WIXLIB

Q U A R T E R LYVO L . 4 N O . 1SUMMER 2012Slide tounlockThe Challenges ofEnterprise Mobility

IQT Quarterly is a publication of In-Q-Tel, Inc., the strategic investment firm that serves as a bridge between the U.S. IntelligenceCommunity and venture-backed startup firms on the leading edge of technological innovation. IQT Quarterly advances thesituational awareness component of the IQT mission, serving as a platform to debut, discuss, and debate issues of innovation inthe areas of overlap between commercial potential and U.S. Intelligence Community needs. For comments or questions regardingIQT or this document, please visit www.iqt.org, write to iqtquarterly@iqt.org, or call 703-248-3000. The views expressed are thoseof the authors in their personal capacities and do not necessarily reflect the opinion of IQT, their employers, or the Government. 2012 In-Q-Tel, Inc. This document was prepared by In-Q-Tel, Inc., with Government funding (U.S. Government ContractNo. 2009*0674524*000). The Government has Government Purpose License Rights in this document. Subject to those rights, the reproduction, display, or distribution of the Quarterly without prior written consent from IQT is prohibited.E DI T O R I A LIQT Quarterly, published by In-Q-Tel, Inc.Editor-in-Chief: Lisa L. BaderEditor: Emma ResnickTheme Editor: Jay EmmanuelContributing Editors: Brittany Smith and Michelle HigginsManaging Editor: Lisbeth PoulosDesign by Lomangino Studio, Inc.Printed in the United States of America

Q U A R T E R LYIdentify. Adapt. Deliver. TA B L E O F C O N T E N T SOn Our Radar: The Challenges of Enterprise MobilityBy Jay EmmanuelA Look Inside: Slide to UnlockMoving Towards a Capability Package for Secure Mobile VirtualizationBy David KleidermacherCellular Network Security and ControlBy Ben WeintraubThe Greatest Risks in Mobile AppsBy Anthony BettiniConnecting Identity and Mobility: A Secure,Scalable, and Sustainable Mobile Wallet Approach020405091418By Siva NarendraTime to Make the AppsBy Marshall Vale and Andrew YuTech CornerA technology overview from IQT portfolio company MocanaIQT QUARTERLY SUMMER 20122226In the News29Vol. 4 No. 101

IQT QUARTERLYOn OurRadarThe Challenges of Enterprise MobilityBy Jay EmmanuelWelcome to the Summer 2012 issue of the IQT Quarterly. With a special focus aroundthe challenges of enterprise mobility, this issue builds on topics discussed in ourWinter 2011 edition, “Moving to Mobile: Trends, Technology, and Solutions.” Sincethe publication of that issue, IQT has continued to collaborate with our IntelligenceCommunity partners to brainstorm architectures and designs for secure and scalableenterprise mobile rollouts. This has been a tremendous learning experience for IQT aswe cultivate our understanding of the IC’s requirements and track trends in the rapidlyevolving commercial market. These discussions have allowed us to focus on companiesand technologies that address current government challenges.Mobility for the enterprise is an inevitablephenomenon that will continue to grow over thenext few years. The Blackberry-centered mobileframework provided a one stop, locked down solutionfor IT organizations that was easy to adopt and use.With RIM fast imploding and with the tremendousconsumer uptake of Android and iOS devices, themobile IT environment has become far more diverseand challenging in terms of devices, operatingsystems, security risks, and other issues that arecommonly of concern to organizations. Users withinthe enterprise now demand a mobile experiencethat is on par with or better than commercialapplications. This new mobile world is redefiningthe function of traditional IT in the workplace andpresents organizations with a set of complex security,management, cost, compliance, and legal issues thatneed to be addressed.02Vol. 4 No. 1Identify. Adapt. Deliver. SecurityMobile devices provide a much larger and more diverseattack surface for an adversary. With the growingtrend of Bring Your Own Device (BYOD) policies inorganizations, these risks are further elevated. A lostor stolen employee-owned device with permanentVPN connections for email and other applications canprovide easy access into the enterprise network wherecorporate data and sensitive information are stored.Techniques like device locking, data-at-rest encryption,enterprise- and application-level sandboxing, devicevirtualization, and secure boot loaders that mitigatecorporate risk are all evolving in the commercialworld. Mobile Device Management (MDM) and MobileApplication Management (MAM) are relatively matureand help with risk mitigation — it is not expensiveor difficult to get robust and scalable tools that aredesigned for this next generation of mobile IT.

