Copyright IDC. Reproduction is forbidden unless authorized. All rights reserved.
IT Consumerization: Implications for Enterprise Mobile Security
Peipei Wu (吳乃沛)
Market Analyst,
Software & Services,
Enterprise Solutions Group,
IDC Taiwan
Email: [email protected]
Aug-12 © IDC
Which is your view on IT
Consumerization?
1. It‟s mostly a hype
2. It‟s somewhat important and
has some relevance to my
business
3. It may fundamentally change
the way IT is deliverd/procured
and could seriously change
the use and management of
IT in my business
2
After Lunch Poll
IT Consumerization is the set of changes
resulting from enterprise workers bringing
their own devices and using Web 2.0
(social) applications in the workplace.
Aug-12 © IDC
Session agenda
• Issue 1 - The Mobile Worker
• Issue 2 - Devices
• Issue 3 - The OS
• Issue 4 - Mobile Applications for Business
• The Mobile Security Market
• Complementary Security
• Impact & Recommendations for Enterprise
3
Aug-12 © IDC 4
The Rise in : the Mobile Worker
838.7m The number of
employees in Asia-
Pacific (ex Japan)
that will be classed
as MOBILE
WORKERS
by 2015
37.9% This represents
almost 40% of the
Asia Pacific
employee base by
2015
3 types 1. Office based mobile
508.6m
2. Non-office mobile
317.8m
3. Home-based mobile
12.3m
Source: IDC‟s Worldwide Mobile Worker Population Forecast 2011-2015
Aug-12 © IDC 5
The Rise in the Mobile Worker : Drivers
UC&C now more deeply
integrated into mobility
Home-based
telecommuters in
certain markets
Mobility & flexibility
become employee
retention strategies
Lower cost smartphone devices and
data plans available in price-sensitive
markets
The consumerisation of IT and growth
in Tablet shipments will spur increased
focus on mobility
Drivers
Aug-12 © IDC 6
The Rise in the Mobile Worker : Implications
Consumerisation of IT
is challenging
organisations
The workplace
becomes more flexible,
more mobile
Productivity and
Employee satisfaction
are expectations
Concerns centre around security The „soft‟ factors become
significantly harder Implic
ations
Aug-12 © IDC 7
The Rise in : Mobile Devices
1.15bn The number of
mobile phones
shipped in Asia-
Pacific by 2016
540.0m SMARTPHONES
shipped as part of
the 1.1bn
1 in 2 Of all phones shipped
in Asia-Pacific by
2016 will be
SMARTPHONES
Source: IDC‟s Worldwide Mobile Phone Shipments 2012-2016, Worldwide Tablet Shipments 2012-2016
0
10
20
30
40
50
2010 2011 2012 2013 2014 2015 2016
Tablet Shipments APeJ 2010-2015 (unit shipments M)
December 2011 Forecast June 2012 Forecast
Aug-12 © IDC 8
ARM PDA
Feature Phone
Smartphone
X86 / Intel
Desktop PC
Notebook PC
Mira Tablet PC
Netbook
Desknote Media Tablet
The Technology Catalyst Form factors breaking down the distinctions among devices
Aug-12 © IDC 9
Source: IDC, June 2012
The Rise in : Mobile OS
0%
10%
20%
30%
40%
50%
60%
Android iOS Windows Mobile
BlackBerry Linux Symbian
2011
2016
Worldwide Smartphone Shipment Share by OS, 2011-2016
A single OS mobility platform will be
less likely for APeJ organisations in
future.
OS fragmentation will create greater
security risks.
Security point solutions will not be
enough to protect the enterprise.
62.5% 36.5% iOS
Android
BlackBerry
WW tablet Shipment Share by OS, 2012
Aug-12 © IDC
A Future Business Architecture?
Data
Meta Platform
Windows
OS
MacOS Linux
Android
iOS
Blackberry
Windows Phone
Symbian
Smartphone
iOS
Android Linux
Media Tablet
Linux
Android
eReader
Synchronization
PMPs
iOS
Linux
Android
Content Services
Other Services (Security, Storage, etc.)
