Mobile device security isn't just a good idea or a loose buzz term to toss about randomly; it's a real thing. Mobile device security is THE buzz term for 2014. Driven by BYOD and enterprise tablet adoption, mobile security is going to be the big buzz next year. Why? Because the onus for security is going to shift from user and business to the manufacturer. Yes, the manufacturer.
Device-level security, from the factory, is next year's big thing.
In days past, users were told to use passwords, told to use VPN connections—especially on public WiFi, told to update software and apps regularly, and told to encrypt their devices.
Here's the clue phone message that security folks, businesses, and manufacturers finally got: People ain't gonna do it.
Security, for users, is inconvenient, is seen as unnecessary, and is annoying.
So, the security focus shifted to businesses.
Enter the host of mobile device management (MDM) suites, mobile application management (MAM) suites, mobile content management (MCM) suites, and pluggable modules for existing security suites of every description and scale.
Businesses spent hundreds of millions of dollars on new software, training, and new security measures only to find that the OS, mostly in the case of Android, just isn't secure. No matter what you do from the outside; it isn't going to fix the problem.
And just to let you know, I don't have a problem with security suites or personal security—they're both good things.
Manufacturers, that is to say mobile device manufacturers, have stepped up to place security where security should have been all along: on the devices.
Security is a multi-layered approach. It doesn't rest on one party or another alone. The user has a responsibility, the business has a responsibility, and the manufacturer has a responsibility. Each entity in the security path has a responsibility to ensure that everything possible is done to prevent malware, viruses, breaches, privacy leaks, and stolen information.
Device security is the pivotal layer in the new security model. Samsung has made the greatest effort of any manufacturer (so far) with its KNOX security suite. KNOX is a security suite that consists of several different technologies that protect user data, business data, communications, data at rest on the device, and the device itself. Samsung's KNOX is a comprehensive and secure solution. It's installed on Samsung's newer devices and will soon be available for their other hardware in 2014.
Some of the technologies manufacturers like Samsung have setup on devices consist of:
- Secure boot
- Encrypted OS
- Encrypted communications via VPN
- Required passwords
- Partitioned (jailed) virtual devices
- Application security
The problem with enforcing security from external sources, such as MDM suites, is that users feel that their devices have been taken over by their employers. And it feels unfair and wrong.
Some MDMs are too heavy-handed in their approach to security and it makes for unhappy users and unsuccessful BYOD programs.
Enforcing security by the manufacturer, at the device level, is far more comfortable for businesses and for users alike. The user owns the device. The users enjoys the devices. The company feels comfortable allowing the user to use the device at work because of the advanced security contained on the device.
Does enhanced device security mean that businesses are off the hook for mobile security? Certainly not. Businesses still have to ensure that personal devices aren't jailbroken or compromised in some other way. Also some assurance is needed that the user will update his device regularly. I suggest using an MDM suite that performs baseline checks of the OS level and prevents access to those with old firmware, old OS versions, or those whose updates are outside of acceptable limits.
You have to realize that protection of company data takes priority over the user's desire to use his or her own device. That's just the way it is. And the way to resolve most of the security-related problems with a random sampling of user-owned devices is to produce and sell manufacturer hardened hardware and operating systems.
In 2014, my prediction is that mobile device manufacturers will build devices with better security. It's no longer an option not to do it. For the millions of devices that already exist without manufacturer enhanced security features, my hope is that some retrofit firmware, OS updates, patches, apps, or recalls will be made available to users.