The original intention was to do two full reports from my perspective of Chairman this year for the Gulf Information Security Exhibition & Conference (GISEC 2016) and the Gulf Enterprise Mobility Exhibition & Conference (GEMEC 2016), so it will come as no surprise to anyone active in these spaces to hear that the Enterprise Mobility Conference agenda was dominated by security. This overriding security theme and the predominance of mobile now as one of the principle computing platforms means the shared security insights from each of the conferences, GEMEC and GISEC, can be more effectively managed under a single cover as there was rich cross pollination between the conference session content, panel debates and questions and answers.
For a full perspective on the security environment that enterprise mobile plays as ‘just another hyper-connected platform’ please reference the separate ‘Gulf Information Security Exhibition & Conference (GISEC 2016) conference summary report’.
What was specific to GEMEC can be summed up in two predominant statements:
1. The Redefinition of Mobile
Mobile was very much a device play for the industry, but that is over. With the near saturation of the market with smartphones tablets, phablets and all mediums of form factors the hardware is fading into the background as the user experience takes the driving seat.
For hardware vendors the days of double digit hardware growth affluence has been replaced by thin margined hardware refresh. Devices are now being driven by the user interface, application and service experience. The motion is from mobile hardware to mobile software and services. This is with Advertising and media representing the new frontier for revenue generation, but also driving increased privacy concerns and consumer attitude change towards data collection by vendors.
Mobile devices are an interface to greater service delivery through the hyper-connected world we are moving into driven by pervasive high speed mobile connectivity and Cloud Computing. The dedicated Panel Discussion ‘How hyper connectivity will transform productivity and improve smart decisions by the workforce’ raised some insightful points:
- The trend is currently moving towards all things should and ultimately will communicate through network connectivity. Dr Lee Hyeon Woo (Chair, 5G Forum Global Alliance Sub Committee – Advisor TTA IMT) painted a rich picture of the prospects of 5G and the connective capacity this will bring in delivering to the bandwidth demands of this hyper-connected vision.
- Hyper-connected is a new market condition that consumers are adapting to rapidly and enterprises need to consider seriously. A key element of this is the leveraging of Cloud Services for mobile solution innovation such as personal assistants and other big data analytical tools that leverage the computing power of the cloud to deliver value in the hand.
- Cloud offers a continuity of productivity across devices as business adopt more agile ways of working, the ability for users to move from one device + software environment to another seamlessly in a new contextual way.
- Contextual Intelligence coordinating the Who, What, Where and when for users across their digital domains and the flow of information and knowledge sharing between groups in real time and tailored to each user’s optimal UI (User experience).
Enterprises are looking to leverage BYOD, (bring your own device), and play to the preference of users to use the devices they are familiar with and the desire NOT to have to carry multiple devices, one for work and one for personal use. In principle BYOD has its merits, but the enterprise infancy in handling this diverse platform ecosystem mixed with the principle vendor platform fragmentation is holding back wide adoption. Enterprises that are already invested in this space illustrate the lack of maturity across key areas.
2. Mobile infancy in the Enterprise
A report card on the industry when it comes to enterprise mobility would read:
‘A great deal of untapped potential being held back by a lazy attitude, shirking from hard work with a preference for the easy options, a lack of application to the potential of working with others and applying a business-like approach to self-development. A lot of work still to be done.’
Whilst the appetite for mobility by the end user is growing, mobile in most enterprises is not as advanced as the industry would like us to believe and most users perceive. From an enterprise adoption perspective, the use figures are quiet sobering according to Flurry Analytics, ComScore and NetMarketShare:
- 40% – Gaming and entertainment
- 30% – Social media and messaging.
- 4% – Productivity.
Enterprise use is far from mature but the market potential is huge, $140billlion by 2020 according to NASSCOM (National Association of Software and Service Companies) and Deloitte. Consumerisation of IT is the key driver but therein lies the challenge. A consumer world there is little regard or concern for enterprise disciplines. Dale Waterman (Corporate Attorney – Microsoft Digital Crimes Unit, Middle East & Africa) highlighted in his session the enterprise priorities to provide a safer digital experience for every employee and customer by protecting vulnerable populations such as mobile users, fighting malware, and reducing digital risk. Enterprises have to concern themselves with some key hurdles to cross the consumerisation to enterprise enablement of IT, most notably:
- Security management – The centralised orchestration of audit and control required to protect corporate data and demonstrate accountability. Mobile applications are the new security perimeter and these represent a nightmare for data management, the network edge is the application your user is using. Protecting both the hardware and the operating layers of a system is one of the biggest challenges for companies. It matters little how secure the application is if a hacker can compromise the hardware layer, read later the frightening exposure the industry has with the most predominant platform. Dr Najwa Aaraj (Vice President of Special Projects – DarkMatter) echoed this concern in her session which presented a very sobering session on the security and interdependency of the Hardware, OS and Applications for a truly secure and robust mobile platform.
