Why is it so difficult to use your tablet for work?
Why corporations are cautious of Bring your own device (BYOD)?
Financial and tele-communications sector has moderate level of BYOD adoption. Utilities, logistics and the sales teams for CPG are showing the strongest demand. These are industries with field force people and mobility applications are widely leveraged for their day to day jobs. For other sectors the adoption is limited to active directory based E-mail, Contacts and Calendar Synchronization. Some of our customers are restricting the support to a specific job function, or a role (exs. Exempt full time employees, BYOD support beyond a certain level). Even on enterprise issued devices, use of VPN is mostly enforced when accessing internal systems and architectural reviews are strongly looking into security and vulnerabilities in app and data on device. So with personal devices, some of our clients are still leveraging virtual desktop to access enterprise apps.
Some of these customers are seeing a need to deploy more enterprise apps on personal devices but still the adoption is very low. This cannot be viewed as a conservative approach, considering the huge number of cyber-attacks and flaws in mobile platforms. We have already heard an epic flaw from Apple in Feb (1) , with two new security flaws reported in April (2) and May (3). Android is still viewed with suspicion, due to the open source nature that increases the attacks and malware on this platform. McAfee collected 2.47 million samples of new mobile malware last year with 744,000 being picked up in the fourth quarter alone. This is a 197 percent increase over 2012 (4).
How are our customers addressing the security concerns?
Some of our customers have been very successful in implementing mobility across the enterprise. Let us look some of the steps taken by these customers.
Address security during the application development lifecycle
Application code level security and security analysis are done at various stages of the software lifecycle.
Security aspects are validated on apps manually or using testing tools like AppScan. Code audits are conducted to ensure that the specific compliance needs are addressed.
Distribution of Apps
Customers are using secure ways for app distribution and management. They are avoiding dependency on public app store and leveraging enterprise app stores.
Device management and policies
Devices are password protected and managed by MDM. Secure device registration and management. Enterprises also control the distribution by forcing user to enroll their device. Policies are enforced to reset password periodically.
Some of the customers disable iCloud access, so that enterprise data is not synced with iCloud where enterprise has no control. Most of our customers who have implemented BYOD have the ability to remotely wipe clean device and take appropriate action if device reported lost/stolen. Field force productivity applications are critically assessed for application level security generally like native encryption, on device and over the wire.
Adoption on Mobile device/App Management (MDM/MAM) products
MDM / MAM is already a key focus area for enterprises. SAP Afaria, MobileIron and AirWatch are some of the prominent tools used by our clients. We have worked with several of our customers to extend the security framework used in the organization in conjunction with the capabilities of the MDM platform there by managing different manifestations of mobile applications and devices.
Following a comprehensive mobile security strategy helps adoption of mobility across the enterprise. It is critical for the IT organizations to embark on this journey now so that they don't get left behind and become reactive to the demand and pressure from business. The role of an experienced IT partner becomes very critical to ensure a successful implementation of mobility and BYOD across the enterprise.
This blog is posted on behalf of N. Manoj, Senior Practice Engagement Manager, Mobility Unit, Infosys.