by Karthik Kannan, Founder and Chief Marketing Officer, Caspida
Mobile security is clearly one of the most major challenges faced by companies today. The mobile dimension extends the traditional network from being a rigid perimeter to a more fluid, yet inevitable, area around corporate assets. Users are increasingly mobile – remote employees, traveling users, contractors, vendors etc. This poses the problem of valuable corporate data being rendered open to corruption, theft and abuse. Yet, the answer does not lie in locking down the data or the devices – for the sake of productivity and competitive edge, companies must make their data accessible and hence not locked down yet protect it at the same time.
Today’s mobile-IT processes provide two options – use a company-provisioned device, or Bring-Your-Own-Device (BYOD). Both have their advantages and disadvantages, but in my opinion, BYOD is the winner. My specific reasons for that opinion are BYOD takes away a huge onus on the part of IT to provision and continuously update corporate devices for its users – this is a thankless task and IT will never get ahead with this approach. What’s left, by definition, is therefore the winner. But BYOD is a winner only because the competing option is a loser!
In order to make BYOD a winner, the supporting technologies must vastly improve. Today’s technologies for BYOD are still limited; these technologies begin and end with locking down devices. Rather what they must do is to allow users to get whatever application they need for productivity/collaboration, and then algorithmically detect what operations and transactions are performed, and decide whether to allow or deny these actions based on the identity of the user, their role, their location, their application and various other important attributes, e.g., time, such as in the case of fiscal quarter-end. A one-size-fits-all approach to the mobile dimension will not work. Each user has a certain normal, which may fit into a dynamic group that operates similarly but the group may vary in activity or membership regularly. Therefore, static models or rules or policies will never work in executing and governing BYOD policies.
The mobile enterprise must evolve to be more dynamic, and must be more sensitive to users’ activities and roles. Only then will we truly emerge as a mobile-friendly enterprise. That model will automatically take care of security needs to protect relevant data as well as factor in privacy of users’ personal data. The latter is a whole different topic worthy of a blog posting by itself, but the fundamental issue today is the lack of dynamic policy-executing engines for the mobile enterprise. This is where we will see innovation in the next few years.
Caspida is hosting a Cyber Security and Threat Intelligence Meet-Up in Palo Alto at VMware on September 16th at 6pm.
This Meetup event will feature prominent and successful business executives in the security, specifically, mobile security space as well as members of our VC community who see numerous startup technologies in the mobile area. We will have opening remarks discussing today’s trends in the mobile security space followed by a panel discussion moderated by Sanjay Poonen.
· 6:00 to 6:45 PM – registration, networking, hors d-oeuvres
· 6:45 to 7:00 PM – opening remarks on the state of cyber-security
· 7:00 to 8:15 PM – panel discussion on mobile security in an enterprise context
· Mark Grimse, CIO, Rambus
· Matt Murphy, Partner, Kleiner Perkins
· Muddu Sudhakar, CEO, Caspida
· Fernando Alvarez, SVP, Capgemini