When it comes to ensuring secure enterprise mobility, device-oriented approaches adapted from single-vendor environments like BlackBerry simply aren't working in the bring-your-own-device (BYOD) mobile enterprise. Companies need a way to secure devices they don't own or don't already manage using a mobile device management solution.
What is required is a fundamental shift in focus. We need to worry less about trying to secure the device and more about securing specific apps and critical data. Indeed, in the new paradigm you have to assume the device has already been compromised. That's why app wrapping has emerged as a way to give IT the rare opportunity to say "yes" to user choice while simultaneously enabling a more secure, extended enterprise.
BYOD and COPE (corporate owned, personally enabled) are simply leading indicators of a much larger transformation underway in enterprise mobility. While BYOD and COPE address a self-contained, manageable group of employees who use their own devices for corporate access, the larger trend is the emergence of a phenomenon we call the "extended enterprise"--the expanding constellation of customers, contractors, partners, consultants and others that surround an organization who need access to the company's data for legitimate business purposes.
In the extended enterprise, sensitive and proprietary information increasingly resides on any number of mobile platforms in third-party hands that cannot truly be managed because the enterprise doesn't own those devices.
In the extended enterprise, users want the freedom to choose their own devices. And, accustomed to the broader array of apps instantly available for personal use, users want to choose the apps that best solve their problems, make them more productive, save money or create new opportunities.
Security's Evolution: Roadblock to Enabler
Until now, IT has been able to maintain control of mobile resources using device-level mobile device management (MDM) solutions. But management does not equal security. The security challenges of a mobile environment are broader and more intricate than any MDM can solve. So today, enterprise IT must assume that sensitive data will end up in an app on a malware-infected, jail-broken, unmanaged mobile consumer device.
In the data-centric extended enterprise, the app must become the primary vehicle for sensitive data distribution on mobile devices. By securing the app, enterprise IT can be assured that its information is protected, regardless of the device on which the app resides.
But building data protection into an app can be difficult, risky and sometimes ineffective. At times, developers face daunting business and technical challenges. Enterprise data is specific to each organization, and the policies and requirements for protecting that data must be tailored to each organization's needs. This is why a one-size-fits-all approach to app security doesn't work. Adding context-specific data protection can best be accomplished after an application is built.
Sign up for CIO Asia eNewsletters.