Latest Technology News Today – Get Latest Information Technology Updates and Services Latest Technology News Today – Get Latest Information Technology Updates and Services 
Enterprise Mobile Security is gaining significance for companies, because smart devices are now the universal way of accessing information. With the combined power of productivity, collaboration and mobility, the option of Bring Your Own Device (BYOD) is an inevitable progression. This article analyses the latest challenges around for Enterprises and Enterprise Mobile Service providers.
Most IT security managers in enterprises realize that BYOD allows employees the freedom to use their own devices – tablets or smart phones which they can use to in their job profile as well – interact and collaborate with others, approve or seek approvals in the enterprise software work flow, and access organizations’ resources. However, to be able to get the bests benefit from this new and powerful concept, new principles in data leakage prevention and policies around enterprise security compliance now need to be implemented. Currently, many organizations are coming around to the BYOD concept, while few large organizations have been able to make the transformation.
Santosh Satam, CEO of Securbay, an Information Security Services company, and an advisor to Reserve Bank of India panel on mobile security, says, in most cases, enterprise barriers have been broken down, andsome very effective collaborative software and smarter devices are on their way. This has given rise to a new concept called ‘Bring your own software’ (BYOS). With better high speed networks and cloud platforms providing universal access – the benefits are galore – elasticity, cost effectiveness and collaborative success are a few of them. However this provides a different type of challenge to the Enterprise Security teams.
BYOS Components
Some basic components of BYOS can be – File sharing – like Google Drive or DropBox; Cloud collaborative software like Apple iDOCS or Google Docs or Microsoft 365 to start with. Most of them offer primitive defence against the traditional hack. These are most often used by small enterprises, and the cloud service provider provides the needed lines of defence against possible threats.
However, large enterprises which follow PCI-DSS or HIPAA or ISO27001 type of security compliance may have challenges in adopting this new concept into their traditional rules of security governance.
Vendors like DropBox or Google or Microsoft try to fix vulnerabilities on a regular basis. However, beyond these software, appear specific enterprise mobile applications, which have created an E2B (Employee to business) environment, and here, the traditional mobile security does come into play. A report by TechNavio Research indicates that Enterprise mobile security software shall grow at 18.84% in the years 2013-18, and BYOS and BYOD will drive this demand.
With an increasing number of mobile applications coming into the ambit of enterprise mobile security, compliance driven investment by enterprises is inevitable. Since most of the software is hosted on the cloud, protection of data on the cloud is the next challenge. According to Gartner, up to 80% of IT security professionals will not be happy with the contract safe guards offered by Cloud Service Providers – who are the key service providers for BYOS users.
Responsibility lies with the user
In this context the main responsibility of securing both,the data integrity and the data access rests on the organization and ultimately the user. It is the usual difficult choice – ease of collaboration vs Enterprise security. But the time has come for at least some of the organization to try BYOS out.
What are the three things that can be done to enable BYOS in an Enterprise? Firstly, choose your ‘allowed software list’ clearly in line with your organization policies – even when you give options – please mention version number. Secondly, the user needs to ensure that this software is updated for all vulnerabilities through proper patch updates. Finally, the mobile user needs to ensure random, and periodic audits done on the software users on – integrity, confidentiality and security of enterprise data and software compliance.
Santosh says the dilemma of an IT security manager at a policy level on whether a Company Owned, Personally Enabled (COPE) approach makes sense. Marketing researcher Gartner predicts that almost 40% of the companies rely on BYOD, and plan to completely move away from owning devices in another two years, and about 85% of them would have some sort of policy by 2020. Surprisingly, small and medium businesses are in the forefront, and only 10% have not really given a thought about it.
The increasing adoption of consumer devices makes it inevitable – people just want to use their devices that they buy. Hence the scope for COPE to really be implemented seems weak. Mr. Suresh Kumar, owner of Priyadharshini mobiles, a leading mobile store in Chennai, says ‘Employees’ personal devices are smarter and capable than the restrictive choices that a company issued device may have.” So essentially one can note that as we move towards the summer of 2015, COPE seems to be an option that just is passing away.
But there is one last thing we might want to consider before wishing away COPE – Corporate liability. Enterprises are now governed by regulations like SEC or SEBI, GLB, HIPAA, PCI or Sarbanes Oxley. The accountability is usually put on the ‘Mobile Device Management’ (MDM) system and its effectiveness to comply with the regulations. These regulationsestablish the need for corporate systems to comply and the liability if not complied with. What MDM does not address is the variability of devices in question. This brings us back directly into control of the mobile devices and mobile applications. A COPE- enabled policy creates a relatively comfortable situation for compliance as variability of mobile operating systems, hardware and applications are reduced.
MDM functionality can include over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, ruggedized mobile computers, mobile printers, mobile POS devices, etc. Most recently laptops and desktops have been added to the list of systems supported as Mobile Device Management becomes more about basic device management and less about the mobile platform itself. MDM tools are leveraged for both company-owned and employee-owned (BYOD) devices across the enterprise or mobile devices owned by consumers.
Santosh adds that the new MDM solutions may reduce the cost of compliance as well, as the solution itself is on cloud and the mobile interfaces can be variable, but the data rendering, access and integrity is protected through uniform policy – which makes the device variability more or less redundant. It also provides for savings in cost. These systems are however, just evolving. Corporate liability vs COPE will be the two major variables that MDM software architects will face.
With new form of calling features in mobiles, the traditional way of video conferencing is disappearing. Mr. Suresh Kumar says that employees create groups in chat software like Whatsapp, Skype, Viber to communicate even enterprise matters. Enterprise messaging is crossing boundaries into consumer messaging and chat, he says.
As one can see, more than 65% of organizations will adopt BYOD in some form or other in the next few years. Factors like Corporate Liability, Data Security and Enterprise messaging will be some of the key factors that will influence the evolution of Enterprise mobile security for companies in India.
