Want to Transform Your Business with Mobile? Rethink Security

Last week I attended an executive forum hosted by Centrify and our partners, Google and Vox Mobile. We had a great lineup of speakers, including Andrew Toy (Android for Work Product Management Director), Jim Haviland (Chief Strategy Officer of Vox Mobile) and our very own Bill Mann.2015 G4work_Sign_Capture

As the speakers shared their perspectives and insights on where mobility is going and what’s needed to get there, a few things really hit home for me.

Mobility ≠ the latest phone or email

We’ve only just scratched the surface of how mobility can truly transform business. Yes, email and other productivity apps are no brainers for mobilization. But no one ever thinks or says, “mobile email has been a huge game changer for our business.”

Real, game-changing or as Andrew said, “stock-price or valuation changing” impact will come from leveraging mobility and cloud to transform every single business workflow. That means mobilizing your entire workforce, not just the sales force or knowledge workers. That means activating completely new process workflows.

As a veteran of the mobile industry, I couldn’t agree more. I’m not alone. Most industry analysts and executives also know the impact mobility will have on their business. According to Accenture’s 2013 CIO Mobility Survey, 73% believe mobility will impact their business as much, or more than, the web revolution of the late 90s.

If that many CIOs understand the transformative nature of mobility, it begs the question: Why aren’t more companies leveraging mobility in more transformative ways?

Security concerns get in the way

My discussions with customers keep coming back to the same thing: security. Security is often viewed as a roadblock to innovation and productivity. I think this Dilbert comic strip sums it up nicely.

Dilbert

In today’s digital and mobile world, security remains the top challenge for IT. In fact, 51% of IT executives cited security one of the most important challenges in implementing digital technologies, including mobility and cloud.

Accenture stats
Source: Growing the Digital Business: Accenture Mobility Research 2015

With data breaches continuing to make headlines, it’s no wonder security is top of mind in C-suites and board rooms. The growth of mobile and cloud technologies has only increased the potential attack surface for cybercriminals. And no one wants to be the next security breach headline. That’s a club no one wants to join.

Organizations have a serious conundrum on their hands. Do you walk away from the tremendous opportunity that mobility has to create new revenue opportunities, increase customer engagement, accelerate product or service delivery, and improve customer service? Definitely not.

Do you turn a blind eye to security requirements and concerns? No, that would be foolish and potentially very costly. So, what do you do?

Rethink security

mindset 1To take advantage of the transformative power of mobile and cloud technology, you need to rethink security. The traditional approach to security is focused on locking down systems and defining a secure perimeter. But in today’s world where data is everywhere — on premises, on mobile devices and in the cloud — a fundamental mindset change for security is required.

When you approach security in a silo’d or piecemeal way (for example, only securing mobile devices or only addressing access management), you create more complexity, more user friction and potentially more security gaps as users find ways to get around security. More importantly, you miss the opportunity to drive transformational change for your business.

Instead, organizations need to shift to a security approach with identity — of the user and the device — at it’s core. When you combine a user’s identity, the device that’s being used, and what app or resource is being accessed, you get a more complete security policy.

Here’s an example:

The traditional approach based only on enterprise mobility management (EMM) would be to require complex passwords for every corporate app, all the time. We all know that entering complex passcodes on a mobile device is painful. Can you say fat finger? What ends up happening is that the authentication process becomes so cumbersome that users just don’t bother to adopt those business transforming mobile apps.

rethink securityWith the context of identity, device and resource being accessed, you can rethink what mobile security means. You can enable anywhere access with IT policy that is context-aware. Grant access when it’s a known device and user in a trusted location. Challenge for a second factor when you don’t recognize the endpoint or location. Or block access wherever needed.

By mashing up identity, device and resource, security becomes about applying the right level of security at the right time. This approach helps IT assure that corporate data is protected while enabling business transformation via mobile and cloud technologies.