. Technology

Within the enterprise there will be a mixture of mobile platforms – the two leading platforms being Google Android and Apple iOS. There are also two main models for using mobile devices in the enterprise; enterprise-owned and managed and employee-owned and enterprise-managed, or Bring-Your-Own-Device (BYOD).

When it comes to enterprise-owned devices, Apple iOS is the leading platform. This is largely due to technological factors such as lower levels of malware, apparent higher levels of security and defined update process.

Yet globally, Android is the dominant global mobile platform, which means when it comes to BYOD, the platform being used will likely be different from enterprise-owned. Android has also suffered from a large number of malware incidents and fragmentation problems. This mixture of mobile platforms as well as the choice of ownership model creates a serious challenge for businesses when it comes to initiating mobile applications for employees.

2. Security

This is considered by most to be the number one concern for businesses when it comes to adopting mobile. Enterprises will likely have specific security policies in place to protect the crucial aspects of information security, including access control, data integrity, and confidentiality. Ensuring that SMDs comply with these policies can be very complex, especially when combined with the technology constraints previously outlined – as the enterprise cannot control an employee’s choice of personal device.

3. Regulatory laws

Industry and government regulations are a crucial factor in enterprise mobility solutions – with considerable impact on how a business designs its framework and, in turn, to what extent it adopts mobile solutions.

One of the most notable, upcoming regulatory laws include the European Commission’s General Data Protection Regulation (GDPR), due to come into force in May 2018, to the personal data of EU citizens.

What is the solution?

In order to enhance productivity and usability through mobile applications, while meeting and complying with security policies – enterprises face a real challenge. The next generation of mobile security solutions need to be developed specifically with these issues in mind and should include the following characteristics.

User focus

The user must be at the centre of any design to ensure the user experience is at the forefront, regardless of the device. If mobile security applications or services are too much of a burden, people simply won’t use them, which puts the device at much greater risk.

Agile multi-factor authentication (MFA)

Legacy authentication mechanisms, such as passwords, have long been understood to be vulnerable to hacking. Along with increased industry regulation, MFA is becoming far more widespread. MFA solutions support a number of authentication mechanisms that can be selected to suit user choice and enterprise security policy.

Mobile Single-Sign-On (SSO)

Again relating to usability, having to re-authenticate to access each service on the mobile device can be both inconvenient and insecure. In the modern age, mobile SSO is crucial to ensure a secure and streamlined service.

Protecting data

One of the most common aspects of an enterprise security policy is that data must be protected when stored and in transit – mobile devices can not be exempt from this. It’s important that enterprise data must be protected when viewed on a mobile device through the use of strong authentication and encryption.

Simplified unified security

Next generation mobile security applications need to take a unified approach, incorporating security features into one mobile solution. Through this the solution can meet the security needs, as well as negating the need of an organisation to integrate multiple security tools from multiple vendors – which can take a lot of time and money.

The enterprise is not able to fully embrace the capabilities of constantly connected, on-the-go mobile devices, due to a lack of adequate security controls. A next-generation enterprise mobile security solution should offer a simple, unified, solution with enhanced usability.

Thierry Bettini, Director of International Strategy, Ilex International