IQT QUARTERLYPolicy and ComplianceEstablishing and adhering to an organization-widepolicy for mobile devices is a key step towards theeffective management of enterprise technology.Questions like whether or not to allow BYOD, how toeffectively sandbox user and personal data, how muchto lock down an enterprise device, whether or notto allow split tunneling of user traffic, and whetherto route all uplink and downlink traffic throughenterprise infrastructure need to be addressed atboth a corporate and department level since all haveramifications at various levels within the organization.Once organizational policies are defined clearly,employee education and enforcement of the policyon the device and network are necessary. Plansfor immediate and effective remediation should beimplemented in the event a policy is violated.UsabilityConsumers have grown to expect a user experiencefrom enterprise applications that matches or exceedsthat provided by commercial applications. A clunkyenterprise app or a device that is considered too lockeddown isn’t likely to be widely adopted, and users will findways around policy that is deemed to be too restrictive.Optimizing usability requires that the enterprise createcommercial quality apps without compromisingthe security posture of the device or the network.Consumers are comfortable downloading apps froman app store; creating a similar experience in theenterprise will likely increase enterprise application useand adoption. Users should also be confident that theyare free to use their devices for personal use with theassurance that there will be a clear separation betweenpersonal and enterprise content.Enterprise ApplicationsEnterprise mobile applications need to effectivelyextend backend IT services and present enterprisedata to a mobile device quickly and easily. Integrationbetween the mobile device and backend systemsshould be a seamless and effective process both foran enterprise app developer and the end user. For thedeveloper, implementing security policies and accessto backend services like authentication, directory, andauthorization services should be a transparent processthat is easily incorporated using standard libraries andAPIs. Given the wide array of devices and operatingsystems that the application needs to work on,solutions that allow web developers with traditionalprogramming skills to create device and operatingsystem agnostic mobile applications will be critical inachieving application development scale.Rapid Rate of ChangeDesigning a scalable and secure mobile enterprisearchitecture is complex, especially given the fact thatthe technology platforms and devices are evolving at afast pace. Most IT organizations are accustomed to aMicrosoft-like 5-6 year product lifecycle in which theyhave the time to plan changes and slowly implementthem. Mobile evolves very fast from every perspective— devices, versions of operating systems, diversityof available applications, and the types of securitythreats on these devices are constantly changing. Awell thought-out and successful mobile strategy willplan for change and select architectures that allow forfuture adaptation to emerging trends.Cost ManagementA mobile device’s cost continues long after initialdeployment and is often challenging to determineand manage. Besides the capital costs associatedwith the devices, usage rates are only increasing withthe proliferation of bandwidth-hungry applications.With BYOD, enterprise users present the organizationwith a wide array of bills and user-purchased serviceagreements. Cost visibility in real time is essentialto defining and maintaining expense policies.International roaming charges can have a seriousimpact on costs and have been the focus of manyrecent cost-related mobile decisions. Most MobileDevice Management suites provide real-time costvisibility. Targeted analytics that yield insight intousage patterns in relation to business operations andgeographies can help with understanding costs.These are but a few of the many challenges that areassociated with mobile IT. IQT will continue to engagewith cutting-edge companies in this space to stayabreast of technology trends. While this is sometimesa daunting task since this is a relatively new andemerging area of technology, it remains exciting andchallenging to us as we help guide customers onstrategies in the mobile space.Jay Emmanuel serves as Vice President in IQT’s Information and Communication Technologies Practice. Priorto joining IQT, he worked extensively in the mobile space with Motorola, Hughes Network Systems, and mostrecently with Megisto Systems, a startup that developed carrier-grade mobile gateways. Jay has a Master ofScience in Computer Engineering from the University of Maryland at College Park.IQT QUARTERLY SUMMER 2012Vol. 4 No. 103