Intelligent mobile devices are revolutionizing the way remote users connect to their business, and thus are presenting unique security opportunities for solution providers. Blackberrys, iPhones, and the emerging category of promising Mobile Internet Devices (MIDs) are exploding in popularity, fueled by the availability of easy-to-use application interfaces to access information (both business and personal) in non-traditional ways.
Solution providers would be wise to monetize their networking infrastructure experience by helping customers secure their mobile devices. Security Software as a Service (SaaS) opportunities exist for small and medium business markets that need to secure the professional use of personal devices. Ideas for security-related revenue include innovative approaches to configuration administration, secure remote access, compliance auditing and application delivery.
Solution providers already have phenomenal networking expertise, advanced data center hosting capabilities, granular billing systems and an installed base of loyal customers that would like to do more with network applications if security concerns can be addressed. Service providers have experience provisioning a wide-variety of applications in the data center and in securing those applications from the data center through the network. There are many ways to capitalize on these technical infrastructure and customer relationship advantages to reduce customers' mobile device security headaches and produce security-service revenues at the same time. Here are a few simple approaches to get started:
- Use off-peak hours to automate routine configuration administration on devices. Mobile devices are always connected to the network. Alcatel-Lucent markets a wireless card for laptops that transparently provides application upgrades and patches. The same concept can be applied as a service to maintain mobile device configurations, backup/recover data (especially the contact list!), erase data from all temporary storage locations, and quickly disable a device that is reported lost. This keeps mobile devices up and running to conduct business during normal office hours, and enables IT's mobile device concerns to be addressed quickly and properly.
- Provide vetted applications via a storefront. Users want to download application interfaces for business productivity (and gaming pleasure) that come from trusted sources and have been checked for security problems. Apple has defined the delivery model here, and Citrix has used the storefront look and feel to make it easy for IT to deliver supported applications to end-user endpoints. These applications will need to be checked and updated for security fixes and new application features. Verizon, for example, charges $5.99 per month for a suite of endpoint security software, but with the right partners they can also drive revenue by delivering secure applications.
- Suggest two-factor authentication for secure remote access. Business users frequently use a security token when accessing the corporate network from their mobile devices via a VPN. Safely storing a key in the device can turn the device into a two-factor authenticator with installed secure remote access software, such as authentication token products by FireID S.A. and iEnigma from Charismathics GmbH. The solution provider offers the authentication security service while the customer saves the expenses and management headaches associated with security tokens.
- Offer content-aware audit services for compliance. The solution provider sees all application traffic. Assuming privacy concerns can be resolved, this type of service could optionally record traffic from designated applications, inspect content for sensitive data, erase all sensitive data upon application exit, and append a comprehensive compliance report for remote device usage to the monthly invoice.
Remember, focusing on SMB customers keeps it simple and provides solutions the customer is unlikely to build for itself (large enterprises, conversely, have significant infrastructure and labor resources and are willing to create and implement their own customized technology to maintain control). Fortunately, service cost and ease of use trumps complicated product features when selling to SMBs, allowing solution providers to quickly test security SaaS offerings for mobile devices.
About the author:
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.