2023 – The Year Ahead
Some, perhaps, below the radar, changes in the mobile landscape in 2023
It’s the start of a new year, and our thoughts naturally move to what the year ahead might bring for our industry. We’re all well aware of the megatrends in enterprise IT: digital transformation, work anywhere and cloud-first computing. No doubt ChatGPT is demonstrating the disruptive potential of AI in ways which make it concrete for even the most sceptical observer. The UEM market has reached maturity with widespread adoption and a leaderboard consisting of Intune and Workspace ONE, which is unlikely to change.
In our business, we are seeing a greater appreciation of the need to assign the mobile endpoint the same priority for protection as more traditional devices. This is driven by awareness of the dangers of mobile phishing attacks targeting individual organizations, spyware being used against company executives and the continued stream of vulnerabilities in the underlying operating systems. We don’t expect any of these trends to change in 2023, but we do expect them to intensify.
But what are the less obvious, perhaps more subtle changes which will begin to exert themselves in the next twelve months? Below is a selection in no particular order of things we believe are worth keeping an eye on as we move through 2023. Would love to hear what you think.
Guide to Mobile Phishing
On mobile devices 85% of phishing attacks take place
outside email. Click the link below to learn more
about the mobile phishing threat.
Not-spots solved?
There was a time when rapid innovation at the device, operating system and network level drove our industry forward at a rapid pace. Those days are over. I’m writing this blog while the Consumer Electronics Show is underway in Las Vegas, and I’m not holding my breath expecting anything revolutionary to emerge. Our industry is now one which is maturing and improving incrementally. The move from 4G to 5G is, for most, a gentle evolution rather than a step change in performance.
Something that did catch our attention in 2022 was the emergence of satellite communications in mass market smartphones. Satellite phones have been around for a long time and are still in use by those working in the 85% of the world where cellular coverage is not available. However, these dedicated devices are clunky and expensive. But now we’re seeing tentative steps into the mainstream.
The iPhone 14 has integrated satellite communications for emergency response in North America and a number of European markets. Niche UK phone manufacturer Bullitt has launched a phone that provides SMS-like service in “not-spots”- the parts of the world where we have no bars. Qualcomm has just announced Snapdragon Satellite, “the world’s first satellite-based two-way capable messaging solution for premium smartphones.” And Elon Musk’s Starlink satellite system has announced plans to partner with T-Mobile to bring satellite communications to T-Mobile phones in the US. Expect more devices and greater capabilities to emerge in 2023 and beyond.
Keeping phones for longer
We expect to see a push by organizations to lengthen the replacement cycle of corporate phones.
This will be driven by a combination of cost and environmental concerns. On the cost side, the trend towards unbundling equipment and plan purchases will lead to greater scrutiny of the upfront cost of the equipment (something that used to be obfuscated by equipment funds). Concerns about the environmental cost of short replacement cycles for electronic equipment will also push organizations to delay refreshes.
However, none of this can be done at the expense of security. Specifically, equipment needs to be recent enough for the organization to be confident that security patches will continue to be available. In light of this, how long can you push replacement cycles? It’s probably longer than you think. Google Pixel phones are guaranteed to get security updates for at least 5 years post launch. An iOS device is considered “vintage” after 5 years and “obsolete” after 7 years. Vintage phones get security updates but will be difficult to repair.
Obsolete is exactly that and shouldn’t be allowed access to your enterprise systems.
Employee privacy regulation – the US begins to catch up?
The US has long been a laggard in privacy regulation as a result of its more ‘free-wheeling’ style of capitalism. In broad terms, once an organization operates in accordance with its (often opaque) terms of use then it is free to do what it wants with information it collects outside of areas such as health and finance. For employee data collection, the rules are even looser. In 2023 we will see the first significant change.
The California Privacy Protection Act and the California Consumer Privacy Protection Act had, until now, exempted data that employers collect with regard to their employees. This is in marked contrast with the situation in the EU, where the GDPR provides comprehensive privacy protection for employees.
But from 1 January, the Californian privacy regulations will apply to employee data as well. Four other US States (Utah, Colorado, Connecticut and Virginia) have introduced consumer privacy protections and there are even moves at the Federal level. None of these regulations cover employee data, but there is no reason to believe that their scope will not expand over time.
The significance of this for organizations is twofold. Firstly, there is the need to comply with the regulations. Secondly, there is the need to take into account these regulations when introducing new systems which process employee data. In the security space specifically, there is a new need to avoid solutions that needless collect employee information (for example, their browsing behaviour, the content of their phones or their location). In our experience with European customers, by far, the easiest way to comply with privacy regulations, and keep your DPO off your case, is to avoid data collection in the first place.
Staying safe in 2023 – Mobile Security Powered by Corrata
The one thing that is certain about 2023 is that we will face unexpected and unpredictable challenges. Threat actors will devise ever more ingenious ways to attack our systems, nation-states will engage in unhelpful behaviour, and organizations will suffer significant data breaches. But it’s the start of the year, and we’re feeling optimistic that notwithstanding these headwinds, we, our customers and partners will continue to win the battle and key data safe, critical services running, and our societies secure.