- Application & Service management – The co-ordinated development. Distribution, patch management and auditing of applications and the visibility of services. There is limited true enterprise class support across the fragmented application development and service space for enterprises to manage or leverage third party consumer software and services, which means it has to be constrained to expensive enterprise solutions that do not match the true rich user experience for most end users. Ashi Sheth (Manager Enterprise Platforms – Netflix) in his session illustrated clearly how the consumer UI lessons need to be learnt by enterprises to nurture users into the Enterprise applications. The management required comes from 2 main perspectives:
- End user – What software and services are the end users using?
- Vendor – Application vendors, what are they doing with the data and metadata generated by the applications being used? It is not an enterprise habit of allowing third parties to peer into their operational practices and end user activities, but that is exactly what many third party applications and services do on an enormous scale.
- Threat Prevention – Distinct to security, this is the most challenging aspect of the tripartite. The greatest attack surface for mal-intents today is the mobile platform. It walks past all physical privacy and is the side channel employee’s leverage to make their work more convenient.
Looking at the mobile device and associated operating system market share the greatest challenge becomes clear, according to IDC current mobile operating system market share can be summarised as:
- Android 82.8%
- Apple iOS 13.9%
- Windows Mobile 2.6%
- Blackberry 0.3%
- Others 0.4%
The greatest discordance for enterprise adoption is the mobile platform made up of the Google Android fragmented device and operating system layers. With an 82.8% market share it would suggest an easy management option for enterprises, but in fact it is the greatest nightmare. The reality is average Google Android phone or tablet buyer has no way to upgrade their operating system unless the carrier provides an OTA (over the air) update, and two-year upgrade cycles means that plenty of people are left holding compromised if not broken devices with known exploits that Google does not bother to fix. In some security debates Android has been regarded as a malware platform due to its shocking record on patch management, as users are left exposed at the foundation level of their mobile devices notably the OS.
Google is doing little to demonstrate any change in attitude, shirking its responsibility as an Operating System provider, irrespective of the fact that it is free, you would have thought a mature corporation would have some sense of responsibility. In essence Google is telling its user community “Sorry, you have to tell Samsung, LG, and Motorola etc to provide you with an updated version of our operating system.” Google is sloping shoulders of responsibility onto the device manufactures and expecting them to manage the patches for its operating system. By throwing all of the responsibility for security updates back on carriers and security researchers, Google is telling OEMs that they can either agree to its licensing terms and fall in line, or take on the responsibility of performing security updates that they are typically not qualified or funded to do.
The Google Android Operating System represents the largest number of installed-base devices, with 1.9 billion in use in 2014, compared with 682 million iOS. What this means is we have is over 60% of the 82.8% of mobile users running out of date fully compromised operating systems, users on Pre- Kitkat v4.4 (2013) iterations.
Google is complicit with its device manufacturers who persist in supporting Googles pernicious practices, in throwing users under the nearest bus for their own commercial gain. Device vendors are hooked on a ‘FREE’ operating system, and Googles myopic in its perspective and sole agenda of getting as many people using their Android Operating Systems as possible by any means simply to be able to hoover up the user data. If this was the physical world Google would be akin to a drug dealer handing out doped up candy to kids in the poisonous practices of hooking future customers.
Google is not being singled out for any other reason than it is a factual reflection of the predominant market platform and provides one very significant reason why enterprises may be slow in adopting mobile. The Apple iOS platform represents the best current enterprise solution from a consumerisation perspective, driven by its rich application ecosystem and Apples walled garden approach to its OS and hardware integration. After all, if you watch any office or secure working environment, mobile devices sneak through unchallenged and un –checked. The Android platform is the predominant platform for Ransom-ware and Trojan malware infestations, and is a ‘bridging channel’ to compromising interconnect networks.
The final session of the day by Benoy C S (Director & Head, Information & Communication Technologies Practice – Middle East, North Africa and South Asia, Frost &Sullivan Ashi Sheth, Manager Enterprise Platforms – Netflix) crystallised the principle drivers that enterprises can benefit from with a mobile agenda. How consolidation, customisation, cloud, mobile app and content management should be the focus to fuel the next wave of enterprise innovation.
In summary, the biggest challenge for the mobile industry is to achieve a maturity of approach to the platforms being placed in the hands of end users, as this impacts everything from the management layers through to governance and security. Device manufactures have demonstrated a lack of backbone to drive a discipline and attitude change in the world’s leading Operating System provider Google, and Google have implied they have no desire to up their game. So the Apple and Microsoft approaches of Mobile Operating System control being imposed on device manufacturers is a light in the dark for enterprises looking for a reliable platform. Enterprises need to be able to focus on the software and service delivery to their end users and not have to worry about the platform.