At the Gartner Security & Risk Management conference this week in Washington, DC, I have enjoyed attending several of analyst sessions on mobile security. In one such session, Dionisio Zumerle, a Gartner analyst, discussed mobile security and shared an interesting analogy that I'd like to expand on. He compared the evolution of security to the adoption of seat belts.
Seat belts in automobiles were first introduced in the 1950s. In the 1970s and 1980s people actually started using them as cars became faster, the roads got busier and consumers were inundated with images on what can happen when you don't wear your seat belt. Today seat belts are required by law in most developed countries around the world. Their use is expected - our personal security is too important to not buckle up. The interesting thing is that it took over 60 years to profess to the point where people secure themselves appropriately.
The same story can be applied in the security world. Security technologies, and more specifically mobile security technologies, have existed for the past 15-20 years. At first they were rudimentary, but that was probably OK since early devices didn't contain a lot of sensitive corporate data (just like cars in the 1950s weren't terribly fast and drivers weren't distracted). Then over the past 5 years security technologies progressed to mobile device management (MDM) solutions, addressing the need to secure at the device level, and protecting core productivity solutions like corporate email.
But in the past year, times have changed yet again. Today's threats are more significant, devices are powerful, and corporate data abounds in the form of content and mobile apps. Going mobile without progressing your security approach is like driving on a super highway, while texting, and not wearing a seatbelt.
It's time to take security seriously and recognize that MDM alone isn't enough to secure the content and apps that employees are using. A comprehensive enterprise mobility management strategy that looks at securing devices, apps and content at the OS, app and network layers is the seatbelt that companies need to protect their business.