Looking to the year ahead, I see a number of signs that indicate a shift in the ways that organisations approach mobile security. Traditional measures are giving way to new thinking, the laissez-faire attitudes towards Bring-Your-Own-Device (BYOD) are melting away, and concerns about mobile threats are driving the need for stronger security measures.
1. Death of Proprietary Containers On Mobile Devices
There was a time when the proprietary containers approach for managing company data was the only game in town. Companies deployed this technology because it delivered what they wanted for security by creating partitions for the data, but it drastically changed the user experience and in the process alienated the end user. Talk to end users about what they think, and you'll find that most of them aren't happy.
What's the solution? We're seeing far more elegant approaches to manage data coming from the operating system vendors. iOS 7 introduced an elegant method of managing business apps and data. Samsung Knox brought app and data management back to the function delivered by the operating system platform vendor, and the introduction of Android Lollipop continues down this same path. In 2015, I expect to see that proprietary approaches are going to disappear, with the market evolving to deliver enterprise management over security functions native to the mobile platform.
2. Mobile Malware Will be a Slow Burn
There is clearly a gap between what we see in security research in terms of evolving techniques in mobile malware and the general public's understandingof the threat model. Mobile malware has not had the massive infection rate that desktops had in the past, so is it still problem?
I don't think mobile malware is going down that road. There may never be an outbreak of mobile malware at the same infection rate as some of the Windows viruses of the past. That's because that play is dead. Blowing up millions of computers is pure 1999. Today, malware on the PC is highly targeted, because it's too easy to find if everyone, including the malware researchers, has a copy of it. Instead of trying to infect thousands of computers, the attackers only need to find one victim.
Mobile malware is always going to be in lower in numbers, and 2015 will be no different. But finding it is very difficult if you don't have the capabilities to prevent or detect it, especially with all of the BYOD devices running on networks. And furthermore, when you do find infected devices, the malware packs a much stronger punch. There are far more resources (in addition to the data, there's always a network connection, access to out-of-band communication such as SMS for command & control, location data, and recording capabilities) to make the malware more potent than what you see on PCs.
Sign up for CIO Asia eNewsletters.