Collaborate With Your Non-Security Peers To See How Objectives Intersect (Hint: Mobile Context For Mobile Authentication)

“Enterprise rights management? What does that even mean?! You’re using security speak!” exclaimed my colleague TJ Keitt.

TJ sits on a research team serving CIOs, and covers collaboration software. We were having a discussion around collaboration software and data security considerations for collaboration. “Security speak” got in the way. It wasn’t the first time, and it will likely not be the last, but it is a good reminder to remember to communicate clearly using non security speak – and not just to fellow S&R pros, but to the rest of the business (in this case – the CIO) – to talk about what we really mean. That’s how collaboration starts.

Collaboration is also not just about S&R pros engaging the rest of the business to bring them into the security-minded fold, but to also listen and be aware of what’s bubbling up in other parts of the organization as it can have implications for security too. One of the more interesting examples that I see today come from the marketing side of the business, specifically those involved with strategies for customer experience and digital marketing. Mobile is huge (no surprise, right?), and is transforming how companies interact with customers. The future of mobile is all about context: 1) situation, 2) preferences, and 3) attitudes.

Things like 3D cameras, NFC, barometers, and other sensors embedded into smartphones will drive contextual information. What does that mean for S&R? For starters, mobile context is going to enable richer apps for customer engagement and riskier transactions. Even more interesting will be the impact of mobile context on mobile authentication strategy. Context may mean that app users can only do certain transactions from certain locations, or following a specific action (like a purchase). Or it may mean that behavioral models plus biometrics can help authenticate a user in a mobile app. Information that your marketing group will collect and use for customer experience and digital marketing purposes may also be used by the security group to help authenticate mobile app users. This type of collaboration between security and other business groups will help drive security technology investments that provide benefits for multiple areas of the business.

Analyst Andras Cser and I have been noodling over this topic of mobile authentication lately, and look forward to connecting with you if you’ll be at Forrester’s upcoming Forums in Washington, D.C. in May and London in June. We’ll be giving a talk on this topic at each Forum, and outlining a 9 step lifecycle for mobile authentication (how it’s done today, and how it will be done tomorrow). We hope to see you there!

Comments

Mobile as a business enabler

Heidi, nice read. I think you are hitting on something. A secure and trusted mobile device can actually act as an enabler of business processes.

Think about the ability to digitally sign a time sensitive request that must be legally binding and provide non-repudiation. Or, a treasurer/CFO approving a batch of payroll transactions that need the added assurance of the signatory's identity and may require dual signatures. Without a trusted and secure mobile device/application you would have to wait for the signatory to return to the office. Now these transactions can happen anywhere, anytime; assuming connectivity.

While these are just two more security related examples they illustrate the ability for mobile devices to greatly increase operational efficiencies and productivity. And with that usually comes a positive net effect on income/revenue. It isn't just about collaboration across business units, but what that collaboration can do for the bottom line; which you basically say so I guess a little preaching to the choir :)

Great research coming from the Forrester team on mobile. Please keep up the good work!

Matthew

Thanks for commenting

Thanks for commenting Matthew! Great examples about mobile enabling business processes. The more we can have security tie into the bottom line and user experience, the better.