Securing the Moving Targets of the Mobile Enterprise

Cloud computing has carried the business of the enterprise beyond the walls of its office buildings. Mobile devices connect not only to cloud-based services, but also connect the enterprise’s employees, customers, and partners anywhere, anytime.

While this enables the enterprise to be more productive, it also exposes the enterprise to more risks. While on-premises security is still important, off-premises security has become a priority. Mobile devices are moving targets challenging security policies, most of which were designed with a far less mobile enterprise in mind.

“Mobile employees,” Rick Delgado blogged, “are not as likely to adhere to the same security protocols for handling sensitive data as their strictly brick and mortar counterparts.” These days even employees who work at a brick and mortar location still have a mobile device, often a personal smartphone. And as Delgado explained, “smartphones are increasingly becoming the targets of hackers who are constantly creating new and better ways to obtain sensitive information. And smartphone cameras are handy tools that malicious employees can use to take pictures of sensitive documents and computer screens and instantly share on the phone’s private network, under the radar, and beyond the corporate firewall.” While that corporate espionage scenario sounds like a clichéd scene from an old spy movie, the unclassified truth is there are now several smartphone camera apps available that can take a high-resolution photo of a document or computer screen and produce a high-quality PDF.

Enterprise security has become increasingly complex as IT tries to simultaneously protect data and enable the mobile enterprise. In recent years, three approaches have evolved that can assist IT with managing the mobile challenge:

  1. Mobile Device Management (MDM) — Software-based enforcement of policies that focuses on securing the whole device by controlling network access, application download and usage, as well as monitoring the data downloaded, stored, and sent with the device. MDM can remotely lock the device due to a security violation, or wipe the device if it’s lost or stolen.
  2. Mobile Application Management (MAM) — Software-based enforcement of policies that focuses on securing specific applications rather than the whole device. MAM provisions and controls access to internally-developed and commercially available mobile apps, thereby making it possible to separately manage enterprise applications from personal apps.
  3. Mobile Content Management (MCM) — Manages, often via an internally-developed app, access to a central and secure content repository using mobile device authentication and multi-factor log-in authentication to grant and manage access to specific content. MCM provides a secure alternative to email attachments and file sharing services on public clouds.

MDM is the most secure approach. However, it’s also the most restrictive, requiring employees to give the enterprise complete control of their mobile device. Since, with the popularity of bring your own device (BYOD) programs, many of those mobile devices are employee-owned, MAM is the most common approach. It enables enterprises to meet employees halfway, with IT managing enterprise apps while employees are allowed to manage their personal apps and non-work-related use of the mobile device. MCM provides a good approach to data security, but it requires a good faith agreement with employees that they will always leverage it when using their mobile device to access or share enterprise data, especially sensitive information.

While the mobile management approach that works best will vary across organizations and industries, nowadays every enterprise must realize it’s a mobile enterprise and its employees’ mobile devices are moving targets that must be secured.

This post is brought to you by the Enterprise CIO Forum and HP’s Make It Matter.