Anyone watching the mobile security space knows it is dynamic and always evolving. 2016 will be no different. Here the Enterprise Mobile Threat Team predicts some interesting changes that promise to impact mobile security, policy and enterprises as they try to stay secure.
1 | CISA Will Drive Securing the Mobile Device — If the Cybersecurity Information and Sharing Act (CISA) becomes law, it will contain some interesting provisions that specifically address mobile security. CISA calls for a study to assess the mobile threat scape that the federal government faces and to determine if current defenses are adequate. The truth is that there’s a convergence of forces putting both the private and the public sector at greater risk. More and more employees are relying on mobile devices as their primary computing device and they’re doing more complex tasks on them. It’s no longer theoretical that mobile cyber threats will increase. CISA calls for recommendations on addressing these threats based on best practices which should include managing mobile app risk. Just like the private sector, Federal employees rely on mobile apps for efficiency and productivity gains. They need to have those tools, but the government needs to feel confident that those mobile apps have been vetted and aren’t collecting and sharing data that is sensitive and confidential.
2 | More Pressure on App Stores to Be the Gatekeepers of Security — App Stores provide a level of security by controlling the distribution point and applying performance requirements before offering apps for download. This works well when adding and managing new apps, but what happens when an app is revoked from an OS vendor app store? The truth is, unlike other consumer product retailers and manufacturers, App Stores are under no obligation or regulatory requirement to notify users who have downloaded an app when it has been removed from the store. The result: “zombie apps” that still live on user devices, but are no longer updated for bugs or security fixes. As enterprises continue to mobilize in the next year and employees download apps to both their corporate and private devices, there will be no room for any lag in liability. To continue to serve the increasingly mobilized workforce, App Stores will simply have to up their game and claim responsibility or the end users, and the enterprises they work for, will pay the price.
3 | Post Safe Harbor, Mobile Policies Will Regionalize — The BYOD movement at one point looked like the solution of choice for IT mobile device security. Now, other security options such as Choose Your Own Device (CYOD) and Corporate-Owned, Personally Enabled (COPE) solutions, are drawing a line in the sand and establishing themselves as alternative options to efficiently and securely manage an increasingly mobile workforce. With the Safe Harbor break-down, yet another variable will act as an influencer on the strategy enterprises choose. Without being able to freely transmit data over the ocean, app developers, OS vendor app stores, and enterprises will need to adjust which apps are offered in which regions. Depending on the region of operation and local laws in place, different mobile policies will take hold.
4 | The U.S. Will Come into Compliance — Industries like the financial services sector have long deployed advanced compliance policies to ensure personally identifiable information (PII) and other sensitive financial data remains safe and secure in a desktop environment. However, it seems that some regulators forget that mobile devices are actually computers too, and should be covered under most of the data security compliance practices of the past. In the year to come, the U.S. will catch up with what’s already happening in places like Hong Kong and Canada: applying regulatory and compliance policies to mobile devices. Depending on the characteristics of the industry, mobile PII, sensitive data protection, and anti-malware compliance will look differently but one thing they’ll have in common is the question, “Why wasn’t this deployed last year?”