IBM recently revealed unsettling news on the EMM (enterprise mobile management) security front. IBM research into “1 million BYOD and corporate-issued devices” showed not only that 90% of companies only required numeric pins, but that 80% were satisfied with “a four- to five-digit PIN, which can be cracked in as little as 18 minutes.”
We found this disturbing since, even three years ago, when we published our in-depth study, “The Future Of The Mobile Cloud”, EMM companies (then more generally referred to as MDM, mobile device management, or MAM. mobile apps management, providers) were all emphasizing the security features of their offerings.
The IBM announcement, it should be noted, was triggered by the fact that their close ally, Apple, has recently gone to a required six-digit passcode under iOS9 and the iPhones 6S and 6S Plus.
Why Does This Security Issue Exist Now?
We spoke with David Lingenfelter, who is IBM-Fiberlink Information Security Officer, about IBM’s findings and the status of EMM security. We asked whether enterprises have simply been falling down on the job of securing the BYOD devices that have flooded into companies.
He said that he felt that security officers in corporations were responsive and concerned, but that it was really the users “who are driving the industry.”
In that respect, he regards Apple’s move to a six-digit requirement as a validation that more needs to be done to attack the security problems. IBM issued an infographic that made the point that while a four-digit password can be cracked in as little as 18 minutes, “With a 6-digit alphanumeric passcode, it would take cybercriminals 196 years to hack into a mobile device.”
Lingenfelter went on to explain that, as far as EMM is concerned, however, security “is not a single-factor solution, it’s not just a passcode issue.” There is one issue of security at the device level, but beyond this is the need for encryption of sensitive information and authentication for access to corporate information. Some companies he notes have all of these covered.
How about two-factor authentication, such as a passcode, plus a biometric identifier, or unique PIN code sent to the device via SMS? Lingenfelter says that he sees more businesses moving in this direction.
Evolution In The EMM Marketplace
As far as the EMM industry goes, he believes there is a shift in focus occurring, away from emphasizing protecting mobile devices, “to protecting data wherever it is – on a device, a server, in the cloud, etc.”
Three years ago we predicted in our Mobile Cloud study: ”Combined MDM/MAM platforms; Mergers of MDM and MAM providers; and Acquisitions by larger security and other companies of both MDM and MAM providers.” These trends have obviously occurred, the latest example being the Blackberry acquisition of Good Technology.
Asked about his perspective, Lingenfelter said that Fiberlink had realized that they couldn’t scale dramatically “just managing mobile devices.” They chose to be acquired by IBM and their expansion has been built on the Fiberlink MaaS 360 platform, closely related to a number of other IBM initiatives. As an example he mentioned the QRadar security intelligence platform. (IBM acquired Q1 Labs which, offered the QRadar product, in 2011.)
EMM Growth Outlook
The EMM area has generally been regarded as a niche in the overall IT picture. However, Lingenfelter believes it is broadening out and has expansion opportunities. He opines that, “There is a bigger picture than anyone can see at this early stage.”
This view is supported by a recent Ovum market study that foresees the EMM software industry growing from under $3 billion in total revenue in 2014 to nearly $10 billion in 2019, with higher growth rates coming from outside North America. (Ovum Software Market Forecasts: Enterprise Mobility Management, 2014–19.)
View infographic from IBM Security
Download (PDF 1.03MB)