Mobile Security Solutions: Evolutionary or Revolutionary?

mobile security evolutionary revolutionary


Consumerization of IT has driven the corporate world into using more and more consumer-oriented devices.  With that comes concerns around interoperability, support, and last, but not least, security.  These devices have been a boon to employees and a bane to corporate IT.  To me, trends like BYOD are revolutionary, and evolutionary solutions may not be the best match.  Fortunately, there is hope on the horizon, and it’s coming from more than one area.

The mobile OS vendors have been rising to the occasion.  Perhaps not as quickly as some would like, but progress is being made.  Mobile OS platforms like Android, iOS, and Windows Phone now offer a combination of evolutionary and revolutionary security capabilities such as device encryption, enhanced security policies, address space layout randomization (ASLR) protection and data execution prevention (DEP).

Vendors are also coming to the table.  Here are a few of the interesting security technologies on the horizon.  Some are so new that they don’t yet have a socialized name, so different terminology may be used by various sources.  Included with each is an assessment of whether the technology is evolutionary or revolutionary.  

  • Mobile Application Risk Management – These products offer an automated approach for evaluating potential risky behavior of both in-house or consumer mobile applications.  Some of these behaviors include sending clear text, access to sensitive data like location or address book, and malware detection.  They can use both static and dynamic analysis approaches.  Although they don’t need the source code, you will need the binary file.  Instead of days or weeks of testing, you can get a summary report in minutes or even seconds.   Integration with MDM and MAM providers is in progress.  Vendors in this space include AppThority and Vericode.  Revolutionary
  • Security SDK – Some vendors are offering a security library that can be added to the software development kit.  This enables the developer to leverage time-tested security APIs.  Obviously it does require access to the source code.  A broad number of policies can be provided.  Examples companies providing these capabilities include AirWatch, Good Technology, and MobileIron.  Evolutionary
  • Security Wrapper – With this approach, the security libraries are ‘wrapped’ around the application binary.  Security policies such as encryption, copy/paste restrictions, or adding a passcode can be implemented without access to the source code.  The process only takes seconds to wrap an application and no developer intervention is required.  A somewhat narrow number of policies can be applied.  Solution providers include AppCentral (acquired by Good Technology), MobileIron, Mocana, and Nukona (acquired by Symantec). Revolutionary
  • Container-based VPN – These products provide container-based applications (browser, email, file manager, etc.) that use an application-layer VPN to securely connect to corporate back-end systems.  The corporate information is within the container separate from the rest of the device and can be managed without affected the remaining user content.  This can be ideal for enabling access from devices you don’t own like BYOD or third party partners.  Some other capabilities may include:
    • Leveraging the container to provide hybrid mobile application capabilities without having to recompile and deploy after an update.  Normally a hybrid application would require the web technologies used (HTML5, CSS, Javascript) to be packaged in a framework (Phonegap, Titanium, etc) and installed as a native application.  With these products, the container acts similar to the framework to allow for access to native application features such as camera, sensors, and vibration .  If the code is updated on the server, the new code will be downloaded to the container for execution, and no app distribution required.
    • Provide a single sign-on experience for NTLM or Kerberos authentication schemes.
    • Containerizing third-party applications and directing them through the application-level VPN to the corporate back-end.

Some companies providing these types of solutions are Bitzer Mobile, Good Technology, MobileIron, and Rover Apps.  Evolutionary

As you can see, there is much activity in this space.  Are these technologies evolutionary or revolutionary? I must admit that some of these look really revolutionary (or at least very clever) while others appear to be a natural and welcome evolution of technology capability.  Regardless, the good news is that we have more security options that can provide real value to the enterprise.

Now, don’t you feel more secure?

Explore posts in the same categories: Android, Application Wrapping, iOS, Windows Phone

Tags: , , , , , , ,

Both comments and pings are currently closed.

8 Comments on “Mobile Security Solutions: Evolutionary or Revolutionary?”

  1. Jonathan Says:

    Randy, one of the challenges that Security wrapper approaches have is that they require access to binary copies of ISV apps. This can be a big hurdle for an organization, as not all ISVs want to be in the business of handing out various copies of their binaries to enterprises.
    This also engenders a huge life-cycle management problem, as now the enterprise needs to track which version they’ve wrapped, and be aware of new releases that need to be re-wrapped and re-distributed.
    Have you looked into this conundrum and how would you recommend an enterprise deal with that challenge?

    • Randy Nunez Says:

      Access to binaries doesn’t work in all cases. In-house apps shouldn’t be an issue, but as you pointed out apps in consumer apps stores is a challenge due to terms and conditions issues. I suspect that this will evolve over time and I’ve heard of some potential work-arounds.

      As far as lifecycle management, I think what you will see is that MDM/MAM vendors will include this capability in their products.

  2. Kaito Says:

    It’s certainly a step in the right direction.

    Ultimately I think we need to have a combination of both evolutionary and revolutionary security solutions. The ability to look ahead and close a vulnerability before it has actually arrived is the ideal goal, and always a good effort. But we can’t anticipate everything, and so we will need to adapt to the ever changing environment and the unanticipated risks that we realize after the fact. Being evolutionary and revolutionary both gives us the flexibility to do what needs to be done to take advantage of the benefits of BYOD technologies while best mitigating the risks.

  3. Jim Jakary Says:

    Hi Randy, it’s worth mentioning the role of secure Cloud in this discussion. True SaaS is the ideal way to manage mobile devices, apps, content and expenses with no on-premise hardware or extensive IT change management projects to keep pace with the latest mobile handsets, tablets, OS and application API’s. Speed and flexibility of mobile SaaS provides security to manage BYOx in a cost efficient way, e.g. without additional CapEx. Cheers, Jim J

  4. Randy, you hit some key points. Containerization is evolutionary, but I’m not sure the distinction from revolutionary is nearly as important as the feature set. Single Sign-On alone is worth using the container approach, IMHO. Add in admin features such as pushing policy updates without re-distribution of the apps and you’re getting extremely efficient. Thanks for the mention!

  5. Andy Smith Says:

    nice piece Randy, not all wrapping solutions are equivalent. (BTW, Bitzer has wrapping too). However, we call it “conatainerization” as we are logically adding apps to a single container we call the Secure Enterprise Workspace. All apps in the workspace not only share information and trust each other, but they share a common security infrastructure that is provided by the main Bitzer container.

    On the topic of wrapping 3rd party apps the world is starting to evolve. We have been working with MANY large ISV providers that are now making their apps available as a single static library to partners for wrapping. The most recent ISV to go down this route is Oracle. The momentum is growing and looks like it will continue.

Comments are closed.

%d bloggers like this: