Click here to close now.

Welcome!

Microservices Journal Authors: Liz McMillan, AppDynamics Blog, Pat Romanski, Elizabeth White, Carmen Gonzalez

Related Topics: Security, Wireless, Microservices Journal, AJAX & REA, Web 2.0, iPhone

Security: Article

How to Re-imagine Your Business for a Mobile World

And keep your data safe while doing it

There is little argument at this point that the mass adoption of mobile technology and bring-your-own-device (BYOD) strategies by enterprises is a true business technology revolution. At the core, the catalysts driving this revolution are the vast array of mobile devices leveraging soaring bandwidth - 4G - and super-fast internals - quad-core processors - which have become commonplace.

With this high-bandwidth, ultra-capable combination, end users see the productivity and convenience possible by running the newest, most sophisticated business applications on their own personal mobile devices.

And it's not just end users who can benefit. A recent Symantec survey found that innovative companies - early technology adopters, especially of mobile technology - are seeing significantly higher revenue growth and higher profits than traditional organizations; in fact, by nearly 50 percent.

The question facing every enterprise is, "Are we re-imagining our business with mobility as a central component?" Here are some suggestions on how to accomplish this, while keeping sensitive business data secure.

Evaluate App and Data Needs
The previously mentioned Symantec survey found that 84 percent of those successful, innovative companies are proactively adapting their businesses based on business drivers rather than simply reacting to user demand. So, companies need to evaluate. Thus, the first step in re-imagining business in a mobile world is to determine the apps and data end users could utilize - beyond email - to get their jobs done more efficiently.

App Type
Apps for CRM, e-Health and ERP are just a few good examples of line-of-business apps companies in different industries can leverage to improve productivity through mobility. Add to this list cloud-based file storage apps that give users access to their data across computing platforms.

Data Access
Beyond app type, companies must take a closer look at target user groups to determine each segment's specific data access needs. Some users might need resident data on their devices, while others who are likely to have connectivity all the time can manage with cloud-based data. Understanding each group's specific needs will help determine the type of technology approaches possible.

App Procurement
Once app type and data access requirements are well understood, companies need to explore app procurement. For some, the only way to get exactly what is needed is to build a custom app or have one built for them. However, hundreds of thousands of apps are already available for the most popular mobile operating systems and, in many instances, the perfect app likely already exists.

Keep App and Data Security Top of Mind
The Symantec survey referenced earlier also found that the innovative companies who are leading the way in mobility adoption also experience about twice as many mobile security-related incidents, such as loss of corporate data. This leads to a second question enterprises must ask, "How do we keep our sensitive data safe in a mobile world?"

From a high level, there are really two approaches to keeping business data on mobile devices secure. The first is protecting data at the device level and the second is protecting it at the app level.

Device Level Data Protection
Data protection on mobile devices at the device level largely involves mobile device management (MDM) software. MDM provides business IT with control over complete devices and, as such, policies can ensure devices are password-protected and also provide the ability to remotely lock or wipe devices in the event of a loss or theft and even prevent the forwarding of emails.

However, MDM cannot address other data loss-related concerns such as copy and pasting of sensitive information or, more important, protecting corporate data in applications beyond the email client.

Thus, the device level approach creates an environment where it becomes far too easy for sensitive data to mingle with personal apps and leak out through, for example, a web-based email account, social networking application or personal cloud storage. This can all occur without IT ever knowing.

App Level Data Protection
The next logical area where enterprises can implement and enforce policies to keep data on mobile devices secure is at the app level. The previous iterations of this approach involved sandboxing technologies, where corporate data on mobile devices is held in an established digital container on devices, and data flow from the sandbox or container is controlled. This approach prevents the confluence of personal and corporate data, the ability to copy and paste data accessed from within the sandbox to other areas on the device, and unauthorized email forwards from within the sandbox.

This sandbox approach worked well when email was the only app businesses wanted to mobilize. However, as companies re-imagine their businesses with a focus on mobility, this approach falls short. Any corporate app that needs protection has to be built in or modified to fit into the sandbox. With the diversity of apps available, this approach is very limiting and even the early proponents of this technology are moving on to other strategies.

