With Nokia, Microsoft has missing pieces to attack mobile enterprise

With its $7.2 billion agreement to buy Nokia's handset business, Microsoft is in a position to surpass Apple and Android smartphone makers in providing an enterprise-class mobile platform, experts say.

However, whether Microsoft is successful after it takes control of Nokia's assets, expected early next year, will depend on how well the tech company can integrate its mobile hardware and software with the Windows infrastructure already found in most large companies.

"They're already in there. It's just that they have to be able to extend it into the mobile world," said Stacy Crook, an analyst with IDC. Ã'Â

Gartner analyst Lawrence Pingree saidÃ'Â Microsoft could certainly make security a standout feature for smartphones running the Windows Phone operating system. Once the company has control over the hardware, Microsoft could choose to work with Intel in integrating security at the chip level, which could help boost business sales, he said.

"When enterprises come [into a sales meeting], they often come in from a security perspective on mobile devices," Pingree said.

At one time, the BlackBerry set the standard for security in mobile phones, which drove business sales for years. Now that BlackBerry has been cast aside because of the popularity of smartphones running Google Android and Apple iOS, Microsoft has an opportunity to fill the security gap.

Even before the Nokia deal, Microsoft was heading in that direction. In July, the company released a feature pack for Windows Phone 8 that included technology for signing and encrypting email, automated triggering of virtual private networks at the app level, and certificate management to enroll, update and revoke certificates for user authentication.

At the integration level, Microsoft has an advantage with ActiveSync, an app it released in 1996 to synchronize data between mobile devices and desktop computers.

"Most enterprises have already adopted ActiveSync as a key component of [mobile device management] and security, so Microsoft has a natural advantage there with Windows Phone," said analyst Jack Gold of J. Gold Associates.

While Microsoft has a lot of pieces for building an enterprise-class mobile platform, a major security problem Microsoft and other mobile platform makers have yet to solve is in locking down apps.

"It's one thing to have a secure OS, but another to improve the credibility of their apps, which is one of the biggest problems right now," said Peter Byee, founder and chief executive of Security On-Demand.

Apple's tight approval process for iPhone app development is too restrictive for many businesses, while Android's openness makes controlling security difficult, Bybee said. Therefore, Microsoft is in a position to find the middle ground.

For example, the company could develop a certification process that ensures developers are writing secure code, thus making it more difficult to create malicious apps, Bybee said. In addition, Microsoft could come up with a better way to manage or limit the permissions apps get for accessing personal data and phone resources.

"That would be a big step in protecting their users," he said.

While Microsoft has a lot of technology to leverage in business, its tallest hurdle remains convincing consumers that they should buy devices running Windows Phone instead of the Apple iPhone and Android smartphones. In the second quarter, Windows Phone had only 3.3% of the global smartphone market, compared with 79% for Android and 14.2% for Apple's iOS.

[In depth: Which smartphone is the most secure?]

Unlike businesses, consumers do not have to worry about integrating their smartphones with office applications behind a firewall. Instead, security is mostly seen in terms of passwords and protecting personal data, not encryption and networks.

Cracking the consumer market is important, because people often use their smartphones to access corporate networks, which oftentimes forces their employers to accommodate the devices.

"The implosion of BlackBerry leaves an opportunity for a provider with great security to step in and fill high-end enterprise needs -- but unless the provider has a great consumer device first it isn't going to have a chance," said Gartner analyst David Cearley.

Because of Microsoft's minor position in the smartphone market, it has a better chance initially to grow much faster in the tablet market. People are more willing to let their companies buy the tablets for them, because the devices are much more expensive than smartphones. Carriers usually subsidize the latter in return for customers signing a two-year contract.

In cases where the company is buying the device, IT departments will have more of a say in the product purchased and how it is used.

"Users have a voice, but a much smaller one than with phones," Gold said. "So if IT is inclined to stay with the same corporate apps, on the same OS they know for desktops and laptops, Windows tablets have an advantage."

Nevertheless, rivals would be unwise to sell Microsoft short in the smartphone market.

"They have a real shot as there is still strong affinity for the Windows brand, and they can ensure tight integration with core services on the back-end," said Tyler Lessard, chief marketing officer for mobile security company Fixmo. "Windows isn't going anywhere."

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsData Protection | WirelessBlackberryAppleGartnerconsumer electronicsIDCGoogleMicrosoftsecuritymobile securitysmartphonesNokiasoftwareinteldata protectionWindows Phonemobile phone security

More about AppleBlackBerryGartnerGoogleIDC AustraliaIntelMicrosoftNokia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts