Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Samsung's potential government deal signals new era for mobile security

Steve Ragan | July 22, 2013
Samsung may be ready to sign deals with the FBI and the U.S. Navy. Analysts say the news is proof that mobile in the enterprise has arrived. But what does this mean for IT operations?

Another crossover displayed by Samsung, Apple, and Google's development of secure mobile enhancements is that it gives enterprises the chance to leverage government-grade security. According to some experts however, that might not be needed, if it's even possible at all.

"Actually, implementing government-level security for mobile devices in the enterprise might not be all that relevant. The key objective for most enterprises is to enable their mobile users with the right productivity tools without compromising information security. However, government agencies on the other hand must have a greater focus on security and compliance by necessity, given the level of sensitivity surrounding their data," Podila told CSO.

The point being that government-grade security may be a bit too-heavy handed for most enterprise operations.

"Enterprise IT cannot be as security prescriptive as their government counterparts because security cannot trump functionality," Goldschlag added, somewhat mirroring Symantec's take on the topic. In addition, some verticals may have stricter auditing processes, so implementing government-grade security may take them out of compliance in some areas.

When asked his opinion, Dirk Sigurdson, the director of engineering for Rapid7's Mobilisafe, a mobile risk management offering from the security firm, said that it wasn't hard to implement government-level security, as long as the company really wanted to lock down employee devices.

"The more difficult aspect in this process is finding the right balance between control and employee freedom. If company employees rebel or are discouraged after the tight security controls are set in place, it's probably not going to help the organization in the long term," he said.

Once thing all of the experts consulted for this story agreed on was the fact that if the processes isn't planned out -- securing mobile devices can do more harm than good.

Security needs to be frictionless, and there is a cost associated with it. As Sigurdson put it, "... if the total cost of the security solution (including reduced employee productivity) is greater than the risk that the solution is trying to mitigate, then the security solution has done more harm than good."

Adding to that, Goldschlag pointed out that most mobile IT vendors can only secure a few dozen apps. This seems like a good thing until one compares that offering to the millions of apps currently in Google Play and the Apple App Store.

"This severely handicaps IT's ability to support a variety of workflows needed to make every employee productive. It's compounded by the fact that basic apps built-in to the device such as the native email client and camera cannot also be leveraged," he said.

Again, when it comes to mobile security, balance is the key.

"The foremost reasons users have been flocking to mobile devices to do work-related tasks are the simplicity, ease of use and flexibility the devices offer. These benefits can only be achieved if the user experience is preserved. If security policies are so heavy-handed that the user experience gets affected adversely and the device or app becomes almost unusable, it almost defeats the purpose of mobility altogether," said Podila.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.