One of the best and most impressive traits of research analysts is that they are pretty darn good at predicting the past. As for foreseeing the future, well, that is a far rarer ability. I was reminded of this troubling truth last week when I took a quick call from a research analyst who was trying to compile a best practices report on how to secure the BYOD reality overtaking the enterprise.
Specifically the analyst presented me with the following question, “What are the levels of security that are needed to be taken to secure a personal device as it connects to the network?”
To guide my thinking, I was told the very basic measure would be use of password and the most secure one would be to create a fully encrypted container for the enterprise data.
I must admit that as I was pondering this question I began feeling significant unease. Something just wasn’t right with it and I couldn’t quite put my finger on it.
And then it hit me: the question was all wrong!
The hidden assumption in the question was that a user would get on the wifi network as they get into the office with their device, from which point all the good old tried and true cybersecurity measures could kick in and the problem would be gone.
Apparently, more and more employees don’t bother to connect to the local wifi network as they can get significantly broader bandwidth using their 4G network, and as all they really need is email and calendar connectivity to become productive.
That means that essentially all of the old school defenses put along the wifi LAN highway into the enterprise network are being circumvented with very little effort. The implications are tremendous, essentially nullifying the strategy of many of the NAC/WLAN providers with the potential to disrupt a very significant portion of the cybersecurity market.
So, as part of the discussion with the analyst, I quickly outlined for him my approach to the challenge: The must-have foundation of any enterprise cyber security system hoping to deal with the game changing mobile onslaught relies on three pillars:
- Situational Awareness
- Provisioning and authentication
- Dynamic Policy Management (endpoint, network and cloud)
As the enterprise mobile cybersecurity market matures to properly contain and manage BYOD, a powerful integrated approach needs to emerge. This approach involves an inter-product offering which involves tight connection between an MDM, a NAC and a CMSS (Context-aware Mobile Security System).
The best example I am aware of at the moment is the one we are part of where MaaS360, ForeScout and AirPatrol Corporation offer together a comprehensive solution. The first SI to offer this integrated solution is Patriot Technologies.
In this integrated offering, AirPatrol serves as the first line of defense – continuously monitoring the enterprise environment for the presence of unknown mobile and wifi emitters. When a new unknown device is detected, its unique identifier is handed over to the MDM and the NAC who then identify the user, provision the device, and get it under the wings of the enterprise cybersecurity policies. Now the device is controlled based on the location and context triggers that AirPatrol provides in real time. At that point AirPatrol moves into the role of the context-aware clearing house for the enterprise, brokering policy decisions according to the location and context of the device and user.
This is the beginning of the web 3.0 revolution which flag we have been carrying for several years now – the contextual web. And, so the first steps towards realizing the contextual enterprise have emerged.
Who says research analysts aren’t important for business?