It would be hard to look back at 2014, without discussing some of the major mobile security events that occurred. From Home Depot to Walmart to Walgreens, mobile data security made headlines due to the presence of basic security flaws that put mobile data at risk. Not to mention the long list of vulnerabilities that were discovered. Looking forward into 2015, what can we expect from the mobile security industry in the upcoming year? Here are my thoughts:
1) The future of enterprise mobility management
In 2015, enterprise mobility management (EMM) will become commoditized and cost will decrease, as enterprises realize it does not provide much return on investment. Additionally, as enterprises realize that device level security just isn’t enough, they will begin moving away from managing employee’s physical devices, and instead look for ways to secure the data.
Secondly, mobile app security will become increasingly important in 2015. Currently, there are a number of ways to secure content on mobile devices, like MDM, MAM and EMM; however, as we continue to see an uptick in the number of mobile security threats, one method will come out on top. Protecting and securing the actual code of mobile applications, as well as the data accessed by these applications, without relying on MDM, will be critical in 2015. In the wake of high profile security incidents and the availability and adoption of mobile apps that contain sensitive banking, financial and personal health information, consumers will increasingly demand that enterprises providing applications deliver assurances around mobile security.
3) A “New Relic” of Mobile Security will emerge
As enterprises and consumers continue to aggressively adopt mobile for work and personal, there will be increased demand for mobile analytics that monitor the real-time security posture of apps and the data throughout the mobile ecosystem. Businesses will need to implement solutions that track usage and attack patterns that will allow organizations to best protect business-critical data in the coming year and proactively thwart attacks before they become a headline problem. This follows a larger trend in the enterprise of moving security closer to what we actually care about, the data.
4) iOS vs. Android
Lastly, the delta between the security of iOS and Android will continue to shrink. In 2014, we saw that the recent release of iOS 8 made the platform less restrictive and Android added more enterprise security features to its operating system, making it more secure. With the two operating systems looking more alike in 2015, enterprises will need to take a long, hard look at what they’re securing, as neither Android nor iOS will be completely reliable, or completely trustable.
In 2014 researchers shed light on a number of long-standing vulnerabilities, like Heartbleed that was around for 20 years unnoticed. Despite the fact that SQL injection has been around for over 10 years, developers are still creating applications vulnerable to it. We can attempt to predict the future, but without proper security measures in place, data breaches are bound to happen. Unfortunately, it’s not a matter of if a breach will occur, but when.