One of these strategies is mobile application management (MAM), which addresses the limitations of sandboxes while still meeting corporate security needs. MAM technology allows companies to wrap their corporate apps and the data tied to them in their own security and management layers. This gives enterprises complete control of their apps and data while leaving user-owned information untouched. In contrast to the legacy sandboxing approach, it does this without any additional overhead, either from affecting device usage or source code modifications.

With MAM, controls such as authentication, encryption, data loss prevention and expiration - apps and data can be manually expired or set to automatically remove themselves from devices based on perimeters established by administrators - can all be applied to corporate apps and other resources on otherwise unmanaged, user-owned devices. In this way, complete end-to-end visibility and control over where sensitive data is flowing - regardless of what mobile application or service is being used to traffic the data - can be achieved and, just as important, maintained.

In addition, MAM allows multiple corporate apps to securely communicate with each other and for data traffic segregation, so all traffic from corporate apps can be routed through the corporate network while the personal traffic is left unmonitored.

It is important to note, however, that MAM as a term is being used loosely within the industry. Different technology vendors use it to describe different things. Some refer to app distribution functionality as MAM and still others refer to simple app blocking as MAM.

From an enterprise perspective, however, MAM should be more than that. More than simply distributing the right apps and blocking the wrong ones, MAM is about protecting the corporate apps and data on mobile devices by taking management from a device level to an application level. It is the most effective tool for separating corporate data from personal data to make safe, effective BYOD policies possible.

Re-imagining business for a mobile world, while not without its growing pains, can be a fairly straightforward process. However, to re-imagine business for a mobile world confidently, MAM should be a part of every discussion.

More Stories By Swarna Podila

Swarna Podila serves as a senior manager with the Enterprise Mobility Group at Symantec, responsible for the messaging, positioning, go-to-market strategy and overall evangelism of mobile security and management products and services. In her role, she focuses on the enterprise routes to market, messaging the solutions for on-premise and cloud deployments. At Symantec, Podila has promoted the idea of user-centric and information-centric view and anytime, anywhere productivity.

