What Does Mobile-First Security Look Like?

The only phrase you’re likely to hear more often than “mobile first” is “mobile security.” But what does mobile-first security looks like? 

The question is turning out to be a big deal, and getting a lot of attention from Microsoft, Google, and other companies that want to be the harbinger for all of your productivity. Turning your company’s data over to Office 365 or G Suite is going to be more appealing if there’s a strong sense that all the information will be safe from malicious third parties, yet easy for you to manage.

There’s been a lot of news around this topic in the last few weeks, with Google making a ton of announcements at its Cloud Next conference and Microsoft bringing its Teams work chat application into the wild.

Nearly everything these companies do lately has a major impact on the concept of being mobile first. Effective mobile work relies on speed, access to the cloud, and security. Here are a few of the most recent happenings in this area that may be items to work through when it comes to how to best ensure your company’s workflow is secure and mobile ready.

Security at the Chip Level

One of the most interesting announcements I’ve seen in a while when it comes to hardware and security was dangling from the ear of Google’s Urs Holzle,  senior VP for technical infrastructure, at the company's recent Cloud Next conference. He debuted Google’s Titan chip, which was designed with a “layered security architecture, spanning the physical security of data centers to secure boot across hardware and software to operational security,” according to Google’s announcement.

The  talk of security and its application to mobile devices was everywhere. G Suite users could rest assured their data and secure documentation were inside a secure Fortress Google thanks in part to the $20 billion that Alphabet chairman Eric Schmidt boasted of spending on it.

It better be, because we’ve reached an inflection point where it’s so much easier to go all-in with cloud than some type of hybrid model that many companies have been clinging to. When you can sign up for a G Suite or Office 365 account and cheaply add new users and dish out access, you’re quickly adding in a lot of content and files that need to be monitored and secure.

The message you get from Google in this area is clear - you won’t need to worry about someone getting at your stuff as long as you use good security practices.

Google’s custom chip is built to put security at the hardware level.

Diving into mobile device management

Mobile device management is a phrase that can send anyone’s head spinning for how many potential problems exist when it comes to company data. But this is a critical component of mobile-first security.

Office 365 offers a clear mobile device management strategy for an organization.

Both Google and Microsoft have guidelines and policies about how to effectively manage data, devices, and distribute access to applications. Even if your shop is BYOD (bring your own device), you’re still doing device management because both Office 365 and G Suite grant you the power to confer access for particular applications and varying types of data archival.

This also may mean setting specific policies for device usage, even if you’re not directly issuing each device. Take the time to get to know how each cloud provider handles device management, and this may help you decide which is the best cloud to go with.

A Smarter Cloud Requires Smarter Security

The mobile-first mantra isn’t just about the convenience of having a device in your hand. It’s because all of that data flowing through your Google or Microsoft account is being analyzed by those companies to (hopefully) empower you to work smarter.

You can require screen locks or wipe data with G Suite’s mobile device management policies.

For example, Google has a new series of APIs for recognizing objects in videos, which could do wonders for editing and advertising campaigns, embodying the whole pitch behind Google Cloud, i.e. it’s the smarter cloud, enabling companies that use it to find out both the work they’re doing and what you need to do each day.

But if your cloud is going to be doing some of the thinking for you, it better be sure and not leak any of that information out to more nefarious sources. This is why a mobile device management policy, secure practices, and rock solid security from the cloud provider are all critical. Microsoft executive Brad Anderson recently released a video that claims to tell you everything you’d ever want to know about enterprise mobile security. It’s a good reminder that Microsoft is going to continue to compete very vigorously in this space, and may give you some tips about how to manage this critical area.

Essentially, mobile-first security isn’t terribly different from just good security practices. However, things move more quickly and require a deep understanding of managing security and data with a cloud provider. The cloud is smarter, but everything it knows means that it must be protected.