Digital technology, media and intellectual property
Random header image at GB Media

From MWC2013: oh, the angst of the bring-your-own-devise (BYOD) movement – the cost, the security (and a little cyber education thrown in)

March 27th, 2013 |  Published in Mobile World Congress 2013

MWC BYOD

 

27 March 2013 – BYOD originated in response to employees who requested access to corporate resources on their personal devices so they wouldn’t have to carry a personal phone and a company phone. And IT directors still cite employee demand as one of the top reasons for allowing BYOD.  Yet skepticism persists among technology leaders about the real benefits of BYOD. When IT services provider Damovo surveyed 100 IT directors last year, almost three quarters said they were afraid BYOD could cause costs to “spiral out of control.” Concerns included the need for new security measures, network improvements and the cost of support.

Feelings at MWC this year were mixed.  And a soon-to-be-published report by Nucleus Research states that the hard ROI of BYOD is being confused by feel-good claims around productivity and vendor proclamations that lack a financial foundation.  It is being sold by so many vendors as a good thing.  The Nucleus Research report maintains the actual cost of a device makes up just 10 percent of the total cost of deploying that device in a business environment. Companies also need to factor in the cost of voice and data, development, management and support.  “The challenges of BYOD can increase the other 90 percent of spend to the point where BYOD will actually increase overall costs without providing tangible benefits,” the report states.

There was a lot of talk about costs.  Several telecom vendors noted that telecommunications costs, in particular, can expand with BYOD because companies lose the traditional volume discounts they got when they purchased both devices and service from a single provider.  Then again, some companies are using BYOD as an excuse to reduce the number of subsidized plans and even eliminate subsidies altogether for employees who don’t meet certain classifications. According to a Gartner study floating around the halls only about half of companies with BYOD reimburse employees for devices or services and just two percent cover all costs.

The reality is that the cost of BYOD is likely to vary from company to company. Many of the cost advantages will come from transferring communications-related expenses from a company to an employee, while real productivity gains will depend on the temperament of individual employees and how much more they are willing to work when all barriers have been removed.

The bigger issue ….

MWC BYOD security

BYOD and mobile devise management software steal the show

MWC has always been known as a telecom provider and consumer mobile show. But this year MWC officially turned the corner to become a premier enterprise mobility show. Over two-thirds of the companies we interviewed already offer or plan to offer BYOD support.  Several years ago, mobile device management (MDM) vendors provided early solutions to this problem. However, companies weren’t ready to embrace BYOD and everyone underestimated the employee backlash associated with IT controlling personal devices. Today, businesses are looking for solutions and a wide range of solutions were either launched or showcased at MWC.

The very first day of the conference Samsung was out of the gate with a major announcement, demonstrating it was further bolstering its mobile enterprise credentials by releasing KNOX, a comprehensive package of mobile security services that will be integrated into its SAFE (Samsung for Enterprise) brand. We had an opportunity to see a video presentation, as well as work with it first-hand on numerous Galaxy S IIIs.  For our report click here.

VMWare has a slightly different approach that addresses the same issue with Android. It launched VMware Horizon Suite  just before the show. The idea behind the suite is to provide a usable experience that allows employees to access corporate applications across mobile devices, PCs and virtual desktops without sacrificing security. And for Apple, it offers app wrapping.

Not to be outdone IBM announced  IBM announced IBM MobileFirst. The mobile portfolio combines security, analytics and app development software, with cloud-based services and mobile professional services. These service could include strategy and design as well as development and integration. With IBM MobileFirst, the company can provide businesses with everything from the mobile device management through tools and services to help companies create mobile applications. This product bundling and integration has the potential to solve a real pain point for customers, which is the challenge of integrating multiple best of breed solutions to get a comprehensive enterprise mobility management suite and/or mobile development suite.

And to guide us through the whole ecosystem we had the then-current “Gartner Magic Quadrant for Mobile Device Management Software”.  Every year, Gartner evaluates mobile device management providers based on their ability to execute and completeness of vision. Vendors are then placed on a quadrant to represent their position in the market.  Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. For a link to the soon-to-be-released 2013 Magic Quadrant … courtesy of our friends at SAP … click here.

The GSMA mobile security events

GSMA was running several mobile security strategy events and forums addressing the security, privacy and legal implications of BYOD and we attended most of them.

But the highlight was my 1/2 day spent at the GSMA Mobile Identity/Mobile Security hall, a vast structure with scores of experts (and a free coffee bar), where I met some fellows from the United States Cyber Command, and Peter Cattaneo from intercede.

In brief, United States Cyber Command (USCYBERCOM) is an armed forces unit which comes under the United States Strategic Command. The command is located in Fort Meade, Maryland and USCYBERCOM centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks. And obviously the USCYBERCOM reps in attendance were providing much sanitized versions of background briefs on what they did, issues with cybersecurity, etc.  But one nugget I picked-up was that every morning the Pentagon must clear 65,000 people through various entrances, all within 3 hours.  The example was used in describing the various levels of security, when and where they were needed, etc.  At the “front door” you are not going to do a badge check-fingerprint check-retina check and get those 65,000 people through the gates in 3 hours.  And security passes have multiple embeds depending on where you work in the Pentagon.  And yes, Chuck Hagel, the current Secretary of Defense, has his own very special security badge.

But even more illuminating was my meet-up and chat with Peter Cattaneo of intercede:

Peter Cattaneo
 Peter Cattaneo / intercede

When you attend an event like MWC … 4 days with  75,000+ attendees (and potential clients) and over 1,500 exhibitors, plus 30+ educational sessions and presentations … you hope to find a few “gurus” who can take you through the principle topics and not need to meet/interview scores of people to cover each topic.  Peter was certainly one of those gurus.  And being placed in the GSMA Mobile Identity/Mobile Security hall he could quickly access, as needed, his intercede mate Mick Rutherford and/or Alix Murphy and Ronnie Creed of GSMA (experts in their own right).

In a nutshell (I have links above to their web site for details), intercede is a security software provider whose MyID identity management platform enables global organizations and governments to create trusted digital identities for employees and citizens on secure devices such as smart cards, smartphones and tablets. They operate in the US, Europe and Middle East and have A List partners that include BT, Gemalto, HP, Microsoft, Oberthur, SafeNet, Symantec and Thales, and have A List clients like Boeing, Booz Allen Hamilton and Lockheed Martin, plus governments that include the US, UK and Kuwait. Several of these companies we work with via our Big Data/analytics site The Cloud and E-Discovery.

Peter and I discussed a myriad of topics … mobile identity verification, physical and logical access, national ID cards, etc. … and how all of this fits in the specific requirements of different industries including telecoms, healthcare, manufacturing and utilities. I even got to download some very cool security software on my iPhone.

In our discussion of mobile security and identity security Peter emphasized “we need to talk about making in safer, not safe. As the adoption of smartphones grows rapidly, one of the biggest challenges facing the manufacturers, developers and, ultimately, users is not the threat of losing your phone, but the threat of someone stealing the personal data stored on your mobile phone. Every single platform is exposed to this, no platform is immune. Some are safer than others, but none are immune. You can make them safer but not completely safe.” And we decided to avoid a discussion of the four main smartphone platforms (Android, iOS, BlackBerry and Windows Phone)and which ones were the best. Topic for another post.

But he had some general thoughts on mobile security and identify verification. As he said “you need to put together a framework of analysis with categories between security and manageability and determine your needs”. He did not do an outright “sell” on intercede products but deftly used their products to explain concepts like personal identifying information (PII) coupled with identity checks and an effective ID verification process and did a masterful job of how this technology can “validate the information provided” and “verify the trustworthiness of an individual” across numerous applications and uses.

Plus a fascinating overall chat on cyber security, government data collection, antiterrorism measures, password key fobs, what “full visibility into all data” means at various security levels, etc., etc. My mind exploded.

Chris Edwards, intercede’s Chief Technical Officer, did a very well-received presentation titled “My Mobile and Me” which highlighted their flagship product “MyID”.  The product can do a myriad of things but among its key elements is that it connects to background checking services (e.g. Equifax), which in turn validate data against multiple trusted data sources (e.g. address lists and electoral rolls). These confirm that the claimed identity is a genuine identity with a “social footprint” and that the data provided is sufficient to bind the applicant to the claimed identity. MyID can be connected to a variety of watch lists such as the FBI check for FIPS 201 or police and immigration systems to verify that the individual is not on a known risk register (negative identity verification). There are also some cool biometric checks.

Too much to cover … 

I could write more about what I saw/learned about BYOD and mobile security/mobile identity.  There was so much to cover.  The great thing about MWC this year was the emphasis on the need to improve mobile security standards … and how to do it.  GSMA used MWC to draw attention to security issues and approach them head on. Mobile security as a whole needs to be more agile and proactive, rather than simply waiting for issues to arise. Security has been playing catch up with mobile advancements – now it’s time to put frameworks in place.

One last note: although only in the planning stages, the potential for a Global Security Operations Network (GSON) in order to provide information sharing, early warning, and analytics to its operator members is an important progression and step in the right direction. It can enable international collaboration in all areas of cyber security and this is a promising initiative.

For our full Mobile World Congress 2013 coverage click here.

About the author


Email | All posts by

"The mind that lies fallow but a single day sprouts up follies that are only to be killed by a constant and assiduous culture."
Latest Videos

Un aperçu de la FIC 2017 / A quick look at FIC 2017 (Lille, France)

Cybersecurity: a chat with John Frank, Vice President EU Government Affairs for Microsoft

From Legaltech NYC 2017: a chat with Andy Wilson of Logikcull

5G is coming ... and it's going to blow you away. Yes. Really.

The Internet of Things ... or the cybernetic consortia? (Part 1)

From the Mobile World Congress 2016: an introduction