The bring your own device trend has resulted in a shift in where responsibility for security rests, according to RSA Conference. For more than a decade, the conference has played host to extremely complex and powerful security solutions that must be driven into an organization from the top down. But this year, that balance of power moved back down toward the bottom, because enterprises now have to deal with the security of their employees’ personal devices.
To that end, numerous companies have been offering solutions that lock down end-user phones, or that wrap sensitive apps and data in a security layer that can be monitored and managed. But as the needs of enterprises in this space have gotten more complex, new companies have cropped up to deal with the problem.
Bluebox Security, for example, came out of stealth mode at RSA Conference to show off its enterprise mobile device security solution for the iPhone. The company spent the last two years reverse-engineering iOS in order to offer a true security product that goes beyond the MDM specifications Apple itself created to deal with the problem.
At its core, Bluebox secures the enterprise data that’s stored on a phone, rather than wrapping existing applications. But while the software makes things easier for administrators, it was a top priority of the project to not make the end user feel put upon by the complexity of the security solution.
Caleb Sima, CEO of Bluebox, said that user interfaces are becoming increasingly important to security developers, who traditionally have not worried very much about UI design.
“It’s not just on mobile, [it’s] the security industry as a whole: We’re moving into a world where not only does the enterprise not own the device, they don’t own the service,” he said. “It is a user-focused world, user-centric. Security no longer has the ability to be the bouncer and say ‘You can’t do that.’ They need to be a bodyguard, that allows you to do things, but watches your back while you do it. We need to start looking at employees no longer as being nefarious, but as being people we work with and monitor, versus stopping and controlling. That goes beyond mobile, that goes to the security industry as whole.”
(Related: How BYOD is also changing testing)
Call it the security UI revolution. Thanks to bring your own device, security tools now must be easily usable by novice users inside the enterprise. They must be unobtrusive and not stop the end user from doing things he or she would normally do with their phone. Why treat users with kid gloves? Because if the end user simply bypasses or turns off the security tool because it’s getting in their way, all the efforts of a security team are suddenly thwarted.