Click here to close now.

Welcome!

Security Authors: Tom Kemp, Pat Romanski, Xenia von Wedel, Lori MacVittie, Elizabeth White

Related Topics: Security, Wireless, Microservices Journal, AJAX & REA, Web 2.0, iPhone

Security: Article

How to Re-imagine Your Business for a Mobile World

And keep your data safe while doing it

There is little argument at this point that the mass adoption of mobile technology and bring-your-own-device (BYOD) strategies by enterprises is a true business technology revolution. At the core, the catalysts driving this revolution are the vast array of mobile devices leveraging soaring bandwidth - 4G - and super-fast internals - quad-core processors - which have become commonplace.

With this high-bandwidth, ultra-capable combination, end users see the productivity and convenience possible by running the newest, most sophisticated business applications on their own personal mobile devices.

And it's not just end users who can benefit. A recent Symantec survey found that innovative companies - early technology adopters, especially of mobile technology - are seeing significantly higher revenue growth and higher profits than traditional organizations; in fact, by nearly 50 percent.

The question facing every enterprise is, "Are we re-imagining our business with mobility as a central component?" Here are some suggestions on how to accomplish this, while keeping sensitive business data secure.

Evaluate App and Data Needs
The previously mentioned Symantec survey found that 84 percent of those successful, innovative companies are proactively adapting their businesses based on business drivers rather than simply reacting to user demand. So, companies need to evaluate. Thus, the first step in re-imagining business in a mobile world is to determine the apps and data end users could utilize - beyond email - to get their jobs done more efficiently.

App Type
Apps for CRM, e-Health and ERP are just a few good examples of line-of-business apps companies in different industries can leverage to improve productivity through mobility. Add to this list cloud-based file storage apps that give users access to their data across computing platforms.

Data Access
Beyond app type, companies must take a closer look at target user groups to determine each segment's specific data access needs. Some users might need resident data on their devices, while others who are likely to have connectivity all the time can manage with cloud-based data. Understanding each group's specific needs will help determine the type of technology approaches possible.

App Procurement
Once app type and data access requirements are well understood, companies need to explore app procurement. For some, the only way to get exactly what is needed is to build a custom app or have one built for them. However, hundreds of thousands of apps are already available for the most popular mobile operating systems and, in many instances, the perfect app likely already exists.

Keep App and Data Security Top of Mind
The Symantec survey referenced earlier also found that the innovative companies who are leading the way in mobility adoption also experience about twice as many mobile security-related incidents, such as loss of corporate data. This leads to a second question enterprises must ask, "How do we keep our sensitive data safe in a mobile world?"

From a high level, there are really two approaches to keeping business data on mobile devices secure. The first is protecting data at the device level and the second is protecting it at the app level.

Device Level Data Protection
Data protection on mobile devices at the device level largely involves mobile device management (MDM) software. MDM provides business IT with control over complete devices and, as such, policies can ensure devices are password-protected and also provide the ability to remotely lock or wipe devices in the event of a loss or theft and even prevent the forwarding of emails.

However, MDM cannot address other data loss-related concerns such as copy and pasting of sensitive information or, more important, protecting corporate data in applications beyond the email client.

Thus, the device level approach creates an environment where it becomes far too easy for sensitive data to mingle with personal apps and leak out through, for example, a web-based email account, social networking application or personal cloud storage. This can all occur without IT ever knowing.

App Level Data Protection
The next logical area where enterprises can implement and enforce policies to keep data on mobile devices secure is at the app level. The previous iterations of this approach involved sandboxing technologies, where corporate data on mobile devices is held in an established digital container on devices, and data flow from the sandbox or container is controlled. This approach prevents the confluence of personal and corporate data, the ability to copy and paste data accessed from within the sandbox to other areas on the device, and unauthorized email forwards from within the sandbox.

This sandbox approach worked well when email was the only app businesses wanted to mobilize. However, as companies re-imagine their businesses with a focus on mobility, this approach falls short. Any corporate app that needs protection has to be built in or modified to fit into the sandbox. With the diversity of apps available, this approach is very limiting and even the early proponents of this technology are moving on to other strategies.

One of these strategies is mobile application management (MAM), which addresses the limitations of sandboxes while still meeting corporate security needs. MAM technology allows companies to wrap their corporate apps and the data tied to them in their own security and management layers. This gives enterprises complete control of their apps and data while leaving user-owned information untouched. In contrast to the legacy sandboxing approach, it does this without any additional overhead, either from affecting device usage or source code modifications.

With MAM, controls such as authentication, encryption, data loss prevention and expiration - apps and data can be manually expired or set to automatically remove themselves from devices based on perimeters established by administrators - can all be applied to corporate apps and other resources on otherwise unmanaged, user-owned devices. In this way, complete end-to-end visibility and control over where sensitive data is flowing - regardless of what mobile application or service is being used to traffic the data - can be achieved and, just as important, maintained.

In addition, MAM allows multiple corporate apps to securely communicate with each other and for data traffic segregation, so all traffic from corporate apps can be routed through the corporate network while the personal traffic is left unmonitored.

It is important to note, however, that MAM as a term is being used loosely within the industry. Different technology vendors use it to describe different things. Some refer to app distribution functionality as MAM and still others refer to simple app blocking as MAM.

From an enterprise perspective, however, MAM should be more than that. More than simply distributing the right apps and blocking the wrong ones, MAM is about protecting the corporate apps and data on mobile devices by taking management from a device level to an application level. It is the most effective tool for separating corporate data from personal data to make safe, effective BYOD policies possible.

