The next big thing in mobile? Here’s a clue: it’s not the next iPhone or Candy Crush sequel
With the 2018 Mobile World Congress show just a few days away, the world’s eyes have diverted their attention once again to what’s coming next in mobile. Yet the biggest trends are actually happening a little more discreetly, hidden away in private meeting rooms and in corners of the event’s giant exhibition floor.
It might be less glamorous than Face ID or Gear VR, but mobile security has been soaring to the top of the priority list for enterprises growing increasingly concerned about this overlooked area of their security strategies.
The past 12 months has witnessed the emergence of dozens of dangerous new threat vectors targeting mobile devices, which themselves have proliferated in the modern workplace. It was less than 18 months ago that web traffic on mobile finally surpassed desktop, and it’s a trend that hackers have been quick to adjust to. That includes cryptojacking, the CPU-draining attack made to run on unsuspecting devices to mine cryptocurrencies that has been reported to brick handsets entirely. It also includes phishing, which Google reports is now the biggest security threat that users must worry about — a sentiment echoed in a survey of delegates from the prestigious Black Hat security conference last year. Phishers have also successfully made the leap to mobile, with a new mobile phishing site registered every 30 seconds in 2017, each designed to exploit the uniquely vulnerable nature of mobile.
Movements from the enterprise mobile management (EMM) vendors have reflected this increased concern about mobile security, with most — if not all — now positioning their services in the security space, and not just in management. Analysts have observed these trends too, with both IDC and Gartner releasing major pieces of research at the tail end of last year focused on the mobile security market.
It’s not just hype either. It’s happening in practice, in the field. At SAP, there has been a significant investment in enterprise mobility in recent months, and security is a critical component of that.
The initiative has seen the adoption of Wandera — a company we were pleased to invest in last year (that is also up for a Globe Mobile (GLOMO) Award at MWC) — into the wider mobility project. As well as mitigating threats, such as the identification of malware and network-based attacks, the technology has been used by admins to monitor the overall risk level of mobile. For good reason: mobile is inherently risky. Employees carry around devices loaded with sensitive data, using all kinds of sites and apps, and on networks that IT cannot control.
That’s why understanding more about devices running out-of-date operating systems or using risky public WiFi is a cornerstone of SAP’s mobility program, and also why it has adopted a notification-based approach to enabling its employees. Now, whenever an employee attempts to access a suspicious domain — for example a phishing page — they are alerted about the nature of the site. This policy extends to data-hungry resources like Netflix and YouTube, which has helped save SAP more than 70% on data usage without implementing a single hard block on content.
“We have more than 190 locations with 86,000 employees around the globe at SAP. An important part of my job as CIO is to connect our employees seamlessly around the world to enable the innovation and agility that customers have grown to expect from us,” said Thomas Saueressig, chief information officer, SAP. “Our first and foremost goal is awareness and transparency. We enable our employees with the necessary tools to protect their data and to offer real-time cost transparency. Wandera plays a critical role in our technology stack, providing the security and peace of mind we need to run a global digital business and deliver value to our customers.”
It’s clear that mobility is a market that’s maturing rapidly, but the security component remains something of a headache for many businesses. Indeed, Cisco’s 2018 report put mobile as the number one security challenge for security teams, so this is an issue unlikely to go away any time soon. Last year witnessed all kinds of new threats for security leaders to worry about, from BlueBorne and Krack to Slocker and Meltdown, and you can expect the 2018 mobile threat landscape to evolve even faster.
So for those attending MWC this year, it will likely be the big buzzwords of the day that capture most people’s attention. Catchy acronyms and phrases will certainly steal the headlines — GDPR, AI, machine learning, big data and IoT — but some of the more shrewd attendees might make a more understated observation: this will be the year that mobile security gets serious.
The information set forth herein is not intended to constitute investment advice and under no circumstances should any information provided herein be used or considered as an offer to sell or a solicitation of an offer to buy an interest in any investment fund managed by Sapphire Ventures. Sapphire Ventures does not solicit or make its services available to the public and none of the funds are currently open to new investors. Past performance is not indicative of future performance.
The portfolio companies referred to above do not necessarily represent all of the investments made or recommended by Sapphire Ventures, and were not selected based on the return on Sapphire Ventures’ investment in them. It should not be assumed that the specific investments identified and discussed herein were or will be profitable. Not all investments made by Sapphire Ventures will be profitable or will equal the performance of the companies identified above. View all of Sapphire Ventures’ investments here.