Mobile Security Gets The Spotlight At Interop

Though there were many hot topics at last week's Interop show in Las Vegas, mobility security took center stage in several breakout sessions. This was my second year at the show, and I simply don't recall such a focus in 2010.

It's good that the issue is rising to the surface because organizations must succinctly define how securing mobile devices and the data therein will be handled both strategically and tactically. Infonetics Research recently provided me with some interesting data points on the estimated growth of mobile platforms from now through 2015. Its research postulates that tablet sales will grow 10-fold and netbook sales will grow fivefold to a combined revenue of about $12 billion. Smartphones are growing at a 17%-a-year clip, with Android, Research In Motion, and Apple being the leaders in that order. Thus it's easy to understand that personal computing is greatly affecting enterprise computing as these devices bridge the two.

In addition to the InformationWeek Analytics presentation I did with Mike Davis titled “How IT Makes A Difference To The Midmarket Company: Mobility & Security,” there were at least five other sessions dedicated to mobility security. Though I didn't attend all of them, the session titled “Mac, iPhone, iPad: New Threats” was jam-packed. Technologists are clearly trying to deal with the onslaught of new form factors and operating systems.

On the vendor floor, it was mostly the large vendors that had the resources to talk about the problem and how they help IT handle it. Ones that come to mind are Cisco, Juniper, and McAfee. With the exception of smaller players such as AirWatch and Good Technology, no other niche-player mobile device management vendors displayed at the show. Perhaps this is because BlackBerry World took place the week before Interop. My take on all this is that the bigger players are not on the cutting edge because it's not their core focus. Those I've talked to are focused on device management and malware detection, which is good but perhaps not enough.

In contrast, I've recently had a chance to explore the specialist companies, including AirWatch, BoxTone, Good, MobileIron, and Zenprise. These companies provide device management across an array of platforms, and to varying levels they generally deliver sophisticated provisioning and management services. But the new cutting edge is mobile application security, meaning how do we as an organization ensure that an app's data is secure in transit to the back end and at rest on a device, and how do we ensure that we can wipe that application only--in lieu of wiping the entire phone--should it be deemed necessary?

So when evaluating mobile device management platforms and picking a winner, in addition to financial viability, consider these things: First, does the vendor support the platforms that have major consumer appeal? Consumers are driving enterprise adoption, not the other way around. Second, does the vendor provide the granular device controls you want above and beyond Microsoft's ActiveSync (assuming you use Exchange, which most of us do)? Third, what's the vendor doing in the application security space?

As an organization, it's imperative to form a cross-functional mobility council comprising networking people, app developers, and representative knowledge workers for the purpose of creating the enterprise mobility strategy. The council should consider questions such as these: How will we use these devices? What's the separation between personal and business use? How will they be secured? Who pays for them? How will their use give us a competitive edge or improve employee satisfaction? It's important to define this strategy up front so that once the framework is senior management approved--and it needs to be--the tactical steps to making it work can be employed.

Mobility security is simultaneously fascinating and confusing. It's fascinating because development is in hyperdrive, all leading back to neato devices, and confusing because with so many vendors claiming many things, it becomes hard to figure out which horse to bet on. Regardless, IT organizations must get their start by defining what will be permitted.