Enterprises need to reinstate the security perimeter eroded by mobility
The mobility trend is driving major changes throughout the enterprises, especially within IT departments. They are being challenged to enable the worker productivity these devices promise, while ensuring that corporate networks and data remain secure.
Unfortunately, the proliferation of mobile devices has resulted in, if not the disappearance of the corporate security perimeter, at least its dilution. Many mobile endpoints mean many targets for attackers.
In an exclusive interview with FierceMobileIT, Martyn Wiltshire, director of strategic IT initiatives at flash memory products maker SanDisk, believes the solution is to reinstate the security perimeter with new security solutions. He explains how hardware encryption needs to play a central role in that effort, particularly as a security solution for machine-to-machine communications and the Internet of Things.
FierceMobileIT: What impact is mobility having on enterprise IT?
Wiltshire: If you go back a few years, you could lock everything down very tightly. Any technology you had would have come from your IT group. Over the last few years, that has changed tremendously. Now you have super powerful smartphones and tablets. There is definitely a shift taking place with enterprise applications in terms of how you run your business and enable them for the mobile workforce. You've got the BYOD environment, and you've got cloud services available from every device, which are helping people to do their jobs in the organization. So that cannot be stopped. That's driving a huge shift in the way IT organizations think about the solutions they offer. The solutions have got to be available on a multiplatform basis. That's great, but it changes the IT security perimeter.
FierceMobileIT: How are IT organizations dealing with the challenges to the security perimeter presented by the many devices out there?
Wiltshire: The security perimeter needs to be reinstated in a different way with different solutions. The security perimeter was managed because we knew that that laptop belongs to you, you could VPN in, and we had a very tight tether to you. Now, there are many mobile solutions to manage that governance and the applications that you put on mobile devices. And you've also got increasing encryption of devices, and hardware encryption is now coming out, which is a great asset to anyone who is trying to control enterprise IT and the security of the IP within it.
FierceMobileIT: Do you see more enterprises using encryption to secure the data on mobile devices?
Wiltshire: Yes, I think encryption is going to be a key tool going forward. I think it's going to be a must have. We talk about it all the time. With cloud services, we expect the data to be encrypted, as organizations move the data outside of the premise. Obviously, we are also moving data outside of the premise when it goes to personal devices, laptops and phones. That also needs to be secured. It is imperative that the cost and risks needs to be managed very carefully.
FierceMobileIT: With the explosion of connected machines, enterprises are increasingly deploying connected machines to automate their processes. How do you see that impacting IT and what unique security issues might come up?
Wiltshire: It does present a challenge. But it just means that the solution has got to change. Security needs to be inherent in the platforms that you're working on. So it's not an afterthought ... The underlying platforms need to be hardware encrypted; encryption needs to be intrinsic to the platform. Only then are you going to have the confidence to put confidential information out to the workforce. You need both things. You want to encourage your workforce to be mobile, but you need to have tight control over the information because that is your asset. Business is definitely not done in the office anymore. It's done everywhere, wherever you might be.
FierceMobileIT: Where do you see mobility taking the enterprise and the IT organization 10 years from now?
Wiltshire: One of the big changes we will see is with the devices. We will see a shift in what we use to do your business. Today, people still use a laptop as their primary business tool. They have a number of other supporting tools like a smartphone or tablet to keep connected. I think we're going to see a shift in that. There are a number of technologies that will make it easier to use your mobile devices. This will all require high performance. Whether you are doing voice recognition or image recognition, I think there are a lot of tools that will come out that need to be serviced quickly. We will also see a crossover from the Internet of Things. We talk a lot about that in the consumer space, but I think we also see that come into the enterprise with more of the intelligence in the equipment we use in the workplace. And mobile devices will interact with that equipment.
FierceMobileIT: Could you explain a little bit more about the Internet of Things and the enterprise?
Wiltshire: The Internet of Things is going to provide a lot more information about how your service is running, and what the health is of different components of your enterprise. With that, you're going to get the ability to manage locally your equipment and have more local customization of equipment for your infrastructure.
FierceMobileIT: The Internet of Things is going to present some challenges to the security perimeter, particularly if you are communicating with machines thousands of miles away. How is IT going to deal with that problem?
Wiltshire: You have things obviously within your control, within your network, part of your organization. Today, we are looking after servers and storage--things we can touch. These other devices will come into that domain and the data will be controlled within that domain. When you get outside of the corporate boundary, then you need to have security built-in into the devices. You need to be able to control the data and erase it, if needed. That's why I think technologies like hardware-based encryption will become the standard.
FierceMobileIT: Any other thoughts?
Wiltshire: It's a really exciting time in this industry. I think flash technology is proving to be both disruptive and an enabler at the same time. We see it making mobile devices more powerful. It is also changing the ways we work today and powering some of the technologies that are connecting the dots together in the background. They are managing the transfer metadata to make your cloud services integrate with your on-premise data center. They make your private cloud a reality. Now you can manage from a very relatively small device. You can feel like you're connected with a much more powerful computing power.
The other example I'll give you is with things like VDI [virtual desktop infrastructure], thin client and virtual desktop computing. That is definitely a direction that a lot of organizations are going in. That gives you security, high-performance, a lot of control over what you can access, and it gives the user a lot of flexibility because you can become virtually platform independent. Flash technology is going to help you to do that on your device. You are going to have a richer experience, and you probably have flash anyway. It's not a choice you are necessarily making. In the back end, what is powering that is flash also. So flash technology is very important for a virtual environment where you need to have high performance. It's your working environment, and your sessions get saved. It gives you that seamless experience across devices.
Enterprises are embracing BYOD, despite security risks and support costs
No one-size-fits-all solution for BYOD policies, panel reveals
Special Report: Making BYOD work