Prior to Symantec, Podila served a product marketing consultant at Citrix. There she was responsible for the messaging and launching of the company’s networking products. Prior to Citrix, she worked at a software startup and was responsible for their transition from stealth mode to a mid-sized company. She was responsible for product messaging, identifying routes to market and sales enablement. With over 10 years experience in the IT industry, Podila has held a number of roles in product strategy, marketing and engineering. She has an undergraduate degree in Electronics and Communications Engineering and an MBA from Santa Clara University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
Docker is an open platform for developers and sysadmins of distributed applications that enables them to build, ship, and run any app anywhere. Docker allows applications to run on any platform irrespective of what tools were used to build it making it easy to distribute, test, and run software. I found this 5 Minute Docker video, which is very helpful when you want to get a quick and digestible overview. If you want to learn more, you can go to Docker’s web page and start with this Docker intro...
Enterprises are fast realizing the importance of integrating SaaS/Cloud applications, API and on-premises data and processes, to unleash hidden value. This webinar explores how managers can use a Microservice-centric approach to aggressively tackle the unexpected new integration challenges posed by proliferation of cloud, mobile, social and big data projects. Industry analyst and SOA expert Jason Bloomberg will strip away the hype from microservices, and clearly identify their advantages and d...
The 5th International DevOps Summit, co-located with 17th International Cloud Expo – being held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the...
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises a...
Over the years, a variety of methodologies have emerged in order to overcome the challenges related to project constraints. The successful use of each methodology seems highly context-dependent. However, communication seems to be the common denominator of the many challenges that project management methodologies intend to resolve. In this respect, Information and Communication Technologies (ICTs) can be viewed as powerful tools for managing projects. Few research papers have focused on the way...
As the world moves from DevOps to NoOps, application deployment to the cloud ought to become a lot simpler. However, applications have been architected with a much tighter coupling than it needs to be which makes deployment in different environments and migration between them harder. The microservices architecture, which is the basis of many new age distributed systems such as OpenStack, Netflix and so on is at the heart of CloudFoundry – a complete developer-oriented Platform as a Service (PaaS...
The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential. The DevOps Summit at Cloud Expo – to be held June 3-5, 2015, at the Javits Center in New York City – will expand the DevOps community, enable a wide...
T-Mobile has been transforming the wireless industry with its “Uncarrier” initiatives. Today as T-Mobile’s IT organization works to transform itself in a like manner, technical foundations built over the last couple of years are now key to their drive for more Agile delivery practices. In his session at DevOps Summit, Martin Krienke, Sr Development Manager at T-Mobile, will discuss where they started their Continuous Delivery journey, where they are today, and where they are going in an effort ...
Cloud Expo, Inc. has announced today that Andi Mann returns to DevOps Summit 2015 as Conference Chair. The 4th International DevOps Summit will take place on June 9-11, 2015, at the Javits Center in New York City. "DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited to help the great team at ...
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding bu...
I’ve been thinking a bit about microservices (μServices) recently. My immediate reaction is to think: “Isn’t this just yet another new term for the same stuff, Web Services->SOA->APIs->Microservices?” Followed shortly by the thought, “well yes it is, but there are some important differences/distinguishing factors.” Microservices is an evolutionary paradigm born out of the need for simplicity (i.e., get away from the ESB) and alignment with agile (think DevOps) and scalable (think Containerizati...
Software development, like manufacturing, is a craft that requires the application of creative approaches to solve problems given a wide range of constraints. However, while engineering design may be craftwork, the production of most designed objects relies on a standardized and automated manufacturing process. By contrast, much of moving an application from prototype to production and, indeed, maintaining the application through its lifecycle has often remained craftwork. In his session at Dev...
How can you compare one technology or tool to its competitors? Usually, there is no objective comparison available. So how do you know which is better? Eclipse or IntelliJ IDEA? Java EE or Spring? C# or Java? All you can usually find is a holy war and biased comparisons on vendor sites. But luckily, sometimes, you can find a fair comparison. How does this come to be? By having it co-authored by the stakeholders. The binary repository comparison matrix is one of those rare resources. It is edite...
Container frameworks, such as Docker, provide a variety of benefits, including density of deployment across infrastructure, convenience for application developers to push updates with low operational hand-holding, and a fairly well-defined deployment workflow that can be orchestrated. Container frameworks also enable a DevOps approach to application development by cleanly separating concerns between operations and development teams. But running multi-container, multi-server apps with containers ...
Converging digital disruptions is creating a major sea change - Cisco calls this the Internet of Everything (IoE). IoE is the network connection of People, Process, Data and Things, fueled by Cloud, Mobile, Social, Analytics and Security, and it represents a $19Trillion value-at-stake over the next 10 years. In her keynote at @ThingsExpo, Manjula Talreja, VP of Cisco Consulting Services, will discuss IoE and the enormous opportunities it provides to public and private firms alike. She will shar...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading in...
SYS-CON Events announced today that EnterpriseDB (EDB), the leading worldwide provider of enterprise-class Postgres products and database compatibility solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. EDB is the largest provider of Postgres software and services that provides enterprise-class performance and scalability and the open source freedom to divert budget from more costly traditiona...
With the advent of micro-services, the application design paradigm has undergone a major shift. The days of developing monolithic applications are over. We are bringing in the principles (read SOA) hereto the preserve of applications or system integration space into the application development world. Since the micro-services are consumed within the application, the need of ESB is not there. There is no message transformation or mediations required. But service discovery and load balancing of ...
There’s a lot of discussion around managing outages in production via the likes of DevOps principles and the corresponding software development lifecycles that does enable higher quality output from development, however, one cannot lay all blame for “bugs” and failures at the feet of those responsible for coding and development. As developers incorporate features and benefits of these paradigm shift, there is a learning curve and a point of not-knowing-what-is-not-known. Sometimes, the only way ...
The Internet of Things is a misnomer. That implies that everything is on the Internet, and that simply should not be - especially for things that are blurring the line between medical devices that stimulate like a pacemaker and quantified self-sensors like a pedometer or pulse tracker. The mesh of things that we manage must be segmented into zones of trust for sensing data, transmitting data, receiving command and control administrative changes, and peer-to-peer mesh messaging. In his session a...