Where Enterprise Mobile Security Falls Short
By Joe Breaux, CTO, TRUCE Software
The nature of work (and life) has become increasingly mobile. This has opened the door for a wave of new cybersecurity threats that have the potential to leave a business reeling. In fact, a reported 60% of small businesses go out of business within just six months of being hit by a cyber attack or data breach.
According to research firm IDC, U.S. companies have signaled their prioritization of investments in mobile-based management and security solutions. The impetus for this is, in part, the rapid growth of the mobile worker population. IDC estimates this faction of the workforce will grow from 78.5 million in 2020 to 93.5 million in 2024.
With the ubiquity of smartphones, tablets and laptops for work comes an increasingly sophisticated set of security risks and the need to ensure not only your people and devices are safe, but your information, too (think: IP and customer databases). CSO Online reports that one in three businesses said they've dealt with a security compromise due to a mobile device. From unintentional device loss, to theft, phishing, unwanted access to the company network and beyond, increased mobile usage calls for equally sophisticated security measures. Yet, most enterprise mobile strategies and security solutions are still built from a PC paradigm, meaning they aren't made to suit distributed workers who are using different devices at different times for different purposes. Fixed perimeter security simply can't account for the many ways today's workforce is dynamic.
Therein lies the shortcoming of standard enterprise mobile security approaches.
Many businesses today still rely on perimeter security, whereby a company places a physical boundary around what matters to them. This creates a barrier within which a device must stay. But this approach doesn't work for today's mobile-first world, which calls for new, more flexible models for protection.
Advanced mobility prompts the need for richer security measures
The rise of more advanced mobility has prompted the need for businesses to step-up their security measures, ensuring they work for today's business models, not yesterday's. The arrival of smartphones and tablets brought new risks that most security solutions weren't able to solve: Primarily, that what may be considered a security risk in one situation may not be in another. Yet, the same device may traverse both situations. This challenge brought about a shift in the kind of management tools that were needed to secure the enterprise.
Businesses have started to implement strategies through which they can manage flexible device use, finding ways to enable the features and access to content necessary at only the right times, while temporarily withholding access at times where it could pose a security or safety risk. To do so, they're adding a contextual element to their security management solutions. This complements traditional security strategies, adding a dynamic layer that takes into account who is using the device, where, when and for what. Contextual intelligence adds a security layer while not treading on employee privacy, and it eliminates the need for all-or-nothing policies, taking into account what we at TRUCE consider the human aspect of enterprise mobility. That is the understanding that employees move throughout a shift, and as their context changes, so too should their mobile permissions, automatically and in real time.
How dynamic enterprise mobile security comes to life
Contextual mobility management doesn't replace a dedicated security solution, in the same way it doesn't replace an Enterprise Mobility Management (EMM) solution. It enhances them. There are two ways this comes to life: Fixed perimeter and dynamic adaptation.
Fixed perimeter: Fixed perimeter security works well for industries and businesses where employees report to the same place every shift. Consider a healthcare employee who uses a tablet in a hospital setting. The individual ideally remembers to leave the tablet behind when they're off the clock and they leave the premises. If the worker accidentally keeps the device with them, CMM can automatically lock it down, recognizing immediately that they're outside of secure bounds. There's no need for IT to be notified before action can be taken to disable the device. Security is applied in real time as the user's whereabouts change. When the device is returned to the hospital, it automatically reverts to work mode, again with no triggering of device permissions from IT staff.
The situation is similar if a device is lost or stolen. The technology recognizes automatically that the device has been removed from an approved work area, triggering real-time implementation of locked mode. All of the original functionality can be restored immediately when deemed safe.
Dynamic adaptation: The second approach for contextual mobility management applies for businesses where employees work in the field, such as service-based businesses like pest control or utilities. In these scenarios where the individual's movements and location are fluid, CMM enables device functionality to dynamically adapt based on their context. For example, if a cable technician needs to access customer data to service a user in their home, they have access to that information while conducting the service call. But when the job is complete and the employee gets into their work truck to head for their lunch break, work-related apps and databases are automatically inaccessible. Other factors the CMM tool may take into account include time of day, proximity to certain equipment, work group and more.
The contextual layer in addition to traditional EMM and security tools gives each user access to only what they need to get the job done and nothing they don't. And when their situation changes, such as when they leave the job site for a lunch break, so do their permissions. From a security standpoint, this means access to sensitive information or tools can adjust based on the user's whereabouts without expecting the employee or IT to police device usage around what's considered safe and appropriate or not.
Plugging the mobile security gap
The ubiquity of mobile devices across all facets of our lives will only continue, and work is no exception. There's a great deal at stake when they're restricted in the workplace (with some exceptions, of course), especially as it relates to productivity, flexibility and even employee satisfaction.
With the right systems in place to effectively manage mobile devices with an emphasis on both device and information security and safety, the use of mobile devices for work has shown its value time and again, putting incredible power in the hands of workers regardless of where they are. This is the way forward for the modern workforce.
Joe Breaux is Chief Technology Officer of TRUCE Software, the first platform to offer a contextually-aware and responsive mobile management solution for businesses.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.