Aug-12 © IDC
The Rise in : Mobile Applications
Source: IDC, Worldwide/U.S. Mobile Applications, Storefronts and Developer Revenue 2010-2014 Forecasts (IDC #225668, December 2010)
WW Mobile App Download Forecasts
11
Source: IDC, 2012
Aug-12 © IDC 12
The Rise in : Mobile Applications
The Top 5 Mobile Business Applications expected deployment 2011-2013
0% 20% 40% 60% 80% 100%
IM
UC&C
SFA/CRM
Social Business
Now within 12 months 13-24 months
Organisations are increasingly taking their communications and data
activities into the mobile environment … in many courses sourced from
the Cloud
Aug-12 © IDC
Mobility Will Increase the Complexity of IT Security
13
Traditionally IT
Assets Resided
Here – Inside the
Wall
With Mobility They
now Reside
Everywhere
Aug-12 © IDC
The Current Mobile Security Landscape
PC
Adjacency
Architecture
Play Hardware
Based
Stand
alone
Pure Play
Mobile
SW/SV/
Device
Example Set
Aug-12 © IDC
Mobile Device Management is designed to enable IT Managers to track and
manage the entire inventory and assets of a mobile fleet (hardware and
software) typically through a centralized online management tool.
Mobile Device Management (MDM)
Includes lock, wipe, disable functionality (eg. Phone or specific attributes
such as cameras), OTA, remote diagnostics, remediation
Typical solutions are premised based however
Cloud / hosted solutions starting to become more common
Device players partnering / developing stronger security
eg Samsung and Sybase or RIM‟s expanded security solution
Stand alone vendors now partnering with Service Providers
BYOD now also bringing partioning of personal and corporate data
Starting to see selective data wipe capability
Aug-12 © IDC
MDM is becoming
Mobile DATA Management
Enterprises are starting to look beyond traditional device management
As smart billing enables greater use of applications and data sharing across
multiple devices, an integrated security management environment becomes
critical.
Multiple form factors, multiple OS, multiple applications are increasingly
interacting with a Cloud delivery environment
Device management is morphing to
become mobile DATA management
Vendors are beginning to adapt MDM
solutions – eg RIM with Blackberry
Balance & Blackberry Fusion
New entrants to market are focusing
explicitly on mobile data
management – eg LetMobile
Aug-12 © IDC
Mobile Security
Mobile security is defined as products designed or optimized to provide
security specifically for devices within the mobile environment, including
converged mobile devices, mobile phones, handheld devices, and mobile
laptops.
Mobile Secure Content Threat Management – eg. Virus, spyware, spam,
hacking
Mobile threat management
Mobile data encrypted DLP
Mobile VPN
Mobile Security Vulnerability Management
IAM
Anti-Malware, Intrusion prevention
Aug-12 © IDC
Mobile Security :
Breakdown by Solution 2010 & 2015
24.3%
19.2%
30.8%
10.8%
9.9%
5.0% 2010
MTM
IPC
VPN
MIAM
MSVM
MOS 25.4%
24.8% 23.3%
12.2%
10.3%
4.0% 2015
Source: IDC Worldwide Mobile Security 2011
MTM : Mobile threat management
IPC: File, full disk, or application encryption, data
loss prevention technology
VPN : Infrastructure and clients for mobile
MIAM : Mobile identity and access management
MSVM : Mobile security & vulnerability
management
MOS: Mobile Other Security : emerging solutions
eg. anti-theft, anti-fraud
Aug-12 © IDC
Complementary Technologies
GPS
Contextually aware security
Policies can be via device location.
