Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why mobile security is a systemic problem

Rainer Enders, CTO, Americas, NCP engineering | March 4, 2013
There has been considerable hype around each mobile threat vector that has emerged in the last year, but what's often overlooked is how mobile security is currently approached.

We're in a period of significant mobile device proliferation at all levels. Yet, the security solutions designed to combat threat vectors can, at best, be described as siloed solutions that fall short of necessary intelligent threat defense not to mention critical security function integration and management functionality. This is not to say these solutions lack sophistication because, in many cases, they are built with superior engineering and the latest technologies. Rather, the issue is that threat detection, mitigation and response requires an integrated and managed approach that is often difficult to obtain, considering the way we currently tackle mobile threats.

For instance, because mobile devices are constantly exposed to different and often hostile public networks, the best of security technologies are barely just enough to deliver a security baseline. Therefore, in the absence of a one-size-fits-all security product, the better approach is to interconnect the siloed, best-of-breed security products and technologies in intelligent ways, focusing on defense-in-depth strategies and powerful threat responses.

IF-MAP, for example, is an open standard that is well-positioned to deliver in this area. IF-MAP provides the possibility to interconnect different IT security systems for an accurate representation of the health status of an IT network. In fact, several security vendors are currently involved in the ESUKOM research project that aims to use IF-MAP to automate security responses to network threats and enforce security policies without human intervention.

Taking a broader view, however, the problem with mobile devices remains a systemic one. In turn, this means everyone needs to be involved in shoring up the security of these devices, all the way from the moment of conceptual design to its implementation, and finally, its use. This shifts the sole burden from IT administrators and shares the responsibility with everyone, from designers, software architects, company management and end users. But more importantly, this prioritizes security in every step of the way, rather than relegating it to a reactionary, retroactive add-on.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.