Four to five years ago, employees’ tendency to toggle between their private and professional lives on smartphones, laptops and tablets began to raise red flags for security reasons. Hitesh Sheth, then chief operating officer of enterprise wireless company Aruba Networks, asked his big-bank customers if they needed help controlling business dealings on personal devices.
The burgeoning of what became known as BYOD — bring your own device — was “not an issue,” recalls Sheth, now president and CEO of Silicon Valley cybersecurity company Vectra Networks. “They just wouldn’t allow BYOD.”
Just saying no was a perfect, no-risk solution. It was also folly. The march of technology and the preferences of an increasingly hyper-connected workforce would not be denied. Although there are still pockets of resistance, the trend is clearly toward accommodation. And in the process, BYOD and mobile platforms in general, not least Apple’s iOS 8 operating system and iPhone 6, have had more security built in than many corporate decision makers may realize or care to admit.
Mobile technology advances have brought about the once-unfathomable prospect that wireless security is at least on a par with traditional computing and networking systems — the very ones currently fending off an unprecedented wave of cyberattacks.
“Mobile is as secure as, if not stronger than, other forms of payments or processing,” asserts Carl Herberger, who keeps a close watch on the cyberthreat landscape as vice president of security solutions for application security company Radware in Mahwah, New Jersey. “There will always be breaches, and they would be expected to affect mobile. The real question is, can it be relied on as time goes on?”
The enabling technology is being built to last — to support the mobile-first strategies that large business and governmental organizations are executing, says John Aisien, senior vice president of marketing and corporate development at San Francisco–based mobile-enterprise platform provider Mocana. He cites “pricing optimization for retail, inventory management in packaged goods and risk management in an investment firm” as current examples of highly secure, easy-to-access remote apps that point the way toward “mobile ultimately being the primary platform for executing business processes.”
Perhaps no higher compliment could be paid to today’s mobile security than complaints from high-ranking intelligence and law enforcement officials, reported September 26 by the New York Times, that encrypted data in the iPhone 6 would take too long to decipher in the event of a criminal or national security emergency.
Policy concerns aside, Apple’s iOS 8, the new iPhone and the wireless Apple Pay service incorporate privacy protection and user authentication not seen in earlier consumer products and have galvanized the mobile technology community. Vectra Networks’ Sheth hails them as “a huge catalyst for enhancing the digital economy.” Mocana’s Aisien says they are the latest demonstrations of “Apple’s genius” in simplifying and streamlining previously unperfected inventions.
Not everything is solved, by any means. Chirag Bakshi, founder and CEO of Zumigo, a San Jose, California, transaction security company, points out that gaps in infrastructure need to be addressed. Investments to fix weak links in the security chain, such as point-of-sale terminals accepting Apple Pay transactions, do not happen automatically.
A Vectra survey this year of 1,100 IT security practitioners showed lingering wariness of enterprise risks: Only 24 percent of organizations had fully deployed BYOD, 40 percent reported wide use of company-owned devices, 31 percent had BYOD “under evaluation,” and 24 percent had no mobile device policy in place. Of those allowing BYOD, 87 percent supported smartphones; 79 percent, laptops; and 68 percent, tablets.
What explains the apparent lag in understanding and embracing how far mobile security has come? “People perceive phones as being easier to lose than PCs,” says Bakshi of Zumigo. “That contributes to a mind-set that mobile is less secure.” Fundamentally, he notes, mobile is “no more or less risky” than other modes of online access. “In fact, mobile phones have advantages — if the right technology is employed,” he adds.
Sheth is concerned that another necessary mind-set in executive ranks — a cybersecurity posture that assumes breaches have occurred and stresses targeted reaction and remediation — has not yet fully taken hold and must be extended to the mobile realm. “That would definitely mitigate these risks,” he says, and ensure that firms can “embrace innovation and be adequately protected.” • •
