In the early days of mobility, enterprise IT could pretty much operate at its own pace. Mobile security training and IT implementation existed in their own silos, while business units were similarly stovepiped.
However, silos don’t work anymore. As mobility becomes increasingly pervasive across all aspects of the enterprise, it’s no longer enough for business initiatives and mobile security to run on parallel tracks. Rather, IT leaders and security executives in particular must work with business leaders, with both sides reaching across the aisle to coordinate their efforts.
“Almost every business unit in your organization is likely either implementing or planning to implement new mobile initiatives,” notes Chris Sherman, senior analyst at Forrester, in a February 2017 research report, “Build A Cross-Functional Mobile Security Team Organization: The Mobile Security Playbook.” “[I]t’s up to the security team to come to the table with solutions, especially those that support top-line growth.”
The Changing Landscape
Early efforts at mobile security often came from within the email security team, with mobile security training and support limited in scope, and with security teams divorced from the app development process. But the rise of a more mobile enterprise is causing a shifting landscape.
Discover Forrester's Mobile Security Playbook
Learn how to build a cross-functional group of security and ops staff for the best mobile strategy. Download Now
In the report, Forrester highlights a wide diversity of mobile devices presently in use, with workers accessing laptops (69 percent), smartphones (70 percent) and tablets (35 percent) at least weekly. With the previous workflow, security teams aren’t delivering the support needed to encourage top-line growth in this complex mobile workplace.
Moreover, the silo approach means security is not addressing the big picture: looking at mobility as a means to spur business innovation, drive customer engagement and improve the overall customer experience. Key functions such as sales, marketing, research and development all acquire and deploy mobile services, and may implement them without consulting the security team.
This model of self-implementation sets an enterprise up for vulnerabilities. “As mobile initiatives have become more complex and widespread throughout the organization, more formal collaboration between the business units and the mobile project teams is necessary to ensure alignment,” Forrester explains.
Crossing the Aisle
The tide may be turning: A 2016 survey saw a 10-point rise (up from 22 percent) among business decision-makers who say that app development is their responsibility. It’s a sign that the walls are starting to come down.
Though how do enterprises bring the business and IT sides together to ensure security is embedded in mobile development efforts from the outset? Forrester offers several strategies:
- Mobile steering committees can help to prioritize projects. Such working groups can prioritize mobile initiatives, deliver security skills assessment tools, obtain budgets and set cross-enterprise priorities. “This is a perfect opportunity to reach across the aisle and work with the development and operations team to build a comprehensive mobile strategy across the organization,” Forrester notes.
- Mobile centers of excellence can deliver the thought leadership needed to ensure mobile security. A center of excellence can establish best practices at the intersection of business needs and mobile security. This should be an outward, customer-focused operation, establishing security within the broader framework of customer engagement. Aligning the two helps to ensure solid mobile security training and reduce the risk of a breach.
- Mobile project teams, which Forrester calls “IDEA teams,” can help to ensure security is a primary design consideration. Such teams may include developers, designers, product managers and program managers, all looking to ensure security within a strong mobile experience. By including team members from all different departments, this not only breaks down communication barriers, but also helps align common goals and project initiatives.
Taken together, all these strategies suggest a new way of conceptualizing security in mobility. No longer a sideline or appendage to the mobile implementation, the security skills assessment today must reach across “the entire digital business ecosystem,” as Forrester puts it, noting that in today’s mobile enterprise, “a business process in a digital business is rarely, if ever, self-contained.”
IT professionals and business leaders increasingly must work together, proactively partnering to ensure that business integrates security into its mobility plans, while at the same time making certain that mobile security professionals are helping at every stage to foster innovation, enhance the customer experience and benefit broader enterprise ambitions.
See how enterprise mobility solutions are changing the way that employees work on a daily basis.