MobileIron

follow orege at http://twitter.com

A Matter of Trust

June 30, 2010

Filed under: Mobile Security — ojas @ 5:16 pm

Had a very interesting conversation this week about the evolving trust model for mobile security in the enterprise.  I was talking to Terry R, who focuses on risk management and compliance, and he was telling me how his company’s perimeter security strategy needs to fundamentally change. 

As he put it:  “Our challenge is that our infrastructure, applications, and databases are designed for a perimeterized world.  Our systems rely on a strong perimeter.  We need to tear that perimeter down.”

The catalyst for the conversation was smartphones, which operate almost constantly outside the perimeter.  Since the perimeter is no longer “reliable”, security becomes a matter of trust.  Which device do I trust with which data for which user under which circumstance?  The same questions, certainly, as existed before smartphone adoption.  But the answers are now much more difficult to pin down.  The trust model for mobile is a rapidly moving target.  New operating systems appear every year.  New devices appear every week.  New consumer apps appear every minute.  And end-users constantly set and change the debate.

How does a security team keep up?  The more rigid ones will likely fall behind.  The nimble ones will adopt a flexible mindset that can trade effectively between security and privacy, usability and control.  Protecting enterprise data without compromising end-user experience will be the goal.  A dynamic but rational model of trust that can operationalize the model below will be one of the important tools.

(Thanks, Terry, for the ideas behind this post)

Unlimited data – see ya!

June 3, 2010

Filed under: Market Trends — ojas @ 12:01 am

No big surprise.  After several months of media speculation, unlimited data is no more.  In the battle of network-thirsty-smartphones vs. capacity-constrained-data-networks, the score is Smartphones 1 Networks 0. 

Today’s AT&T announcement strikes me as more of a pre-emptive than reactive move, though.  If currently 35% of subscribers already use more than 200MB of data per month, that number is only going to skyrocket over the next 24 months as smartphones outsell feature phones in the US and become the most common access point to the internet. 

Clearly i’m now going to pay by volume of usage.  But an unanswered question is what happens to service quality as the network load continues to hockey stick?  Do I end up paying by volume and desired quality?

As the consumer dynamic evolves, two implications emerge for the enterprise as well:

  • Real-time visibility into voice, SMS, and data usage becomes essential to prevent serious bill shock from overages
  • Service quality monitoring becomes the best pro-active mechanism to protect the user experience, especially if network quality starts to erode

However, one of the major challenges companies will face is that you can’t control something you can’t see.  Most users have no idea how many KB a web page download is or how much traffic answering those 50 emails generates.  Without awareness, behaviors don’t change.

So in the age of variable pricing, visibility becomes paramount at both the individual and the corporate level.  Hold up a mirror and show me what I’m doing so I can make sure it ain’t crazy.