Eg. Tablet with clients‟ health information moves beyond hospital
grounds prompting intervention
Virtualization
Organisations beginning to run multiple O/S on device
One for business, one for personal
More amenable to open O/S such as Android
VDI seen as an acceptable workaround for device security
Aug-12 © IDC
Unbridled, Consumerization Will Lead to the IT Department Losing Control
Time wasted
Lack of strategy = ITD downfall
Loss of flexibility
You can be outsourced
Dealing with the unknown
Leaked data and lost assets
Skills & management issues
An asset management nightmare
Security uncertainties
Dropped SLAs
Infr
astr
uctu
re
IT d
ep
art
me
nt
Op
era
tio
ns
Aug-12 © IDC
Recommendation #1: Asset Management Integrate Consumerization Within Your Asset Life Cycle
Take consumerization into account within the
asset management process:
– Plan/acquire/deploy/maintain/retire
Segment end users into key categories or profiles:
– Task workers/power users/mobile
workers/senior execs
Limit the number of "authorised devices":
– Laptops and tablets: latest Windows or iOS
only
– Smartphones: e.g., Android, iOS, or RIM
only
Limit authorised Web 2.0 applications:
– e.g., Facebook, LinkedIn, Twitter,
YouSendIt, and Skype only
Aug-12 © IDC
Recommendation #2: Security Processes Automate Security Features
Automate features within the consumer devices:
Host firewall, intrusion detection, and protections
End-point feature control
Strong authentication
On-air device lock and wipe
Automatic encryption
Antivirus, antimalware + automated patch management
Monitor activities of consumer devices
Longer term: assess client or apps virtualization as a possibility
Aug-12 © IDC
From Information to Intelligence
23
Mobile
Devices
& Apps
Mobile
Broadband
Cloud
Services
Big Data/
Analytics
Social
Business
2011
PC
LAN/
Internet
Client-
Server
1986
Millions of Users
Thousands of Apps
Hundreds of Millions of Users
Tens of Thousands of Apps
Billions of Users
Millions of Apps
Trillions of “Things”
Aug-12 © IDC
Recommendation #3: Support Processes Set Up Consumerization as Another "Class of Service"
Establish a consumerization strategy
Map in-house skills to it:
Partner with the relevant equipment and SW vendors
Identify gaps
Plan training and accreditations
Communicate with your end users:
What they can expect of the IT department …
… but also what the company can expect of them!
Set expectations in terms of SLAs
Within the IT department, ensure the following processes recognize
"consumerized devices" as another class of service (profile):
Incident, change, release, and configuration management
Start to regain control
Aug-12 © IDC
Intelligent Security Requires an Organizational Ecosystem
25
Leader Key Issues Tone and Roles
CEO Institution relevance
Market performance
Executive talent
Investment vs. Risk
Industry partnership; private sector role
Talent acquisition and education
CFO Efficient capital
Financial performance
Risk, including cyber
Security investment
Pay now/pay later trade-off
CISO ROI
COO Operational excellence
Complexity, cost of operation
Efficient/effective cyber-risk program
Uncompromised management
CTO Utilization
Infrastructure partners
Critical infrastructure protection
Facilities, storage, network, compute
Cyber-risk ecosystem
CIO
Systems integration
IT talent and ecosystem
Data and software governance
All channels
Software assurance
Data protection
LOB Executive IT on demand
Cost and excellence
Core Cyber-risk requirements
“Customer” protection strategy
Aug-12 © IDC
Workplace 2013?
Automate Security Features
Asset Management
Host Firewall Virtualization
Monitoring IDS
Support Processes Expectation Setting
Training
Communication Partnerships
Support Life Cycle
Map Skills to Policy & Requirements
Accreditations
Set up "Consumerization"
as Another Class of Service
Security Processes
Audience
Segmentation
Authorised Device
Catalogue
Limit Web 2.0
List
Integrate Consumerization
Into Your Asset Life Cycle
DLP
Configuration Mgmt
You cannot resist consumerization, you can only contain it.
Out of control, consumerization is toxic to the business. Under control, it is a powerful tool.
You can take steps to control consumerization and make it work for you.
USER-CENTRIC
COMPUTING Virtual Desktops Consumerised
Device (Choice) Mobility IT as a Service
Aug-12 © IDC 27
Don't Get Consumed by Consumerization
CIOs and vendors must focus on three processes
to remain in control.
Aug-12 © IDC
Takeaways: Definition, Impact, and Recommendations
Definition
Consumerization is the
set of changes resulting
from enterprise workers
bringing their own
devices and using Web
2.0 social applications in
the workplace.
Impact
The impact of
consumerization will be
broad and deep:
Infrastructure
Operations
The IT department
Consumerization can lead to
outsourcing.
28
Recommendations
Focus on three core areas,
starting now:
Asset management
Security processes
Support processes