If you want to get some insight to the trends of mobility in the enterprise, the guy to talk to is Ojas Rege, vice president of strategy for MobileIron. I caught up with him recently and he talked about four major trends that will have a big impact in the years ahead.
The first trend is what is happening from the application security perspective. Enterprises started to get interested in mobile apps about five or six years ago. The larger screen real estate of the Apple iPad really opened companies' eyes to what could be done with mobile apps. The earliest applications were rather ad hoc, usually project-based. Then organizations began building apps around their business workflow, and security became a bigger issue.
With this in mind, a new security initiative was launched at Mobile World Congress this year. The newly formed AppConfig Community has a mission to streamline the adoption and deployment of mobile enterprise applications by providing a standard approach to app configuration and management, building upon the extensive app security and configuration frameworks available in the mobile OS. The members of the AppConfig Community are making it simpler for developers to implement a consistent set of controls so that enterprise IT administrators can easily configure and manage apps according to their business policies and requirements.
Apple is behind the effort, as are several companies from the enterprise mobility management space (including MobileIron). It's getting good traction from the app developer community already because it's the first time developers have had one place to go to get the tools, the schema and best practices to build secure enterprise mobile apps. The first mobile platform to be supported is Apple iOS, but there are tools for Google Android and plans to support Microsoft Windows as demand picks up.
The second trend is the move to cloud when a mobile device is the front end. Much of the discussion on cloud security has been focused on securing the back end – the cloud itself – and then authenticating user access to the cloud. This primarily assumes a web interface to the cloud, with no data being stored on the local PC client.
This model doesn't work when you consider mobile, because no one uses a web browser on a mobile device to access cloud applications. Instead they use native mobile apps, and just managing the authentication of the user is not enough. Now you have to have device trust and app trust, because there is now data that is local to the device.
MobileIron is addressing this need with a new product called MobileIron Access. It sits between the cloud service and the authentication service, and before the authentication request is given to Active Directory Federation Services or any other authentication broker, MobileIron first checks to make sure the device is secure and the application is secure. Only if both are secure does the authentication request get passed on to the identity and access management system. If there is an issue with either an unauthorized device or an unauthorized app, the user is prohibited from bringing enterprise data from the cloud service down to the device until the problem is remediated. MobileIron Access completes the security model for cloud services.
Sign up for CIO Asia eNewsletters.