Computerworld

4 Mobile Security Predictions to Help CIOs Plan for the Future

Few things can keep CIOs up at night these days like mobility, particularly bring your own device (BYOD). After all, mobile, consumerization of IT and bring-your-own-device (BYOD) are turning enterprise security models on their heads. Privacy implications--let alone the potential for data loss and data leakage--are enough to make a CIO break out in a cold sweat.

Both hope and new challenges both are on the way, says Forrester Research Analyst Chenxi Wang, Ph.D., who has identified four trends that she says she believes will affect the future of consumer- and enterprise-facing mobile security.

"These trends paint a picture of seamless, smart-device security capabilities that are embedded in increasingly sophisticated mobile-cloud services, as well as those that are able to integrate with business models enabled by pervasive mobility," she says.

The majority of organizations are already wrestling with the implications of BYOD, says Wang. According to Forrester's Forrsights Workforce Employee Survey, Q4 2012, 70 percent of organizations have adopted some form of BYOD program, and 62 percent of people who use a smartphone for work and 56 percent of those who use a tablet for work purchased those devices themselves.

Mobile Prediction 1: Personal Devices Will Become the Norm

While BYOD has largely been a smartphone and tablet story, Wang predicts that will begin to change in 2013 and beyond. Currently, 39 percent of laptops used for work are owned by an employee while 47 percent are owned by the company.

"However, more and more personally owned laptops are entering the work environment as IT organizations become more flexible with the BYOD culture," Wang says. "For 2013, we see the BYOD trend expanding to include not only post-PC devices but personally owned computers."

As personally owned devices become a common fixture in the enterprise, Wang says IT organizations will have to act rather than react. The demand for more mobile access to company resources and data will have three consequences.

"IT will need to make investments to expand remote access to corporate content and data that traditionally live behind the firewall, including investments in wireless infrastructure, wireless services and mobile security measures," she says.

"Organizations will need to reevaluate their application architectures to include more SaaS and more platform-agnostic applications, which will bring about a significant shift in how organizations acquire applications; the days of on-premises client/server deployments are fading and the days of cloud-hosted, service-driven deployments are ascending.

Organizations will need to reduce spending on wired/fixed communication services while they increase investments in wireless hardware and services."

Mobile Prediction 2: Seamless, On-Demand Mobile 'Virtualization' Will Overtake MDM

Many organizations that embrace (or at least accept) BYOD have turned to mobile device management (MDM) technologies to help them enforce corporate policies on users' devices. But MDM is often considered a heavy-handed approach, and Wang says more and more IT professionals just don't want to manage employee-owned devices.

This has resulted in the rise of mobile VDI, containers, app wrapping and device virtualization as alternative methods to segregate personal data from corporate data on a personally owned device. The downside, of course, is that these methods often adversely affect the user experience, creating a barrier to adoption. But advances in mobile virtualization technology are likely to turn that around in 2013.

"In 2012, we started to see glimpses of technologies that could eventually lead to seamless "mobile virtualization" wherein policy-based control over corporate apps (and consequently content and data) is enforced on-demand and with little interference to user experience," Wang says. "Some examples include VMware's device virtualization technology and exciting options from innovators such as Enterproid and MobileSpaces."

Wang says that these technologies remain at an early stage today, but show great potential to completely change how enterprises approach mobility if they can fulfill their promise to dynamically insert policies in flight without changing the app first.

"Key to making mobile virtualization work are whole-app workflows and mashups that are easily controllable," she says. "We're excited to see technologies that extend policy controls to an entire workflow of apps, so that any app invoked by the corporate app is treated with the same policy, as opposed to wrapping and containing a standalone app. This capability will help preserve user experience and further enable mobilization of enterprise resources. Ultimately, technology innovations in this area may render BYOD a nonissue."

Mobile Prediction 3: HTML5 Enterprise Apps Will Proliferate

Wang says that HTML5 apps, rather than native apps, will become the preferred way of delivering enterprise apps. The argument goes like this: Efforts by the U.S. Federal Communication Commission (FCC) to free up additional wireless spectrum will begin to bear fruit in late 2013. That means cheaper and more reliable connectivity. As connectivity becomes more pervasive, Wang says online rather than offline communications models will become the norm.

"This paves the way for more HTML5 deliveries," Wang says. "HTML5 applications are attractive for a number of reasons, the chief being simpler and cheaper development and maintenance costs. Native apps will still take the spotlight in the consumer market, but for enterprise apps, we will see an acceleration of HTML5 development efforts in 2013 and beyond."

In turn, that means enterprise apps will increasingly move from the device to the cloud, Wang says.

"This represents a tangible way enterprise application portfolios will change from the predominantly client/server model to platform-independent SaaS delivery," Wang says. "In the near term, enterprises will increase spending on cloud-hosted and -delivered applications. As a result, mobile browsers will increasingly become a critical control point on the device; we believe 2013 will bring innovations in secure mobile browser technologies to deliver much-needed controls for security and privacy on the device."

However, she says that getting those secure browsers onto devices will prove a challenge--one that organizations with enterprise app stores may face with more aplomb than those without.

Prediction 4: Identity-based Mobile Services Will Put Privacy in the Spotlight

Mobile devices are enabling new and potentially powerful business models that draw upon a user's preferences and activity history. But the nature of the devices makes it easier than ever before to connect one's actual identity with one's digital presence. This is not without its consequences. Mobile data collection will become ever more pervasive, Wang says, and there may well be a backlash.

"If we're not careful, the number of devices and sensors around us could soon bring about user activity monitoring 24x7--something akin to an Orwellian world," Wang says. "Privacy advocates have long voiced concerns about the lack of clear regulatory controls over consumer mobile data. The privacy regulatory landscape is not expected to change drastically in 2013, and the increased business pressure to collect mobile data, coupled with the lack of industry standards and regulatory controls, suggests that the risk of abuse is high. Few have grasped the full implications of mobile privacy and what is yet to come in the brave new world of mobile and smart environments."

She notes that it's unlikely regulators will move to tighten laws and regulations on user privacy in the mobile ecosystem in the short term, but consumers themselves will increase their awareness of mobile and big data privacy.

"2013 will see an increasing number of mobile services built on real-time user analytics, enabling innovative business models," she says. "The year will likely bring high-profile litigation cases on mobile privacy, and court decisions will set precedence and influence the privacy debate."

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Thor at tolavsrud@cio.com