The adoption of smart mobile devices such as smartphones, tablets, etc. by consumers and enterprises is occurring at a staggering rate. It is estimated that such devices will shortly eclipse the annual shipments of desktop and laptop computers. Employees frequently bring mobile devices into work, i.e. in the enterprise. With the proliferation of mobile devices in the enterprise, Information Technology (IT) administrators can no longer ignore these devices as outside their scope of responsibility. In fact, mobile devices are now as powerful as laptop computers. Employees want to access corporate data and the Internet through wireless networks such as Wi-Fi hotspots (IEEE 802.11 and variants thereof) or cellular data networks (e.g., 3G/4G, WiMax, etc.) which are outside the control of IT. On mobile devices, the line between enterprise and personal usage is blurred. Since the enterprise typically does not own the device, enforcing policies for acceptable usage or installing application controls as a traditional IT administrator would on a corporate PC, is often not viable for a Bring Your Own Device (BYOD) scenario.
Conventionally, security vendors have responded to emerging mobile threats by extending the desktop antivirus concept to mobile devices in the form of “security apps.” Unlike the personal computer (PC) world, which is dominated by Microsoft, there are several different mobile operating systems such as systems from Apple, Android, Windows Mobile, Blackberry, Symbian, Palm/HP, etc. Each platform has its own software development environment and a security vendor developing mobile security apps has to replicate the effort across various platforms. Furthermore, some platforms such as Apple iOS do not allow traditional antivirus apps on their devices. Loading third party apps not approved by the platform vendor may lead to a violation of the contract and often requires jailbreaking the device which is definitely not an enterprise option. Even if security apps are allowed, they are a headache to deploy, require constant updates, and are easy to circumvent, i.e. the user can simply uninstall them if they are disliked. Worst of all, the security apps impact device performance and degrade the user experience by stretching the already limited processor, memory, and battery resources on the mobile device.
The term Web 2.0 is associated with web applications that facilitate participatory information sharing, interoperability, user-centered design, and collaboration on the World Wide Web. A Web 2.0 site allows users to interact and collaborate with each other in a social media dialogue as creators of user-generated content in a virtual community, in contrast to websites where users are limited to the passive viewing of content that was created for them. The Web 2.0 has created a number of applications that are changing the way businesses work and interact with their customers and partners. Social and business networking sites are a source of critical information and communication that can lead to improved products and better customer support. Blogs provide immediate feedback to enterprises. Streaming media sites allow better presentation of business products and services, which allow customers to make better decisions in buying them. While social and streaming sites are useful, a large number of sites have emerged that can create liabilities and productivity losses for organizations. For example, studies have shown browsing MySpace and Facebook during business hours leads to lower productivity. Employees that, often unknowingly, publish inappropriate content on sites such as Blogger or publish sensitive or private information on social networks can create legal liability. Some enterprises have responded by blocking these websites completely, but this has created a backlash from employees. Progressive organizations want to use social networks such as Facebook to create communities of interest to promote their goods or services. What is needed is a solution providing a right level of access to the right person, whereby different users, based on their needs, can be provided access based on a flexible policy.
Mobile devices include various constraints related to security, device management, and policy enforcement. First, mobile devices are usually outside of the enterprise's control (BYOD). Second, mobile device platforms are typically closed with respect to security software thereon. With the proliferation of mobile devices and their reach into enterprise networks, there is a need for a cloud based approach for security, device management, and policy enforcement.