Is the struggle for mobile security a losing battle?
“There is no such thing as absolute security,” former White House Cyber Security Adviser Howard Schmidt told an audience of mobile security businesspeople and analysts at the recent Mobile and Wireless Enterprise Summit event in Indian Wells. Calif.
But that doesn’t mean the battle for a more secure mobile environment is all for naught. Growth in the wireless industry will be stymied if security isn’t adhered to, he said.
Securing a future
Schmidt, who now works as a security strategist within organizations aimed at improving security throughout the market, said the most vulnerability lies in software and applications.
“We’re seeing software development kits being released,” Schmidt said. “At the lowest layer, application development is sort of the crux in us making a difference in the future in how we’re going to be secure.”
With people using mobile devices for everything from booking flights to paying bills, application security cannot be overlooked, he said. “The only reason I even carry a laptop anymore is because it’s easier to type,” Schmidt said.
He said criminals will always be motivated to break applications to gain access to personal data. “Data is the gold, silver and diamonds in today’s environment,” he said.
“I don’t want to be in an environment where I’ve got vulnerability in one of my wireless devices,” Schmidt said. Third parties that have access to personal data on mobile devices must also share equal responsibility for security, he said.
Via text message at the conference, Schmidt was asked to detail the three biggest challenges a company or organization might face in mobile security. Schmidt, a former security officer at Microsoft Corp. and eBay Inc., said the biggest hurdle is in convincing leaders how important mobile security is to their organization.
It’s good to be paranoid
“Just because somebody’s a bigger target than you doesn’t mean something won’t happen to you,” he said. Beyond that, companies need to retune and restructure their organization to tie security into the day-to-day operations of the business, he said. And finally, consumers must understand the level of responsibility they carry as well.
“The end user has a responsibility, but nobody’s conveyed that to them yet,” Schmidt said.
Information security is not inherently expensive or painful for a company to achieve, he said. Any company looking to further protect its mobile data should look at five components, he said: engineering and architecture, day-to-day operations, education and awareness, ability to investigate and the data connection source.
“This whole mobile environment is something we need to care after,” he said.
“There is a level of trust now that we have to look at that we haven’t looked at before,” Schmidt said. “Looking at absolute trust I think is also pretty elusive.”
And he would know. Schmidt talked about the government’s slow response to technology. “The government was actually chasing the technology because the bad guys were using it,” the former law enforcement officer said.
“There’s this perception that somehow technology related to government and technology related to the public are in separate silos,” Schmidt said. “A lot of people think the environments are totally different. It’s basically the same infrastructure.” The main differentiator is on the product side, he said.
Wireless is key
Wireless devices have become a critical part of infrastructure for government, public and commercial entities, he said. Through a year-long study, the government learned that “private industry owns about 85% of what we call critical infrastructure,” Schmidt said.
Since then, major private companies and government agencies have come together to share critical information to help improve security overall, Schmidt said.
In conclusion, he compared the strides made in information security to the slow-but-steady improvements made in auto safety. A few steps have been made, yet much more needs to be done as wireless devices accumulate the information people hold most dear and near, he said.
