Well, we're back! Thanks to those who registered and responded to last week's debate and workshop on mobile email. You can see a round up of this here, but meanwhile, we want to pick up on the question of mobile security and the need for device management. The big question here is how you're creating mobile policies and …
Device management security
We have developed a proximity based, encrypted bluetooth device that has a realtime relationship with any mobile device that we can insert our code into the OS. That relationship can be monitored / ruled from anywhere in the world, over GPRS.
That means, currently, for mobile 5 devices, if your phone / pda moves more than 10-15 feet of our bluetooth device, it is locked down. We can even progress to data wipe.
Everyonre talks about security at the mobile networks, but can we actually get concrete interest?
NO. Catch 22 as need sales tracation.
It's a user problem
OKay, so it's a user problem - no matter which way you want to slice it. We're all fallable and no doubt even the worlds greatest security guru mislays his keys, pda whatever every now and then. But what are the options for managing our own falability really?
- Make good decisions in the first place -ie infrastructure, devices and deployment - so being falable is less important.
- Keep things centralised - you gotta be able to control things, end of story
- Encrypt, encrypt, encrypt
- Hammer home the implications and make it clear where accountability lies
I think the device and such like is really rather irrelevant.
What about voice?
The funniest thing i encounter is people on trains hapilly dictating their credit cards over the phone to people. If i was a more unscrupulous type, i could have retired by now.
POint being it's not just data - it's an overall lack of responsibility and awareness about the risks associated with communications outside of a secure nevironment.
Sadly, that's an age thing. The next generation will be on top of it, but for now we've got to struggle by managing risk and preventing escalation of problems.
So, be smart about your systems. But be smarter about your responses to problems. We've got some very smart and experienced security guys, and we do lots of internal conferences and such like on security which keeps us fairly well tucked in at night. But it still goes wrong sometimes.
I think the comments above are damned right too. Good decisions up front are obviously critical, but risk mitigation and response times are critical.
Those are the key issues for mobile environments currently. There's deifnately a lot of talk about malware and viruses running through mobile devices. But there's an awful lot of market-making in these statements. I've yet to witness anything of the sort and we have a 'lot' of mobile users.
By the time the bad guys catch up with mobile devices, i think the parties involved will be on top of it - there seems to be a lot of smart thinking coming out of groups like 3GPP.
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- Game Theory Is the next-gen console war already One?
- BBC suspends CTO after it wastes £100m on doomed IT system
- AT&T adds 61¢ 'Mobility Administrative Fee' for users
- Updated Reports: New Xbox could DOOM second-hand games market