download issue 27 here - Help Net Security
download issue 27 here - Help Net Security
download issue 27 here - Help Net Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The mobile IT architecture is completely unsuited<br />
for any <strong>here</strong>tofore-existing security<br />
model and securing the mobile workforce requires<br />
a fundamentally different security architecture<br />
that solves several, seemingly<br />
contradictory goals:<br />
• It should have zero impact on the performance<br />
of the smart phone.<br />
• It should be invisible to the user, who should<br />
not be able to bypass any controls.<br />
• The enterprise should be able to mange<br />
many different types of smart phones with a<br />
single management, enforcement and control<br />
console.<br />
• Existing corporate security policies should be<br />
easy to migrate to any entire smart phone<br />
population in a few hours.<br />
• It should meet best security practices and<br />
compliance requirements of many industry<br />
sectors.<br />
• Any business should be able to design and<br />
deploy applications without having to worry<br />
about the complexities of secure programming<br />
as is needed even with web applications.<br />
Any business should be able to design and deploy applications<br />
without having to worry about the complexities of secure<br />
programming as is needed even with web applications.<br />
The mobile security problem is not going away<br />
because we wish it to. In fact, it is more complex<br />
than ever before and the sheer number of<br />
users is driving the consumerization of IT and<br />
the proliferation of these dual-use devices<br />
faster than any technology in history.<br />
The control of computing devices has migrated<br />
from the centric to the non-centric and<br />
back. The intelligence of devices has similarly<br />
moved from point to point within the IT infrastructure<br />
and the response of the security industry<br />
to the hyper speed of technology innovation<br />
and deployment must accommodate<br />
the new mobile requirements of business,<br />
government and the consumer.<br />
I invite readers to consider one approach to<br />
this massive problem: moving all security controls<br />
and enforcement off of the internal enterprise,<br />
the end point devices, the desktop and<br />
into a secure ʻhaloʼ w<strong>here</strong> security comes first<br />
and application comes second.<br />
Imagine: a private security cloud w<strong>here</strong> the<br />
business guys can actually design applications<br />
with minimal restrictions. Imagine: a single<br />
administrative and control point for the<br />
mobile enterprise.<br />
T<strong>here</strong> is no need to imagine that this is real -<br />
because it is.<br />
Winn Schwartau is Chairman, Board of Directors, Mobile Application Development Partners, LLC and consults<br />
with private and government organizations around the world. He is an expert on security, privacy, infowar,<br />
cyber-terrorism and related topics. Schwartau has testified before Congress, advised committees and has<br />
consulted as an expert witness.<br />
www.insecuremag.com 42
Change language