All Things Mobile: Managing the Shift in the Enterprise
Five key areas that every business should consider in developing an Enterprise Mobility Management (EMM) strategy
Are we there yet? We've been moving towards the mobile enterprise for years, and it seems like we are just about there. In 2017, millennials already represent a third of the U.S. workforce, data shows -- and we all know how much they love their mobile devices. In a recent Gallup poll, 43% of employed Americans said they spent at least some time working remotely in 2016. And according to Cisco, by 2020, wireless and mobile device traffic will account for two-thirds of total global IP traffic.
While employees using mobile devices for work is nothing new, the risk associated with those devices has been multiplied by hundreds, or even thousands, due largely to the ever-growing number of vulnerable applications. Employee devices lie outside of a company's security perimeter (firewalls, threat management, spam filters, and other security tools), yet they grant access to some of the most sensitive information inside of a company: email, customer data, HR information, sales data, and business strategy and plans.
But Enterprise Mobility Management (EMM) isn't just about security, nor is it all about devices. Managing today's mobile enterprise requires a comprehensive strategy that is flexible enough to cover the ever-changing landscape of devices and apps while keeping enterprise data secure. Here are five key areas that every business should consider in developing an EMM strategy.
Going Beyond the Smartphone and Tablet
It's no longer enough to develop a policy that covers currently available hardware. What hardware is on the horizon? Are employees using their wearable devices for work? And if so, for what use cases?
This is uncharted territory for the majority of IT departments -- and still relatively new in general. Many of the risks related to IoT devices are just being uncovered. Authentication levels for each device need to be investigated, access restricted based on policy, and VPNs installed if possible. Cameras, voice recorders, and the default "always-on" setting on IoT devices bring up issues of privacy -- from the boardroom to the shop floor. And employees bringing their own wearables to work can be like a flashback to the early days of BYOD. Policies should cover which (if any) wearables are permissible in the workplace, how they are to be used, and what penalties will accompany violations.
Speaking of BYOD, it's not 2009 anymore. There was a time when everyone was doing it -- or at least thinking of doing it. Businesses could save money on devices but still expect employees to be productive outside of the office, using their own devices. What's not to love? How about outdated devices, relaxed policies and an expanding number of apps that provide access to corporate data? For many companies, the risk is simply no longer worth it. However, if you are still committed to BYOD, it's time to take a look at your policies and procedures to make sure you:
- Ensure devices are set to automatically check for and install application and operating system updates
- Require passwords to unlock devices
- Can automatically wipe devices if lost, stolen, or if too many incorrect passwords are entered
- Mandate encryption and anti-malware protection
- Communicate and monitor blacklisted apps (specific apps and general guidelines)
The next generation of EMM will take the massive amounts of data available from users and use it to enhance their device experience -- something many of us have become accustomed to in our personal lives. Just like an employee's smartphone automatically provides traffic conditions to his weekly after-work basketball game (even if it's not in his calendar), it can also serve up the enterprise apps he needs, when he's most likely to use them.
The potential for machine learning within EMM goes beyond increasing the convenience and productivity of employees; it can also be used as a security measure. Smarter EMM policies could detect abnormal activities and potential threats. Some possible use cases include reconnaissance activities, compromised credentials, and unusual resource access or working hours.
Managing Threats for the Cloud
According to PwC's Global State of Information Security Survey 2017, 48% of IT services are delivered via the cloud. Enterprises taking advantage of the scale and computing power of the cloud can use the same capabilities to develop an innovative, centralized threat management program. One example is PwC's Secure Terrain&trade program, which uses Google's vast cloud platform to study activity across the enterprise and strategically manage cybersecurity.
Such a program would involve four steps:
- Real-time data analytics
- Assessment of impact
- Identification of threats
- Action to combat threats
The development of enterprise-wide cybersecurity is a significant task. However, as the shift to mobile increases speed and capacity, IT leadership should consider building on its current foundation with next-gen security tools.
There are also many resources built around threat awareness sharing, such as Information Sharing groups and Analysis Organizations (ISAOs). Examples include the Commonwealth of Virginia ISAO, The Legal Services ISAO, Retail Industry ISAO, The National Credit Union ISAO, and the Maritime & Port Security ISAO. We all know that cybercriminals share and network, so why not take a page from their book and exchange knowledge to help everyone understand and mitigate threats in the enterprise?
Introducing Compliance as a Company-wide Effort
Traditionally, IT has been the driving force behind EMM, but high-profile hacks are making it a priority for every C-level executive. The growth in digital traffic and mobile endpoints leaves companies open to more attacks, via more targets and approaches. Sixty-seven percent of companies included in a recent Ponemon Institute survey have experienced a breach from an employee's mobile device. With the magnitude and frequency of threats, companies can't afford to wait around. They need an effective program to secure and monitor the mobile enterprise -- or risk a costly security breach.
Securing digital data is a key initiative for many businesses this year, and they will work together to ensure EMM policies include encryption, data loss prevention, and strict security controls. With security as a shared responsibility, mobility policies can be developed to address practical use cases and companywide business needs and priorities.
"SCTC Perspectives" is written by members of the Society of Communications Technology Consultants, an international organization of independent information and communications technology professionals serving clients in all business sectors and government worldwide.
Learn more about mobility trends and technologies at Enterprise Connect 2017, March 27 to 30, in Orlando, Fla. View the Mobility track, and register now using the code NOJITTER to receive $300 off an Entire Event pass or a free Expo Plus pass.