By Joe Breaux, CTO, TRUCE Software
Businesses are forever pressed with ensuring they are rigorously protecting their most important assets: Their people, their customers (or in the case of healthcare, for example, their patients), and their data. There’s a tremendous amount at stake when any of these become compromised.
Even before the pandemic, which turned nearly everyone into a mobile worker, the Verizon Mobile Security Index from 2018 found that more than a third of healthcare organizations (35%) said they had suffered data loss or downtime due to a mobile device security incident. With that, it should come as no surprise that companies have signaled their plans to prioritize investments in mobile-based management and security solutions, according to IDC. The rapid growth of the mobile worker population is also driving this increased focus on mobile management and security, which the firm estimates will grow from 78.5 million in 2020 to 93.5 million in 2024.
Despite this, most enterprise mobile strategies and security solutions are still built from a PC paradigm. In other words, they aren’t made to suit distributed workers who are using different devices at different times for different reasons. Those strategies can’t account for the dynamic nature of today’s workforce.
Putting a modern spin on enterprise mobile security
The rise of increased workforce mobility, especially for frontline industries like healthcare, has prompted the need for businesses to modernize their security measures to ensure they work for the fluid nature of today’s work. The heavier usage of smartphones and tablets has brought new risks that security solutions in the past weren’t able to solve. The biggest challenge in this vein is that what may be considered a security risk in one situation may not be in another. Yet, the same device — such as a tablet being used by a nurse to electronically chart patient data — may traverse both situations. This challenge has brought about a shift in the kind of management tools that are needed to effectively secure the enterprise.
Today, businesses from a range of sectors, especially deskless ones, are implementing mobile security strategies that enable them to flexibly manage device use so that only the features and content needed specifically for the task at hand, or a situation are accessible. Everything else on the device is temporarily suppressed or even removed for as long as the task or situation is in play.
In order to enable this sort of dynamic mobility management, companies are layering in contextual information as device permissions are enforced. Contextual mobility management doesn’t replace a dedicated security or Mobile Device Management solution; it enhances them by adding a contextual layer that takes into account the user’s actions, whereabouts, time of day, and other factors that impact what their permissions should be at a given time. This eliminates the need for sweeping ‘all-or-nothing’ policies by taking into account the fact that employees move throughout their shift. As their movements and context change, their device permissions should adjust in parallel — automatically and in real-time.
Dynamic enterprise mobile security takes shape in two ways
There are two ways contextual mobility management comes to life.
Fixed perimeter security works well for industries where a worker’s physical location, and thus the device they utilize, is largely the same. Consider the use of tablets in a hospital setting. Staff members ideally remember to leave the tablet behind when they’re off the clock and they leave the premises. However, if the device were to leave the premises, CMM would recognize immediately that it’s outside of secure bounds. Apps that provide access to sensitive data would automatically be removed. When the device returns to its assigned location, those features are automatically reinstated. Security is applied in real-time whether the device is lost, stolen, or accidentally taken off-premises.
The second way CMM comes to life is for employees who work in the field (think: an EMT or home-based healthcare provider, such as one who provides telehealth consultations). In situations where the worker’s location is fluid and they consistently move throughout a shift, CMM enables device functionality to dynamically adapt based on their context such as time of day, movement (such as when driving), workgroup, and more.
Adding this contextual layer to a more traditional suite of security solutions, including an MDM, means employees have access to just what they need for a specific job, while the apps and content that aren’t necessary for the task are temporarily removed from the device. It also means access to sensitive data can be dynamically managed based on not just the user or schedule, but location or what’s happening around the device at the time it’s being used. This does away with the need for the employee or IT staff to police device usage around what is or isn’t considered appropriate use.
Mobility is the way forward
The ubiquity of smartphones continues to influence the way employees want to work, especially as their use of mobile devices in their personal lives has an increasingly heavy influence on how they want to utilize them on the job. Businesses are catering to that by transforming workflow processes to be mobile-friendly, which is, in turn, making both workers and business operations more efficient. Those with the necessary security measures in place to protect their most important assets are quickly realizing the benefits of allowing those advanced capabilities far exceed the downfalls.
Mobility is the way forward for the modern workforce. With the right tools in place, that is an incredibly powerful thing.
Joe Breaux, chief technology officer at TRUCE Software, is an inventor and a tinkerer, driven by the challenge of being able to solve the impossible and the things others fail at solving. Since co-founding TRUCE Software in 2009, Breaux has been influential in growing the company and building its patented award-winning platform. He has eight U.S. and 12 international issued patents with another eight still pending.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.