ESG's Doug Cahill and Mark Bowker provide their thoughts and predictions on Mobility for 2018.
Read the related ESG Blog: 2018 Goodbye Password....Hello Bots and Machine Learning
Announcer: The following is an ESG 360 video.
Doug: It being the beginning of the year, it's time to talk about some predictions for the upcoming calendar year. And I'm here with Mark Bowker, and we're gonna talk about mobility and mobile security. And, Mark, one of the things where I wanted to start and get your perspective on is the login experience. You know, I know. I know. I mean, I'm having a hard time remembering all my passwords. I gotta be honest with you. As we are multi-device users using multiple applications, how do we balance, you know, sort of reducing the friction in the login experience but it still being enterprise-class, enterprise-ready?
Mark: It's super interesting, right? It's a huge problem. First of all, I'm gonna kinda give you the punchline. I believe passwords are gonna go away because of what you said. People forget their password. It's cumbersome to enter a password into these devices. As incredible as they are, entering a password in or being prompted and everything else gets to be...it impacts the user experience.
So I think what you'll really see is that device we all carry around in our pocket is extremely powerful. It knows an awful lot about us, right? Even down to our movements and our behavior.
Doug: How long's it gonna take to drive home?
Mark: Exactly. So I think you'll see that type of telemetry being tapped into more. But then, I also see things that, like... Out in the standard industry, I look at something like what Fido is doing. Right? So here's the ability to be able to maintain the authentication on that phone, to not prompt for a password, and to be able to authenticate, through integration, with the apps that you're using, the devices that you're using, and the management solutions you're using. So a user should be able to put their fingerprint in or their facial recognition. It should recognize who they are, it should authenticate with that device, and off they're going without the password.
Doug: You bet. So the phone really becomes sorta the basis to establish trust...
Mark: Sure. Yeah.
Doug: ...and using various types of biometrics...
Doug: ...until you really authenticate that you are, in fact, who you are...
Mark: You got it.
Doug: ...based on your device?
Mark: You got it. And you'll see the same thing on laptops, right? You'll see the same thing where people can use their fingerprint on the laptop or facial recognition on the laptop. It may have a hardware key in the laptop to make sure that that is truly you.
Doug: Could be Kim.
Mark: You got it. Exactly. Yeah.
Doug: Yeah. Good. So streamline the whole sort of interface, less friction, but also enterprise-ready.
Mark: You got it.
Doug: Good stuff.
Doug: So hey. When we think about these mobile devices, you know, we're all enamored with the touchscreen interface. You know, with things like Alexa and Siri, more and more is becoming voice-driven. How do you see that playing out as sort of an interface for these devices moving forward?
Mark: Yeah. Super fascinating, right?
Mark: It really is. These devices have made it into our homes. So at the end of the day, it's Alexa, it is Siri, it is Google Home, Cortana to a point, which have really become this platform to recognize our voices. What I think is extremely cool as well is if those devices now can recognize, "That's Doug speaking," versus "That's Mark speaking." So that has some super interesting impact just by having it personalize what you're doing.
I see a couple interesting business use case scenarios. Right? What about IT support? What about being able to have voice whether it's on your device that you're using or having these devices around this new workplaces that people are creating where I can get support directly through that device? So using voice, driven through some type of even bot technology that's tied into some helpdesk ticketing system, may give you access to experts, for example, on the back end of that that aren't hand in hand, face to face. Like, when I was 19, I used to have to grab my bag, walk out to the end user, put in my CDs, whatever I needed to do.
But now, I can imagine there's use cases where that becomes interesting. I see the hotel industry uses it already. You walk into these rooms that are automated that you start giving voice commands. Open and close the shades. Turning on and off the lights. You know, hey. Airline reservations can start to use that type of input as that next means to capture information.
So I don't imagine where you have an office full of workers, and they're all walking around talking into their devices. That's just not going to be practical in work. But I do imagine where there are set locations or set scenarios where these devices are in place, and people will interact with them. I see my kids do it already, and that's how they're learning to work.
Doug: Yeah. It's an incredible set of use cases that are possible. I like the one about customer support. Right? So we can sorta streamline that process and not have to go through multiple prompts to be able to actually get to, you know, menu. You can just automate and get to your answer faster.
Mark: That's right.
Doug: So voice activation, voice-driven smart devices really open up a wide variety of use cases. I mean, just sorta endless possibilities, which is gonna be really interesting over the next year or two to sorta see these use cases coming to market.
Doug: Yeah. Absolutely. Hey, so when we think about mobile security and endpoint security, it's another balancing act like we talked about before. I mean, you don't want a lotta friction in the world here because we have empowered end users that have multiple devices. They like the experience with their multiple devices, yet they are accessing corporate assets via those devices. So how do we think about balancing those two objectives? The end user experience and sorta the corporate security requirement?
Mark: It really is the magic, right? And the other problem, I'll call it, that you have...you have a lotta people that are using these devices that really feel like they're security experts.
Doug: That's scary.
Mark: It is scary, right? They feel like, you know, they have the latest patch, and they know what the vulnerabilities are. And I look at that and both of us look at that and say, "Okay. We're pretty in tune with these things, and I don't even feel like I'm an expert on that device." When I talk to a lotta IT pros out there, I really see them and give them advice to really start looking at some of the intelligence in the cloud. Think about Microsoft. Think about Google. Think about Amazon, Oracle, kinda these big enterprise kinda cloud providers.
And think about the intelligence they have on threats and how companies could leverage that intelligence to, "Yes. Maybe, that executive does think they know everything about security, but what if they can recognize the typical scenario you see out there?" Right? Doug just logged on in Massachusetts, but wait a second. 10 minutes later, he's logging on in Japan. That can't happen. We need to take action. So that's a typical one, but I think leveraging the intelligence of those cloud providers is gonna be very important. And you will see enterprises start to tap into that intelligence, really, beginning this year, very quickly, I think.
Doug: They've got so much telemetry and data about how we normally operate that they're well positioned to detect things that are anomalous. They could be indicative of some sorta real insider threat or a compromise, right?
Mark: And you see the threats out there, right?
Mark: They aren't for pretend. They're real, right?
Doug: They're for real, and, you know, for me, when it comes to mobile, those threats are really all about stealing credentials. I mean, it's not like you can't have malware on a mobile device, but that's not really the main objective of hackers when they're targeting mobile devices. They're really after our identity. And they're gonna fool us in trying to, you know... IM phishing, OOP protocol for layered applications, different ways to sorta dupe us into entering our credentials to our grandchildren, then off they go. And then, you detect somebody logging in from an anonymous location, anonymous hours, different sort of activity.
Mark: And you can take that action. There's very few companies that I talk to that are sophisticated enough with their tools that they've traditionally had that can tap into that type of intelligence or have that intelligence themselves that couldn't benefit from tapping into intelligence. Essentially, as an IT person, I lost control of the device. Right? So since I've lost control of the device and, really, the apps, now, I've gotta have more information on that user so I can take some proactive measurement should something bad happen.
Doug: Got it. So I've lost some control. I need to gain some control. I can partner with my cloud service provider to gain some of that control of visibility to normal action anomalous activity.
Mark: You got it.
Doug: Mark, a lotta good stuff. Very much intersection between security and mobility coming in 2018, and we certainly look forward to sharing more with the market moving forward.