Security Experts:

2015 Security Predictions - Have They Held True So Far?

As 2014 came to a close, industry experts weighed in with their predictions for 2015. A number of these predictions focused on mobile devices in the enterprise, wearables and bring your own device (BYOD) policies. Nearly three months into 2015, how are these predictions holding up?

Say goodbye to EMM and MDM

Gartner’s Top 10 Strategic Technology Trends for 2015 claims that, “As mobile devices continue to proliferate, Gartner predicts an increased emphasis on serving the needs of the mobile user in diverse contexts and environments, as opposed to focusing on devices alone.”

While mobile security remains at the top of every CISO’s priority list this year, enterprises have quickly begun to realize that mobile device management (MDM) and enterprise mobility management (EMM) are not enough to keep data safe. Moreover, they do not provide much return on investment. With mobile security now a board-level discussion, the latter is increasingly important.

According to a recent Forrester blog by Tyler Shields, “It took just a few years for core MDM functionality to commoditize to a $0 price tag.” In my opinion, if you’re paying more than $0 for your MDM, you’re paying too much. Instead, follow Gartner’s best of breed technology recommendations. More organizations are doubling-down on application-level security -- adopting a data-centric approach, rather than a device-centric one -- to achieve better insight, visibility and security of their data.

BYOD is here to stay

Businesses are increasingly realizing the benefits of BYOD, including improved employee productivity and reduced management overhead. This explains why, despite predictions that BYOD would plateau in the New Year, BYOD adoption has continued to gain momentum in the past six months. Which means it will be crucial for organizations to protect corporate data on user-owned mobile devices. In a 2014 study, Bluebox Labs discovered that several Android tablets for sale during the holiday season shipped with vulnerabilities, security misconfigurations and even security backdoors. These devices could be in your organization today, accessing corporate Wi-Fi or VPNs and putting corporate data at risk. We can no longer prevent employees from bringing mobile devices into our organizations, so instead of trusting these devices, we must empower apps to detect and defend themselves to protect data, even when accessed on a compromised device.

Privacy concerns, specifically in Europe, have prompted businesses to loosen the reigns on device management and focus on what really matters – data security and application control. When enterprises are no longer responsible for managing employee mobile devices, IT teams have fewer security concerns to consider.

Don’t worry about wearables

As the 2014 holiday season approached, analysts and industry experts made predictions about the emergence of wearables and the potential impact on the enterprise. However, not unlike Y2K, this hype was nothing more than fodder for headlines. The holidays came and went, and employees did not return to work wearing a slew of new connected devices.

Three months in, wearables still don’t appear to be a consideration in most organization’s security strategies this year. Enterprise security teams will not have to worry about securing IoT in the enterprise anytime soon and can instead focus on securing corporate data to avoid becoming the next breach in media headlines.

Predictions for the remainder of 2015

While many of the 2015 predictions are holding true, others may have simply been a bit premature. What is evident is that we are seeing a change in enterprise mobile security strategies. Mobile security breaches hit 68 percent of businesses in the last year alone, an increase from 45 percent in 2013, according to InformationWeek's 2013 Mobile Security Survey. This year security teams are preparing and seeking out security solutions that enable mobile business and secure corporate data in an employee-friendly way.

view counter
Adam Ely is the Founder and COO of Bluebox. Prior to this role, Adam was the CISO of the Heroku business unit at Salesforce where he was responsible for application security, security operations, compliance, and external security relations. Prior to Salesforce, Adam led security and compliance at TiVo and held various security leadership roles within The Walt Disney Company where he was responsible for security operations and application security of Walt Disney web properties. Adam is a CISSP, CISA, NSA IAM, MCSE and holds an MBA from Florida State University.