2015 Predictions: Mobile Security

As 2014 comes to a close, our subject matter experts check in on what they see as major topics and trends for the new year. (You can read all of our 2015 predictions content here.) 

Looking to the year ahead, I see a number of signs that indicate a shift in the ways that organizations approach mobile security. Traditional measures are giving way to new thinking, the laissez-faire attitudes towards BYOD are melting away, and concerns about mobile threats are driving the need for stronger security measures.

1. Death of Proprietary Containers On Mobile Devices

There was a time when the proprietary containers approach for managing company data was the only game in town. Companies deployed this technology because it delivered what they wanted for security by creating partitions for the data, but it drastically changed the user experience and in the process alienated the end user.  Talk to end users about what they think, and you’ll find that most of them aren’t happy.

What’s the solution? We’re seeing far more elegant approaches to manage data coming from the operating system vendors. iOS 7 introduced an elegant method of managing business apps and data. Samsung Knox brought app and data management back to the function delivered by the operating system platform vendor, and the introduction of Android Lollipop continues down this same path. In 2015, I expect to see that proprietary approaches are going to disappear, with the market evolving to deliver enterprise management over security functions native to the mobile platform.

2. Mobile Malware Will be a Slow Burn

There is clearly a gap between what we see in security research in terms of evolving techniques in mobile malware and the general public’s understanding of the threat model. Mobile malware has not had the massive infection rate that desktops had in the past, so is it still problem?

I don’t think mobile malware is going down that road. There may never be an outbreak of mobile malware at the same infection rate as some of the Windows viruses of the past. That’s because that play is dead. Blowing up millions of computers is pure 1999. Today, malware on the PC is highly targeted, because it’s too easy to find if everyone, including the malware researchers, has a copy of it. Instead of trying to infect thousands of computers, the attackers only need to find one victim.

Mobile malware is always going to be in lower in numbers, and 2015 will be no different. But finding it is very difficult if you don’t have the capabilities to prevent or detect it, especially with all of the BYOD devices running on networks. And furthermore, when you do find infected devices, the malware packs a much stronger punch. There are far more resources (in addition to the data, there’s always a network connection, access to out-of-band communication such as SMS for command & control, location data, and recording capabilities) to make the malware more potent than what you see on PCs.

3. Less is More with Enterprise Mobility Management (EMM)

Wait a minute, isn’t more is more? Not with EMM, because the more you apply, the less your users will like it.  Unfortunately, that’s the challenge with thinking inside the box. If your only option for stopping threats is removing the application that can access the threat, then you’re left with removing functionality as the only way to solve security issues.

But in 2015, I think that the smart customer is going to think of more than EMM. In fact, they are going to skip a beat in the evolutionary chain. When faced with emerging security threats, the normal response is to rack and stack new security solutions on top of existing infrastructure. It’s like buying a fast food value meal, buy more and get more, even though in the end it’s still junk food.

That’s why the next step in EMM is not more EMM.  It’s also not going to be EMM plugged into other security solutions. The smart play is to evaluate all security needs and see what could be done when looking at mobile security requirements as a whole. That includes managing mobile devices, protecting mobile devices from threats, protecting your networks from bad devices, and most importantly, making sure your data is safe.

Mobile security is among many focus topics at Ignite 2015, where you will tackle your toughest security challenges, get your hands dirty in one of our workshops, and expand your threat IQ. Register now to join us March 30-April 1, 2015 in Las Vegas -- the best security conference you'll attend all year.