Tomorrow's IT workers try to ensure mobile privacy
Radical changes to corporate environments may ultimately emanate not from mobile devices, but from the novel notions of privacy, communications and work/life balance that constant connectivity and inexpensive apps have imbedded in employees.
Only a few years elapsed between the entrance of smartphones and tablets into the consumer mainstream and their widespread acceptance as productivity devices within corporate environments. Although some executives maintain reservations about the revamped MDM strategies and access controls that BYOD-enabled offices may require, employee demand for flexible, around-the-clock data access appears insatiable and set to permanently change how businesses approach security and application development.
However, the most radical changes to corporate environments may ultimately emanate not from devices themselves, but from the novel notions of privacy, communications and work/life balance that constant connectivity and inexpensive apps have imbedded in employees. As today’s teenagers approach workforce entry in 2020, companies must adjust their cultures and security practices to accommodate the ever-connected, privacy-conscious attitudes of their younger workers, who have already cross-pollinated IT departments with consumerized hardware and software, as well as routine social network usage.
While consumerization is typically associated with an array of security and cultural risks, businesses may eventually benefit from their future employees’ proactive approaches to privacy. For example, users who have already opted to disable location tracking, a common source of data leakage from mobile apps, may take similar initiatives that ultimately result in more secure business software. However, IT managers could strain to meet the simultaneous demands from millennials for privacy and ongoing access while also preserving network security, underscoring the importance of overhauling their technical strategies and company-wide policies sooner rather than later.
Social networks, messaging clients fuel always-on mentality
Whereas business communications were once largely limited to landline phones and in-person interactions, today’s workers have access to many options ranging from SMS texting and over-the-top messaging apps to email and social networks. For younger individuals, this multitude of channels means that they are always accessible and that there is no clear boundary between the time they spend at work and elsewhere. After all, they often utilize the same devices in both contexts.
“Communication has become more immediate, frequent and rich in content,” Nexmo CEO Tony Jamous told Mobile Enterprise contributor Stephanie Blanchard in an email. “They exchange shorter and more frequent messages. They also perceive SMS and instant messaging as their main communication channel on mobile, whereas older generations would rely more on voice.”
More importantly, millennials use mobile messaging and social networking for blended personal and business purposes. According to an American Express OPEN Ages Survey cited by Blanchard, half of Generation Y entrepreneurs believe that relationships created via social networks are as valuable as ones created in person or over the phone. They were also much more likely than their older counterparts to repurpose social tools for business marketing.
What are the consequences for IT departments? They may have to consider talent retention and recruitment in addition to more carefully monitoring how consumer services behave in their secure environments
“Any good manager should implement what millennials expect,” Huddle executive vice president Andy McLoughlin told Blanchard. “[I]f companies aren’t providing the correct environment, the employees will jump.”
Study confirms that teens are averse to location-tracking
However, popular social networks and mobile apps can become weak links in the corporate security chain. A recent study from Appthority analyzed the top 100 free and paid apps on Android and iOS and discovered that over 90 percent of them engaged in at least one risky behavior that could lead to data leakage. Examples of questionable practices include connecting an app to a mobile ad network and requesting access to a user’s contacts, but the most common behavior was location tracking, exhibited by 77 percent of free apps and 41 percent of paid ones.
Perhaps fortunately, teenagers appear aware of the risks associated with location tracking. A recent Pew Research Center survey found that while 58 percent of teens had downloaded apps to their mobile devices, more than half of them had avoided specific apps due to privacy concerns. Forty-six percent had disabled location tracking to prevent it from being exposed or shared, and over one-quarter had gone further and actually uninstalled apps that were harvesting information without their permissions or beyond their comfort levels.
Commenting on the Pew survey, Dark Reading’s Kelly Jackson Higgins observed that the most popular mobile apps among teens were social networks and games, the same types of software which feature some of the highest levels of data leakage risk. Their aversion to location tracking may actually be driven by their relationships with their parents, perhaps explaining the apparent contradiction between their proactive privacy actions and affinities for risky mobile apps.
“Some of the people they are concerned about may be their own parents,” wrote the survey’s authors. “As early as 2009, the Pew Internet Project found that about half of parents of teen cell phone owners said they used the phone to monitor their child’s location in some way.”
Additionally, Pew’s researchers discovered that teens were much more likely to disable location tracking after seeking advice from others, indicating that tomorrow’s IT workers may be amenable to secure apps and sensible policies.
Mobile apps may offer better privacy than Web software
Despite their propensity to leak data, mobile apps have the potential to protect privacy more effectively than older Web apps. Sound mobility strategies that emphasize design and security may capitalize on teen privacy concerns and advance business initiatives.
Computeworld’s Kenneth van Wyk argued that Web apps’ reliance on DNS lookup to verify SSL certificates inherently creates privacy risks for data in transit. Desktop Web browsers often lack the scope to verify each certificate authority and in turn perform certificate pinning. However, mobile apps can do so by using native code rather than Web languages like JavaScript.
“With a mobile app that connects to its own servers, it’s quite reasonable to expect the mobile app developers to have no problem at all defining their own servers and corresponding SSL certificates,” wrote van Wyk.
Developing mobile apps that respect privacy will create a double benefit to companies. These apps will contribute to productivity and safe data exchange, but more importantly they may foster a company culture that corresponds to the habits and demands of the next generation of workers. Businesses must think about how to translate critical desktop and Web applications into rewarding mobile experiences, so that employees have around-the-clock access that complements their work habits and squares with their discerning attitudes toward mobile app quality and permissions.