4 Mobile Security Predictions to Help CIOs Plan for the Future

Few things can keep CIOs up at night these days like mobility, particularly bring your own device (BYOD). After all, mobile, consumerization of IT and bring-your-own-device (BYOD) are turning enterprise security models on their heads. Privacy implications--let alone the potential for data loss and data leakage--are enough to make a CIO break out in a cold sweat.

Both hope and new challenges both are on the way, says Forrester Research Analyst Chenxi Wang, Ph.D., who has identified four trends that she says she believes will affect the future of consumer- and enterprise-facing mobile security.

"These trends paint a picture of seamless, smart-device security capabilities that are embedded in increasingly sophisticated mobile-cloud services, as well as those that are able to integrate with business models enabled by pervasive mobility," she says.

The majority of organizations are already wrestling with the implications of BYOD, says Wang. According to Forrester's Forrsights Workforce Employee Survey, Q4 2012, 70 percent of organizations have adopted some form of BYOD program, and 62 percent of people who use a smartphone for work and 56 percent of those who use a tablet for work purchased those devices themselves.

Mobile Prediction 1: Personal Devices Will Become the Norm

While BYOD has largely been a smartphone and tablet story, Wang predicts that will begin to change in 2013 and beyond. Currently, 39 percent of laptops used for work are owned by an employee while 47 percent are owned by the company.

"However, more and more personally owned laptops are entering the work environment as IT organizations become more flexible with the BYOD culture," Wang says. "For 2013, we see the BYOD trend expanding to include not only post-PC devices but personally owned computers."

As personally owned devices become a common fixture in the enterprise, Wang says IT organizations will have to act rather than react. The demand for more mobile access to company resources and data will have three consequences.

"IT will need to make investments to expand remote access to corporate content and data that traditionally live behind the firewall, including investments in wireless infrastructure, wireless services and mobile security measures," she says.

"Organizations will need to reevaluate their application architectures to include more SaaS and more platform-agnostic applications, which will bring about a significant shift in how organizations acquire applications; the days of on-premises client/server deployments are fading and the days of cloud-hosted, service-driven deployments are ascending.

Organizations will need to reduce spending on wired/fixed communication services while they increase investments in wireless hardware and services."

Mobile Prediction 2: Seamless, On-Demand Mobile 'Virtualization' Will Overtake MDM

Many organizations that embrace (or at least accept) BYOD have turned to mobile device management (MDM) technologies to help them enforce corporate policies on users' devices. But MDM is often considered a heavy-handed approach, and Wang says more and more IT professionals just don't want to manage employee-owned devices.

This has resulted in the rise of mobile VDI, containers, app wrapping and device virtualization as alternative methods to segregate personal data from corporate data on a personally owned device. The downside, of course, is that these methods often adversely affect the user experience, creating a barrier to adoption. But advances in mobile virtualization technology are likely to turn that around in 2013.

"In 2012, we started to see glimpses of technologies that could eventually lead to seamless "mobile virtualization" wherein policy-based control over corporate apps (and consequently content and data) is enforced on-demand and with little interference to user experience," Wang says. "Some examples include VMware's device virtualization technology and exciting options from innovators such as Enterproid and MobileSpaces."

Wang says that these technologies remain at an early stage today, but show great potential to completely change how enterprises approach mobility if they can fulfill their promise to dynamically insert policies in flight without changing the app first.

"Key to making mobile virtualization work are whole-app workflows and mashups that are easily controllable," she says. "We're excited to see technologies that extend policy controls to an entire workflow of apps, so that any app invoked by the corporate app is treated with the same policy, as opposed to wrapping and containing a standalone app. This capability will help preserve user experience and further enable mobilization of enterprise resources. Ultimately, technology innovations in this area may render BYOD a nonissue."

Mobile Prediction 3: HTML5 Enterprise Apps Will Proliferate

Wang says that HTML5 apps, rather than native apps, will become the preferred way of delivering enterprise apps. The argument goes like this: Efforts by the U.S. Federal Communication Commission (FCC) to free up additional wireless spectrum will begin to bear fruit in late 2013. That means cheaper and more reliable connectivity. As connectivity becomes more pervasive, Wang says online rather than offline communications models will become the norm.

"This paves the way for more HTML5 deliveries," Wang says. "HTML5 applications are attractive for a number of reasons, the chief being simpler and cheaper development and maintenance costs. Native apps will still take the spotlight in the consumer market, but for enterprise apps, we will see an acceleration of HTML5 development efforts in 2013 and beyond."

In turn, that means enterprise apps will increasingly move from the device to the cloud, Wang says.

"This represents a tangible way enterprise application portfolios will change from the predominantly client/server model to platform-independent SaaS delivery," Wang says. "In the near term, enterprises will increase spending on cloud-hosted and -delivered applications. As a result, mobile browsers will increasingly become a critical control point on the device; we believe 2013 will bring innovations in secure mobile browser technologies to deliver much-needed controls for security and privacy on the device."

However, she says that getting those secure browsers onto devices will prove a challenge--one that organizations with enterprise app stores may face with more aplomb than those without.

Prediction 4: Identity-based Mobile Services Will Put Privacy in the Spotlight

Mobile devices are enabling new and potentially powerful business models that draw upon a user's preferences and activity history. But the nature of the devices makes it easier than ever before to connect one's actual identity with one's digital presence. This is not without its consequences. Mobile data collection will become ever more pervasive, Wang says, and there may well be a backlash.

"If we're not careful, the number of devices and sensors around us could soon bring about user activity monitoring 24x7--something akin to an Orwellian world," Wang says. "Privacy advocates have long voiced concerns about the lack of clear regulatory controls over consumer mobile data. The privacy regulatory landscape is not expected to change drastically in 2013, and the increased business pressure to collect mobile data, coupled with the lack of industry standards and regulatory controls, suggests that the risk of abuse is high. Few have grasped the full implications of mobile privacy and what is yet to come in the brave new world of mobile and smart environments."

She notes that it's unlikely regulators will move to tighten laws and regulations on user privacy in the mobile ecosystem in the short term, but consumers themselves will increase their awareness of mobile and big data privacy.

"2013 will see an increasing number of mobile services built on real-time user analytics, enabling innovative business models," she says. "The year will likely bring high-profile litigation cases on mobile privacy, and court decisions will set precedence and influence the privacy debate."

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Thor at tolavsrud@cio.com

Join the CSO newsletter!

Error: Please check your email address.

Tags forrestersecuritymobile securityForrester ResearchCIO

More about FacebookFCCForrester ResearchGoogleIT SecurityMicrosoftVMware AustraliaWang

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts