By Amit Jasuja, Senior Vice President, Java & Identity Management, Oracle
In 1825 a painter named Samuel Morse was visiting New York City to fulfill a portrait commission and received word that his wife—at home in Washington DC—had fallen gravely ill. The following day, another messenger brought heartbreaking news: Morse’s wife had died from her illness. Morse rushed home as fast as nineteenth-century transit could carry him but arrived to find his wife already in her grave. This devastating series of events led Morse to dedicate the remainder of his life to finding a means of rapid communication over long distances—eventually leading to the creation of the single-line telegraph and Morse code.
In 2014 Morse’s tragic episode underscores some of the forces mobile workers are still facing today. We are working longer hours than previous generations, many of us at greater distances from those we love. Our smartphones bring us closer (expanding Morse’s vision), with the people we care about being no more than a voice call, e-mail, text message, or Facebook wall post away. As a result, personal and work communications are intersecting, with 89 percent of employees today using personal mobile devices at work or using their work devices for personal applications.
The phenomenon of “bring your own device” (BYOD) to work gives employees a kind of comfort Morse never knew, but it makes CIOs and CSOs uneasy, sparking concerns about protecting corporate data and preventing unauthorized access to internal systems. These fears are not unfounded: recent statistics show that cell phone theft has created a $US30 billion black-market economy. In San Francisco alone, 50 percent of all robberies are cell phone thefts. It is not a matter of if but when a personal device with your corporate data will fall into the wrong hands.
So how can CIOs and CSOs help close the gap between employee convenience and mobile security? This problem has become so complex that 60 percent of organizations don’t have a policy in place for managing personal devices.
And employees are resistant to the policies that do get deployed. For example, 84 percent of organizations that have a mobile security policy force employees to surrender their devices before leaving the company. Mobile device management (MDM) vendors have tried to solve this problem with solutions that lock down devices, but employees complain that such solutions invade personal privacy. MDM can mean that employees’ mobile personal lives are wiped indiscriminately along with corporate information.
Because personal work devices have proliferated so rapidly, CIOs have to build a strategy immediately. According to Gartner, 80 percent of all user access to the enterprise will be via mobile devices by 2020 (compared to only 5 percent today). To get started, here are three concepts to incorporate into your strategy.
Strategy #1: Think Containerization
According to a recent report, 35 percent of adults have reported the loss or theft of a mobile device. Containerization is a method of securing an isolated workspace for corporate applications and data on the mobile device. Users find this approach appealing, because personal data and applications stay personal. When a device is lost or stolen or if the employee resigns, the corporate content can be remotely wiped, leaving personal content untouched.
For example, Oracle’s mobile security container provides a secure workspace that encrypts application data and secures access to corporate applications on the device. The container can support all methods of strong authentication, including one-time passwords, token-based authentication, and smartcards. Added benefits include security support for publishing third-party applications for employees, which can be done in minutes, compared to other solutions that require modifying application source code.
Strategy #2: Restore Control
Not long after Morse invented the telegraph, the telecommunications industry witnessed the first cases of digital identity theft. In the 1920 case of Western Union Telegraph vs. Citizens’ Bank, when Citizens’ Bank endured a heavy financial loss because of fraudulent messages from an unverified sender, the court ruled that Citizens’ Bank, not Western Union, was liable for verifying the identity of the sender. For CIOs this is an important lesson, because securing personal devices containing corporate data begins with identity management. Having to authenticate both the user and the device makes the BYOD problem more complex, because users have multiple devices and change devices every year as technology evolves.
Securing these devices and corporate data means providing governance and reporting to automate the lifecycle of the user/device relationship. Oracle’s approach is to combine the benefits of identity management with mobile security so organizations get all the benefits of authentication, authorization, and fraud detection in a single solution. This solution offers more than 50 policy settings for securing information on the device, including preventing documents from being printed or shared with nontrusted apps, disallowing backup to personal and cloud services, and disabling the e-mail function on sensitive data.
Strategy #3: Simplify the User Experience
Today 50 percent of employees use their personal devices for work without their employer’s permission. But with convenience comes risk: in 2013 mobile malware cases rose 197 percent, and 31 percent of adults reported being victims of phishing link scams on their mobile devices. So providing strong front-end security is a priority for anyone managing externally facing systems.
But trying to enter long passwords on today’s smartphone keyboards is challenging for many (but consider having to enter your e-mail password in Morse code every day). For users to voluntarily adopt a mobile security solution, it has to be easy and enable a level of privacy. To make it simple, Oracle’s solution, Oracle Mobile Security Suite, provides built-in single sign-on, so users don’t have to keep entering passwords. In addition, the solution provides direct single sign-on to many corporate enterprise applications such as Microsoft SharePoint, Oracle WebCenter, and Oracle ERP applications.
As a side effect, the simplification of the user experience on mobile devices can have a positive impact on employee collaboration in the workplace. According to studies by British anthropologist Robin Dunbar, because of cognitive limits, humans can maintain a maximum of 150 stable relationships. New evidence, from researchers at the University of Indiana, shows that mobile devices appear to augment human social capabilities and may remove our biological social limits so we can connect with more people. Don’t disrupt this benefit with a clunky user experience.
Personal Benefit
Oracle’s mobile security suite can restore confidence that data on a device is encrypted and that corporate applications on the device are secure. If you walk by most employee workspaces in the world, you will see pictures of children, pets, family, and friends. We bring personal artifacts to work because they remind us of why we work and whom we work to provide for. We bring our personal devices to work because they connect us with our loved ones and help maintain our work/life balance. Although corporate data and applications have tremendous economic value, pictures of children, spouses, birthdays, weddings, and personal events are priceless.
To create a healthy work environment, enterprise mobile security policy must protect corporate data and preserve personal data. To learn more about Oracle Mobile Security Suite, click here. If this article makes you feel nostalgic and sentimental and you long to text-message with your family in Morse code, yes—there is an app for that.