Re-imagining business for a mobile world, while not without its growing pains, can be a fairly straightforward process. However, to re-imagine business for a mobile world confidently, MAM should be a part of every discussion.

More Stories By Swarna Podila

Swarna Podila serves as a senior manager with the Enterprise Mobility Group at Symantec, responsible for the messaging, positioning, go-to-market strategy and overall evangelism of mobile security and management products and services. In her role, she focuses on the enterprise routes to market, messaging the solutions for on-premise and cloud deployments. At Symantec, Podila has promoted the idea of user-centric and information-centric view and anytime, anywhere productivity.

Prior to Symantec, Podila served a product marketing consultant at Citrix. There she was responsible for the messaging and launching of the company’s networking products. Prior to Citrix, she worked at a software startup and was responsible for their transition from stealth mode to a mid-sized company. She was responsible for product messaging, identifying routes to market and sales enablement. With over 10 years experience in the IT industry, Podila has held a number of roles in product strategy, marketing and engineering. She has an undergraduate degree in Electronics and Communications Engineering and an MBA from Santa Clara University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
Enterprise IoT is an exciting and chaotic space with a lot of potential to transform how the enterprise resources are managed. In his session at @ThingsExpo, Hari Srinivasan, Sr Product Manager at Cisco, will describe the challenges in enabling mass adoption of IoT, and share perspectives and insights on architectures/standards/protocols that are necessary to build a healthy ecosystem and lay the foundation to for a wide variety of exciting IoT use cases in the years to come.
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
SYS-CON Events announced today that B2Cloud, a provider of enterprise resource planning software, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. B2cloud develops the software you need. They have the ideal tools to help you work with your clients. B2Cloud’s main solutions include AGIS – ERP, CLOHC, AGIS – Invoice, and IZUM
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and easy to use. MangoApps has been named a "Market Leader" by Ovum Research and a "Cool Vendor" by Gartner...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on Twitter at @MicroservicesE
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immediate and actionable interpretation of events as they happen. Another aspect concerns how to deliver ...
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, discussed how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons. In the IoT vision, every new "thing" - sensor, actuator, data source, data con...
The Internet of Things is not new. Historically, smart businesses have used its basic concept of leveraging data to drive better decision making and have capitalized on those insights to realize additional revenue opportunities. So, what has changed to make the Internet of Things one of the hottest topics in tech? In his session at @ThingsExpo, Chris Gray, Director, Embedded and Internet of Things, discussed the underlying factors that are driving the economics of intelligent systems. Discover how hardware commoditization, the ubiquitous nature of connectivity, and the emergence of Big Data a...
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Raspberry Pi, BeagleBone, Spark and Intel Edison. You will also get an overview of cloud technologies s...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
As we approach the next @ThingsExpo, to be held June 9-11 at the Javits Center in New York, my thoughts naturally turn to the Internet of Things. The IoT is a leviathan—in the best possible sense of the term—that will sweep up most everything in the ocean of data and technology being created today and tomorrow. But rather than try to grasp all of its possible uses, for today I'm looking at “just” the Industrial Internet part. I just read a long paper co-authored by Tim Berners-Lee about the possibility of describing a “web science,” that is, discipline that combines the study involved ...
Chuck Piluso will present a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Speaker Bio: Prior to Data Storage Corporation (DSC), Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Telecommunications Corporation, a facilities-based international carrier licensed by t...
There are lots of challenges in IoT around secure, scalable and business friendly infrastructure for enterprises. For large corporations, IoT implementations are one of the top priorities of the decade. All industries are seeing a competitive need to sustain by investing in IoT initiatives. The value addition comes from improved customer service, innovative product and additional revenue streams. The data from these IP-connected devices can be leveraged for a variety of business applications as well as responsive action controls. The various architectural building blocks of an IoT ...
The WebRTC Summit 2015 New York, to be held June 9-11, 2015, at the Javits Center in New York, NY, announces that its Call for Papers is open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 16th International Cloud Expo, @ThingsExpo, Big Data Expo, and DevOps Summit.
Recent technology advances in miniaturization has positioned the wearables as the pinnacle of technology convergence with the human body. We inquire if wearables are mere standard miniaturized devices extended with the connectivity and present our views on considerations like design, applications, performance, efficiency, interoperability, usage scenarios, human device interaction and consequent trade-offs enabling wearables to impart optimal value.
In this session we look at creating interactive communications via the web by adding messaging, file transfer, and group communication (group chat and audio/video conferencing) into the web experience. We will also discuss potential applications of this technology in areas including B2B, B2C, P2P, and gaming. Peter is Technical Director at Acision. He graduated from The University of Edinburgh in 2000 with a BSc (Hons) in Computer Science. After graduation Peter worked on a PSTN switch developing signalling stacks for SS7, ISDN and similar protocols and creating advanced routing and serv...
The Internet of Things Maturity Model (IoTMM) is a qualitative method to gauge the growth and increasing impact of IoT capabilities in an IT environment from both a business and technology perspective. In his session at @ThingsExpo, Tony Shan will first scan the IoT landscape and investigate the major challenges and barriers. The key areas of consideration are identified to get started with IoT journey. He will then pinpoint the need of a tool for effective IoT adoption and implementation, which leads to IoTMM in which five maturity levels are defined: Advanced, Dynamic, Optimized, Primitive,...
SYS-CON Events announced today that AIC, a leading provider of OEM/ODM server and storage solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. AIC is a leading provider of both standard OTS, off-the-shelf, and OEM/ODM server and storage solutions. With expert in-house design capabilities, validation, manufacturing and production, AIC's broad selection of products are highly flexible and are configurable to any form factor or custom configuration. AIC leads the industry with nearly 20 years of ...