Techniques and real world experiences in mobile device security

Mobile devices have become ubiquitous in today´s technology-enabled organization. Not only have they become commonplace, many business practices have not only matured to support mobile interaction, but embraced it at all levels, culminating in a rising “mobile first” philosophy throughout the organization. With this rise in mobile presence, however, comes significant challenges. The rise of “Bring Your Own Device” (BYOD) brings new requirements on organizations, including new approaches to security, data protection and information flows. It no longer suffices to craft organizational policies and procedures around wholly-owned corporate devices; today´s security policy makers must craft more flexible and dynamic systems that can support privately- owned devices. Here in this paper, we discuss the many different factors and considerations that go into approaching security for mobile devices in an organization, not just from existing technologies, but to our experience in putting these models to use in the enterprise. We talk about not only high-level techniques, such as encryption and identity/authorization, but also of new and developing security approaches surrounding the mobile ecosystem. We will show examples of our own experiments in novel security approaches, and discuss our successes and failures in the course of bringing our organizational security.