When we hear the word “mobile,” the automatic assumption is that we’re talking about iPhones and iPads. However, “mobile” is an umbrella term that extends far beyond just phones and tablets.
Mobility use cases are enabled by infrastructure that affords users the freedom to stay connected while on the move. This ranges from handheld portable electronic and smart wearables to point-of-sale (POS) systems and Apple Vision Pro headsets. This means that most of the critical technologies used by businesses to operate and connect with customers are increasingly provided through mobile solutions.
Many organizations have yet to reach a level of maturity in their mobile programs to reflect the critical role devices play. Such assets can no longer be viewed solely as ‘niche’ by businesses. They are, in fact, ‘mission-critical’ devices that must be treated as first-class assets when developing both security and resilience strategies.
What is meant by ‘mission-critical use’
It’s safe to say that one of the biggest revolutions over the last 30 years, alongside developments like the internet, has been the introduction of mobile devices into the workplace.
What originally started as a “nice to have,” with only certain individuals having access to smartphones and personal digital assistants (PDAs), has evolved to the point where mobiles are a necessity for any successful business.
As a result, we have seen new device form factors join the ‘mission critical’ category. These mobile devices are essential to the operation and running of an organization; if one of these devices fails, the entire business would likely grind to a halt.
Many of these devices are deployed in environments where they might be shared among multiple users or designated for specific functions rather than assigned to an individual.
Given the broad definition, there is a wide spectrum of devices that can count as ‘mission critical,’ each one serving a distinct need within a business. This includes tablets used in healthcare to monitor patient recovery or clinical therapy, as well as systems used in retail environments such as mobile credit card processors, as well as to process payments, manage inventory, or for time tracking on the sales floor.
Even an Apple Vision Pro headset can be considered ‘mission critical’ depending on the use case, with such devices being used in power stations to train technicians and optimize site operations.
Whilst these are three very different examples, each illustrates how vital mobile assets have become for organizations. If they were to fail, it could result in lost revenue for a small business, or, in more serious cases, put patients’ or workers’ lives at risk.
Challenges organizations face with managing ‘mission-critical use’ devices
Maintaining operational uptime on ‘mission-critical use’ devices is essential and this means making them both cyber resilient and operationally resilient.
Mobiles are now a common attack vector for cybercriminals, in part because they often exhibit the worst security standards. For example, 40% of mobile users are running a device with known vulnerabilities. Poor cybersecurity standards mean that the bar to exploit such an asset is extremely low, making it easier for cybercriminals to take them offline and halt the operations of victim organizations.
Businesses tend to focus all their efforts on meeting regulatory checkboxes for compliance, yet they often overlook specific security threats and vulnerabilities that might put the device at risk. It’s also frequently assumed that limited-access devices are safe by default, but this is rarely the case, particularly when work devices are used for personal reasons.
On the other hand, some businesses may have elements of strong cybersecurity but fail to implement practices strategically. For example, automated processes might update all devices with new patches at the same time. If the business doesn’t have backup systems in place, then it could face operational downtime while the update takes place.
Performance is king when it comes to mobile devices, and providing the best possible service to customers means frontline workers having the right tools performing reliably.
For example, you can’t have a mobile device used in a critical scenario run out of power because heavy cumbersome software is placing undo strain on the battery.
While these are two different issues, they stem from the same problem: businesses don’t fully understand how dependent they are on mobiles and lack awareness when examining the security of such devices.
While mobile devices used by workers on the frontline, such as POS systems, are obvious additions to the ‘mission critical’ category, the mobile devices of knowledge workers, are equally important. If an executive loses access to their smartphone, they can’t retrieve essential information or perform their job effectively. This is potentially as disastrous as a frontline system going down; however, it’s often overlooked by IT teams.
Organizations need to understand assess all the mobile devices that are used for work and recognize which ones are ‘mission critical.’ Only then can they start addressing the security challenges they face and make mobiles more resilient. Tackling the problem requires a structured and layered model.
Building resilience in ‘mission critical’ devices
The first stage in assessing an organization’s ‘mission critical’ footprint involves a comprehensive asset inventory. This means understanding what assets are deployed, where they are, and what they’re accessing.
The inventory should include a mapping of where there are overlaps between devices and the applications that are also ‘mission critical.’ These are crucial aspects that organizations often overlook. Once a business has an understanding of their ‘mission critical’ assets, they can implement a backup plan for when they go down.
During this phase, it’s also crucial for organizations to know their suppliers, and to understand the control options available for the devices they’ve acquired. This will enable security teams to apply minimum security standards immediately as devices are unboxed, making good security hygiene just as important as application deployments.
Basic cyber hygiene practices, such as implementing Multi-Factor Authentication, enforcing rigorous patching processes, and requiring strong passwords, are essential for improving the security standards of ‘mission criticals’. The majority of breaches can be tied to failures in getting the basics right.
Following the ‘mission critical’ asset inventory, it is imperative to implement threat prevention, this includes Device Management to ensure that devices are monitored and security policies enforced. By implementing such capabilities, organizations can block malicious activity before it reaches the device, helping to maintain operational availability in devices.
Settings are equally important. Limiting non-essential notifications, restricting high-risk applications, and carefully managing access controls can enhance safety on ‘mission critical’ tools. The same approach applies to backup planning.
Finally, organizations should think about connectivity to workloads and backend applications that are operated off the device – for example, connection to a database or running an AI workload in the cloud. It’s important that all data in transit between devices and workloads is protected.
However, cybersecurity strategies and practices must also be aligned with uptime strategies. It’s a wasted effort improving cyber hygiene if a malfunctioning update causes downtime in all ‘mission-critical’ devices at the same time.
For ‘mission critical’ devices, broad updates or general alerts aren’t ideal. A tablet relied on by an airline pilot or surgeon should not receive disruptive updates during essential operations.
Organizations need to either establish a plan to schedule downtime aligned with business requirements or procure backup devices and implement a local protocol to enable immediate device swapping as needed.
Ultimately, mobile devices are now critical to the operations of every business. Therefore, IT teams need to treat them in the same way they would other critical assets. Businesses need to have a clear plan for how they manage ‘mission critical’ devices that ensures they are both secure and operationally resilient. For many, this means the time has come for mobile to assume a first class role in the enterprise, where its impact on business is understood and maintained.
We’ve listed the best Mobile Device Management solutions.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro