< Back to listing

Posted 5 février 2019

Your smartphone is not only your first screen, it is also the one that knows you best. It holds your entire digital life, from your banking details and your business emails to your online purchases and photos of your family. Securing all this data on your own is far from easy. In a professional environment, it is an even more complex challenge.

When it comes to securing digital information, there are frequently two opposing schools of thought: CIOs and CISOs who are mandated to ensure network and device security, and end users who do not take kindly to restrictions.

Image removed.

When all is well, the status quo is acceptable. But at the slightest hacking attempt, the situation changes. To make matters worse, in case of loss or theft of a smartphone, confidential information may end up in the wrong hands, be it a competitor or a foreign intelligence agency. As a consequence, the temptation to strike “the right balance” between agility and security finds its way in the minds of CIOs/CISOs and business leaders. Let’s see why and how such a compromise should be avoided.


Pursuing agility and utility: a generational requirement

Generation Y is now present at every level in all organizations and in all industries. The next one, called Generation Z, now begins to enter the job market. These two generations have in common that they have grown up with the Internet. For them, new technologies are nothing new. This is a fact and it is normal for them to use a smartphone to manage their personal and professional lives. Everything must be simple, accessible, and immediate. Agility of paramount importance, whatever the context.

study conducted by TransUnion in the United States shows that almost half of millennials are very concerned about digital risks and threats. Yet 84% of them check their bank accounts while connected to public WiFi networks, and 67% do not protect their phone with a code. Security is important on paper, but in real life, individual behaviors differ greatly.

Seen from the end user perspective, the smartphone has never been truly designed to meet security requirements. On the contrary, it has been designed to improve everyday life by offering services that simplify everyday life. Integrating a security dimension into a smartphone, such as adding a password to access an application, often appears as a hindrance.


Agility and security: A headache for CIOs

Agility is a person’s ability to act quickly, take the right decision in a short period of time, and be able to work anywhere, with all of their resources at their fingertips. It is a state of mind that is natural for some, and requires human, technological and organizational efforts for others. How is it possible to accept agility, considering it is a risk when security is lacking?

We live in a hybrid world: smartphones can be the property of employees in a BYOD setting and/or can be provided by employers. Data and servers can reside in a public cloud, a private cloud, or on premises. Sometimes all three together. Employees are more and more mobile, work from home, share offices, and even inside an organization can switch workspaces. Faced with this evolution of work methods, one thing is clear: no single security rule can work if it is imposed on everybody. Hybridization is therefore everywhere: in ways of thinking, workplaces, behaviors, tools used and also… security.

With mobility being highly popular, CIOs should be cautious when implementing controls and security tools, as users do not want to slow down. This challenge also applies to political figures, from Emmanuel Macron to Donald Trump.


Turn data security into a core business value

Security cannot be enforced by decree. It must be experienced on a daily basis. Protecting employee, customer and supplier data is often a strong value for organizations, reinforced by the GDPR. It is s never too late to develop it.

To achieve this, it is necessary to establish a culture of security among all employees. This means suitable and regular training, sharing good practices, examples and real life cases, stress tests, etc. Appointing security champions who are not affiliated with IT also promotes internal dialogue and creates virtuous dynamics around best practices.

This is a first step to foster overall adoption and facilitate the implementation of a mobile security solution.


And find the right security solution

Once the seed is planted, its development must be supported without undermining the necessary agility to grow and develop the business, by finding the right security solution. One that protects confidential information, without slowing down smartphones, usage and productivity.

Clearly: to prevent rather than cure.

To achieve this, the following best practices can be implemented:

  • Map your mobile fleet: Between iOS and Android devices, is it consistent or mixed? Do you know which OS versions are installed? Do you have visibility using a Mobile Device Management (MDM) solution, for example?
  • Define internal policies: What to do in case of loss or theft? Are your processes and rules clear, known, and shared?
  • Understand the uses: What do your employees do with their smartphone? Which applications are installed? Are there any restrictions already in place?
  • Manage priorities: Does a sales rep have the same security requirements as a CFO, for example? How do you assess security requirements?
  • Secure travel: Who are the people who travel most often? Is it locally or abroad? In which country? Do you consider certain business trips to be potentially at risk? Why and to what extent?

With this introspective analysis done, it will then be easier to find a solution really suited to your needs.

In any case, faced with the exponential development of mobile threats, security priorities are shifting from the desktop to the smartphone. The smartphone has become an essential gateway to business data, which must be permanently secured without affecting user experience. This is a task that involves managing mobile fleets remotely, controlling applications, encrypting devices and communications, without impacting user experience.