A single buzz term prediction for 2014: mobile device security

A single buzz term prediction for 2014: mobile device security

Summary: 2014 will be the Year of Mobile Device Security. If it isn't obvious from the current BYOD trend, then it's obvious from the device manufacturers themselves.

SHARE:

Mobile device security isn't just a good idea or a loose buzz term to toss about randomly; it's a real thing. Mobile device security is THE buzz term for 2014. Driven by BYOD and enterprise tablet adoption, mobile security is going to be the big buzz next year. Why? Because the onus for security is going to shift from user and business to the manufacturer. Yes, the manufacturer.

Device-level security, from the factory, is next year's big thing.

In days past, users were told to use passwords, told to use VPN connections—especially on public WiFi, told to update software and apps regularly, and told to encrypt their devices.

Here's the clue phone message that security folks, businesses, and manufacturers finally got: People ain't gonna do it. 

Security, for users, is inconvenient, is seen as unnecessary, and is annoying.

So, the security focus shifted to businesses.

Enter the host of mobile device management (MDM) suites, mobile application management (MAM) suites, mobile content management (MCM) suites, and pluggable modules for existing security suites of every description and scale.

Businesses spent hundreds of millions of dollars on new software, training, and new security measures only to find that the OS, mostly in the case of Android, just isn't secure. No matter what you do from the outside; it isn't going to fix the problem.

And just to let you know, I don't have a problem with security suites or personal security—they're both good things.

Manufacturers, that is to say mobile device manufacturers, have stepped up to place security where security should have been all along: on the devices.

Security is a multi-layered approach. It doesn't rest on one party or another alone. The user has a responsibility, the business has a responsibility, and the manufacturer has a responsibility. Each entity in the security path has a responsibility to ensure that everything possible is done to prevent malware, viruses, breaches, privacy leaks, and stolen information.

Device security is the pivotal layer in the new security model. Samsung has made the greatest effort of any manufacturer (so far) with its KNOX security suite. KNOX is a security suite that consists of several different technologies that protect user data, business data, communications, data at rest on the device, and the device itself. Samsung's KNOX is a comprehensive and secure solution. It's installed on Samsung's newer devices and will soon be available for their other hardware in 2014.

Some of the technologies manufacturers like Samsung have setup on devices consist of:

  • Secure boot
  • Encrypted OS
  • Encrypted communications via VPN
  • Required passwords
  • Partitioned (jailed) virtual devices
  • Application security

The problem with enforcing security from external sources, such as MDM suites, is that users feel that their devices have been taken over by their employers. And it feels unfair and wrong.

Some MDMs are too heavy-handed in their approach to security and it makes for unhappy users and unsuccessful BYOD programs.

Enforcing security by the manufacturer, at the device level, is far more comfortable for businesses and for users alike. The user owns the device. The users enjoys the devices. The company feels comfortable allowing the user to use the device at work because of the advanced security contained on the device.

Does enhanced device security mean that businesses are off the hook for mobile security? Certainly not. Businesses still have to ensure that personal devices aren't jailbroken or compromised in some other way. Also some assurance is needed that the user will update his device regularly. I suggest using an MDM suite that performs baseline checks of the OS level and prevents access to those with old firmware, old OS versions, or those whose updates are outside of acceptable limits.

You have to realize that protection of company data takes priority over the user's desire to use his or her own device. That's just the way it is. And the way to resolve most of the security-related problems with a random sampling of user-owned devices is to produce and sell manufacturer hardened hardware and operating systems.

In 2014, my prediction is that mobile device manufacturers will build devices with better security. It's no longer an option not to do it. For the millions of devices that already exist without manufacturer enhanced security features, my hope is that some retrofit firmware, OS updates, patches, apps, or recalls will be made available to users.

Topics: Security, Hardware, Mobile OS, Mobility

About

Kenneth 'Ken' Hess is a full-time Windows and Linux system administrator with 20 years of experience with Mac, Linux, UNIX, and Windows systems in large multi-data center environments.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • samsung knox

    That just failed in a security test that BlackBerry 10 and BES 10 did with flying colors. Interesting how much we try to bury BlackBerry's security like it's not anything special.
    http://m.us.wsj.com/articles/SB10001424052702304244904579276191788427198?mobile=y
    Georgefly97
    • @Georgefly97

      Too bad I can't read that article. I don't have a WSJ subscription.
      khess
      • Here

        http://www.pcmag.com/article2/0,2817,2428736,00.asp
        No subscription required
        Georgefly97
        • Their security may be good

          But still, nobody wants their devices. Another company destroyed by poor leadership. Just read that Lazaridis sold more of his shares and now has less than 5% stake in the company.
          otaddy
          • devices

            We're not the bass of my argument. Samsung's security flaws were, and how the whole tech world is making it look like Knox is the only security measure out there for mdm and so fourth. And by the way Citroën Peugeot just made an order for 10k z10s so somebody wants them, mainly just secure businesses and governments. Just not the average consumer.
            Georgefly97
          • And Cleveland Clinic ditched blackberry

            For iPhone and ipad. So apparently, apple is secure enough for them. I expect bb to be sold in 2014.

            Where I work the execs ditched bb a long time ago and now use iPhone. Heck, even peons like me were given an ipad2 for work.
            otaddy
          • Samsung mobile security was best in new British (CESG) security test ...

            ... compared with mobiles like iOS and Windows 8 Phoney. The worst security was with Windows Phoney 8 and Windows RT.

            Another good security was with BlackBerry-EMM Regulate. "This guidance is applicable to Samsung devices running Android 4.2.2 and supporting the Samsung SAFE API. "

            https://www.gov.uk/government/publications/end-user-devices-security-guidance-samsung-devices-with-android-42

            https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-phone-8
            MacBroderick
    • BlackBerry-EMM Regulate and Samsung Android 4.2 (SAFE API) were best ...

      ... in this latest British test:

      https://www.gov.uk/government/publications/end-user-devices-security-guidance-samsung-devices-with-android-42

      https://www.gov.uk/government/publications/end-user-devices-security-guidance-blackberry-101-emm-regulated

      https://www.gov.uk/government/publications/end-user-devices-security-guidance-apple-ios-6

      https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-phone-8
      MacBroderick