Gartner Blog Network

“Secure the moving target!” by Tim Faith

by Debbie Wilson  |  January 21, 2020  |  Comments Off on “Secure the moving target!” by Tim Faith

The future of enterprise applications is integration.   One day there will be a frictionless user experience for all users of ERP that will enable deep insights into business at a moment’s notice.  The information and insight we need will be as close as our phone, tablet, watch or personal assistant device.  The technology to pull this off is this close to coalescing.  Soon it will pop and we’ll all wonder why we carried laptops around.  Sounds great, right?

But, from the other side, is it really great?  Have you thought about the implications of that data steam living outside the bounds of corporate control?  I’ve got a 2 year old son who loves to boss our Amazon Echo around.  His favorite thing is to tell Alexa to count to 100.  Fun stuff, until he figures out that he can tell Alexa to order 100 boxes of cookies!  While a cute and somewhat contrived example to show the dangers of unfettered access to other systems, real threats exist to the mobile world of enterprise business capabilities.  The vendors themselves can only do so much, and they’re focused on keeping your data and access secured within their borders.  Where will the next wave of attacks target?  The farthest reaches of the applications: the mobile devices.

What are some things to do?  One: consider the extent to which your enterprise apps need to be mobile.  Sure, it’s the wave of the future, it can incrementally lower user hardware investments if you think about it, the apps look great and dog gone it, they’re just pretty convenient!  The extent to which your enterprise must be mobile will directly impact the extremes to which you must secure your mobility.  Your enterprise may have an app for HCM, and then another for Time and Expense, and another for Travel, and another just for Approving All the Things.  Or you may have one app for all of those.  That is the potential for a lot of sensitive employee data or financial transactions to go outside the bounds of the enterprise and onto a device where someone is downloading a potentially malicious version of  Angry Birds 3000.

Two: think beyond Enterprise App Stores, Mobile Device Management and BYOD policies.  Consider how to secure the apps to prevent intentional and inadvertent intrusion, and how you plan to restrict the access to the data that the mobile app provides.  That requires solid understanding of role-based security inherent in ERP applications.  It also requires understanding that organizations might be so lean that individuals are assuming multiple roles that, when combined, have the unintended consequence of too much approval authority, way too much organizational data access or potential for exposure of sensitive data.  Restricting to prevent these types of weaknesses may translate to a mobile experience for some users that is extremely basic, but it significantly reduces risk.

Three: plan for intermediary layers of protection around the apps.  Multi-Factor Authentication or Mobile VPN should be de rigeur by now, but you’d be surprised at the extent to which they are not.  The “bad guys” will find ways around that soon enough.   Cloud Access Security Brokers seem like the logical next step.  But when the bad guys break that, what next?  I guess the good guys will have to come up with more sophisticated encryption and security.  Leading to my next point….

Four: plan for hyper-integrated chat applications that pull all of your cloud applications data into another app for simplification.   I’ve seen it, it will happen soon and it looks cool.  All of those apps that I mentioned in point one, forget them.  A chat bot will soon be your end-all and be-all app.  But all of your company’s business will be available to anyone who can socially engineer their way around your phone to unlock it and view the contents of your phone.  I anticipate a next level of security will encrypt the data in transit, scramble the data when it’s at rest in the security partition of your phone, and then will utilize biometric security to translate it out of hieroglyphics and render into your language only when you are either looking at or touching the screen.   The data will then “self-destruct” when you shut down the app so that there is no data persistency on your mobile device.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: applications  erp  

Deborah R Wilson
Managing Vice President, ERP Strategy Team
12 years at Gartner
20 years IT industry

Deborah Wilson, a recovering Gartner research analyst, leads the Gartner ERP strategy research team. Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.