Mobile Security: Surfing the Paradox

Wednesday, August 22, 2012

As the old adage goes, “If it isn’t nailed down someone will steal it”.

Even the father of the Open Source movement, Richard Stallman, had the recent misfortune to have his laptop, money and passport stolen while at the University of Buenos Aires in Argentina.

A common enough crime you may think, but this illustrates well the paradox of using the words “mobile and secure” in the same sentence.

Mobile phones are a very different beast from the generation of big iron that laid the foundation for modern IT practices. It is quite ironic that we have come full circle from the days of time- sharing on mainframes to sharing resource in the cloud, and in the process reneging a vital degree of control over our most important asset – information.

Unfortunately, some of the best practices adopted in the early days of computing seem to have been sacrificed for marketability, cost and convenience including extensive software and firmware analysis, testing and robustness.

While it is accepted that the major players in the industry take adequate steps to provide secure quality software, mistakes are still made, errors creep in and this doesn’t take into account 3rd party developers who have little or no regard for security.

The platform itself is a hybrid, combining both traditional functionality with the added connectivity via carrier networks, WiFi and Bluetooth as well as other proprietary interfaces such as infra-red.

Considering the portability and accessibility of the devices and the mobile device poses a larger security risk than the humble PC or indeed laptop.

This is basis of the paradox – how can a device that is so small, open, technically innovative, tactile, easy to use and readily available – retain cultural and mass-market appeal while at the same time remaining secure? This is the challenge not just from a software or hardware perspective but also from a cultural one.

Download the full whitepaper here:

14444
General
Information Security
Enterprise Security Best Practices Data Loss Prevention Mobile Devices Development Smart Phone Secure Coding Mobility Mobile Applications
Post Rating I Like this!