Collaborate With Your Non-Security Peers To See How Objectives Intersect (Hint: Mobile Context For Mobile Authentication)
Posted by Heidi Shey on April 23, 2013
“Enterprise rights management? What does that even mean?! You’re using security speak!” exclaimed my colleague TJ Keitt.
TJ sits on a research team serving CIOs, and covers collaboration software. We were having a discussion around collaboration software and data security considerations for collaboration. “Security speak” got in the way. It wasn’t the first time, and it will likely not be the last, but it is a good reminder to remember to communicate clearly using non security speak – and not just to fellow S&R pros, but to the rest of the business (in this case – the CIO) – to talk about what we really mean. That’s how collaboration starts.
Collaboration is also not just about S&R pros engaging the rest of the business to bring them into the security-minded fold, but to also listen and be aware of what’s bubbling up in other parts of the organization as it can have implications for security too. One of the more interesting examples that I see today come from the marketing side of the business, specifically those involved with strategies for customer experience and digital marketing. Mobile is huge (no surprise, right?), and is transforming how companies interact with customers. The future of mobile is all about context: 1) situation, 2) preferences, and 3) attitudes.
Things like 3D cameras, NFC, barometers, and other sensors embedded into smartphones will drive contextual information. What does that mean for S&R? For starters, mobile context is going to enable richer apps for customer engagement and riskier transactions. Even more interesting will be the impact of mobile context on mobile authentication strategy. Context may mean that app users can only do certain transactions from certain locations, or following a specific action (like a purchase). Or it may mean that behavioral models plus biometrics can help authenticate a user in a mobile app. Information that your marketing group will collect and use for customer experience and digital marketing purposes may also be used by the security group to help authenticate mobile app users. This type of collaboration between security and other business groups will help drive security technology investments that provide benefits for multiple areas of the business.
Analyst Andras Cser and I have been noodling over this topic of mobile authentication lately, and look forward to connecting with you if you’ll be at Forrester’s upcoming Forums in Washington, D.C. in May and London in June. We’ll be giving a talk on this topic at each Forum, and outlining a 9 step lifecycle for mobile authentication (how it’s done today, and how it will be done tomorrow). We hope to see you there!