Mobile working can help housing providers deliver a more engaging, customer-centric service based on the principles of convenience and self-service. For instance, mobile technology has the potential to reduce the amount of time tenants are left waiting for repairs and home improvements by giving workers the ability to diagnose tenants’ problems remotely, and then calling for the required professional assistance.
In addition, mobile also has the potential to improve payment methods, with mobile devices being used as portable payment systems. Mobile working also drastically improves housing providers’ internal operations by providing workers with a more effective communication channel.
BYOD in the housing
Recent figures suggest that the average employee could save around 80 minutes per week in productivity by using their own mobile device at work as well as saving employers around £1,000 per employee per year in device and software costs.
There are clearly many benefits to enabling housing staff to use their own devices, but those benefits aren’t without some associated issues. The main problem lies in how the devices are secured; allowing a privately-owned device the ability to connect to a corporate network immediately raises organisational security concerns due to the danger of malware on the device spreading to company servers, putting very delicate data at risk.
There are risks with BYOD, but with a well-thought-out plan these risks can be mitigated and the clear benefits of BYOD realised; below is some practical advice.
A changing security landscape
Smartphones and tablets have overtaken PCs and laptops as the preferred device for people to get their work done on. All you have to do is check the app store and see that business apps are now the second most popular category. This, combined with the performance gains 5G will bring, means that mobile has won – it’s what the users have chosen.
This move to mobile isn’t the only revolution we are seeing within the enterprise; access to apps have accelerated the adoption of cloud services. Today, 77 per cent of businesses use cloud services, and on average, an enterprise is using over 1,000 cloud apps.
This means modern work takes place on mobile devices connected to cloud networks, taking it beyond the control of traditional security measures and multiplying the number of access points for attackers. As a result, the modern working environment can no longer be governed by the traditional security perimeters and boundaries of yesterday.
This change creates three main challenges for CIOs and CISOs:
- Drive business innovation with mobile productivity by giving employees the ability to use mobile, cloud and endpoints.
- Enforce corporate security without impacting users’ experience.
- Redefine enterprise security strategies to address a perimeter-less environment.
The zero-trust approach
To overcome these challenges, security professionals are forced to reconsider the best practices on which they have previously relied. The more adaptable have realised the best solutions provide a secure contextual connection, based on device, app, user, environment, network, and everything else that’s involved in accessing their data.
One approach that organisations are investigating is called ‘zero-trust’ and was first coined by Forrester Research in 2010. Around the same time, a similar idea was being embraced by Google as a way to connect its employees to their internal applications. The Google BeyondCorp methodology was born out of this need and led to a specific adaption of the software-defined perimeter (SDP).
The zero-trust model treats all devices or ‘hosts’ as if they’re internet-facing, and considers the entire network to be compromised and hostile. It assumes that all access to corporate resources should be restricted until the user has proved their identity and access permissions and until the device has passed a security profile check.
Mobile-centric security
There are several different ways to implement zero trust. The main approaches are focused on identity, gateway and the device. However, as the tide of mobile and cloud continues to intensify, it is clear gateway- and identity-centric approaches simply aren’t enough. Only a mobile-centric approach addresses the security challenges of the perimeter-less modern enterprise while allowing the agility and anytime access business needs.
A mobile-centric approach really raises the security bar and goes beyond traditional identity management and gateway point solutions. It demands several more answers from a complete set of attributes before granting access to the user. It validates the device, establishes user context, checks app authorisation, verifies the network and even detects and remediates threats before allowing secure access. Importantly, this all happens instantaneously.
David Critchley is the regional director for the UK & Ireland for MobileIron.
