The convergence of cloud and mobile computing is an irreversible mega trend. In the U.S. federal market, both defense and civilian government agencies have begun to issue RFPs for cloud–mobile convergence solutions, potentially worth millions and even billions of dollars.

Smart phones and tablets offer rich user interfaces, while the cloud provides massive data processing capabilities and the business logic to support a mobile workforce anywhere, anytime. Cloud–mobile convergence is also driving new trends such as “Bring Your Own Device” (BYOD) to work in both government and commercials organizations.

The key business enabler for cloud–mobile convergence is security. Traditional security approaches based on a view of security as a mere defensive measure and overhead cost will not work. Organizations must adopt new security strategies to take advantage of the vast opportunities arising from cloud–mobile convergence. Some of these strategies include the following:

• Design a homogeneous and defense-in-depth security architecture for the cloud–mobile environment. With cloud–mobile computing, the security boundary extends to the cloud provider and mobile carriers, as well as BYOD users. Organizations need to make sure their data is secure both within the cloud and the mobile device. It’s imperative to engage experts to design a homogeneous and defense-in-depth security architecture that includes mobile device management, mobile and cloud application-level security, mobile VPN, mobile virtualization and sandboxing, mobile application management, and cloud security governance in addition to network level security.

• Leverage a Mobile Enterprise Application Platform (MEAP). A MEAP platform with a robust security framework will address the complexities of extending security from the enterprise to mobile devices and enable the organization to focus instead on quickly and easily delivering transformational mobile apps to its customers, employees and partners.

• Ensure optimal partition of data in the mobile platform to enhance availability, usability and response time per transaction. The majority of data should reside in the cloud; only a small portion of data can be stored in a mobile device. It’s imperative to encrypt sensitive data within the cloud and mobile device, as well as protect data in transit. With the growing use of REST API to enable cloud/mobile applications to access cloud data, it’s important to leverage industry security standards such as Security Assertion Markup Language and OAuth to provide the right level of authentication needed for APIs.

• Implement a comprehensive identity and access management (IAM) strategy. This is crucial to ensure the right people have the right privileges for accessing the converging cloud and mobile environment. Most enterprises are still struggling with traditional IAM solutions and have many different security silos and identity stores for different lines of business applications. A centralized and well planned IAM strategy will serve as a key differentiator and cost saver for organizations moving to a cloud–mobile environment.
• Ensure executive-level support for cloud–mobile security. Traditionally, security has been viewed as a defensive measure and overhead cost. A shift in mindset is needed. Corporate and government executives need to view security instead as a key business enabler supporting the many innovations and opportunities generated by cloud–mobile convergence. With this necessary mind shift, security resources can be better allocated and leveraged in developing enabling security functions due to their increased visibility and empowerment within the organization.

• Provide adequate training. There is currently an acute shortage of cloud and mobile security professionals. In the face of ever-changing security threats, security professionals often feel a few steps behind hackers. This problem becomes exacerbated in the cloud–mobile environment with its more complex security issues. It’s important to provide adequate security training to empower IT professionals to 1) assume more security work amidst the current shortage of security experts and 2) to keep up with new security advancements in the cloud–mobile sphere.

In summary, cloud–mobile convergence is inevitable and holds great potential for driving innovations and opportunities that will lead to highly productive mobile workforces. Security is the key enabler and success factor in this convergence. By adopting the strategies laid out above, organizations will be ready to take on the challenges of cloud–mobile security and gain the many competitive advantages a secure cloud–mobile environment offers.