The first paragraph on an ABI Research report on mobile malware sounds dire. The firm says that mobile threats have grown by 261 percent in a half year. The idea is that several deep trends – the ascendance of mobility in general; the greater “attack surfaces” made possible by the ever-increasing sophistication of smartphones; and the expanding use of BYOD work arrangements, to name three – are attracting more and better crackers.
The good news is that there also is a response to these awful-sounding trend lines. ABI says that the mobile security services market will reach $1.88 billion in value by the end of the year and will easily outdistance other ways in which security is delivered. The services element enables a high-level, uniform and systemic approach to security. This is better than simply loading discrete pieces of security software into phones.
There is nothing new in this, other than the fact that the services approach is taking control so handily. It is a diverse and complex field, according to ABI:
More than simple security applications, the demand for specialized services is driving the market for mobile security; network security, managed and professional services are set to become the biggest category for business-to-business mobile security. Bundled network security which includes unified threat management, deep packet inspections, virtual private networks, and remote device management will become increasingly important. The driving markets in mobile security are concentrating on services for mobile device, identity and authentication management, as well as for audits, certification, and consulting.
The size and sophistication of the market is set to grow even deeper. The ABI study suggests that the move from device- to network-based security, in all its incarnations, is gathering steam.
It is likely that the move from standalone to services is getting a big push from BYOD. BYOD is a scary thing for security personnel. eWeek reports on a survey done of 1,000 consumers by Cisco partners. The bottom line is that BYOD is extremely common (92 percent of respondents used their phone for work during the past year) but that organizations generally are believed to be unprepared to deal with its security ramifications. Those perceptions almost certainly are accurate — and are no doubt propelling enterprises to move to higher-level and systematic approaches. Varonis also recently released research pointing to the same concerns.
The evolution of BYOD – and, therefore, the security measures aimed at protecting it – won’t stop. David Amerland at Forbes raises an interesting possibility, which would radically change BYOD and the security measures aimed at protecting it. In traditional cloud environments, the desktop computers act as thin clients. Most of the storage and processing is centralized. The desktop is a somewhat souped-up monitor. If the mobile world evolves in this way, security concerns would be to some extent minimized and, in any case, shift from protecting the device to guarding the transmission of the data.
The future will be interesting. The shift to security as a networked endeavor is just about complete – for those organizations that are paying attention.