It was a watershed year for mobile malware, with many high-profile organizations beinghacked. To continue our series on 2014 predictions, we asked our mobility experts for their thoughts on key mobile security topics we think you’ll be hearing more about in the new year.
1. The Mobile OS Ecosystem is Too Big for Patchwork Protection
Many in the security industry cut their teeth on securing Windows-based devices, and it’s logical that they would make assumptions about how to secure iOS and Android devices based on their experiences securing Windows.
But the mobile ecosystem is much more complicated and far-reaching than Windows. Too much of what’s being described as mobile security is based on buying add-ons for different devices running different operating systems – a scattershot model doomed to fail. Rather than focus on securing individual devices, organizations need to look for security solutions thatextend next-generation firewall policies across the full range of mobility use cases, independent of OS.
2. Mobile Security Issues Turn Security Admins’ Attention Outside the Firewall
Still too many “mobile security” solutions protect a user’s mobile device while they’re behind the corporate firewall but don’t enforce mobile security policy when users are outside it – an increasingly shortsighted approach. Facebook was hacked earlier this year, for example, when employees connected to a mobile developer’s compromised website, downloaded malware and then introduced it to Facebook’s internal servers when they were back behind the firewall. Expect to hear similar stories in 2014, and hopefully a shifting debate on how to solve these challenges.
3. “Lock it Down” Just Won’t Play
Many organizations still take a “lock it down” approach to mobile security and have put policies into effect that are so strict they eliminate the productivity and flexibility benefits of BYOD. But the mushrooming popularity of smartphones and tablets means users will find a way to use them on networks whether admins like it or not. In 2014, a majority of organizations will finally turn away from the “lock it down” approach in favor of a mobile security model that gives users some breathing room while preserving the secure enterprise network.
For more on current mobile security topics, check out Brian Tokuyoshi’s ongoing mobility series.