The Future is Mobile but will it be Secure?

The past week has seen three developments likely to fuel future growth in the use of mobile devices. The first is Apple’s UK i-Phone launch, which might not be the most advanced device in terms of functionality but certainly represents a step forward in usability. The second is Google’s announcement of their new open platform for mobile devices, which is likely to accelerate the longer term growth of mobile applications and features. The third is the start of manufacturing of Nicholas Negroponte’s one laptop per child machine which introduces mobile computing, and programming skills, to previously inaccessible regions of the world.

Fast forward a few years and we can expect wireless, mobile operation to be the norm for most people, at both work and play. There’s nothing surprising about this, except for the fact that few organisations have given this channel sufficient security attention. Many security managers were caught off guard by the unexpectedly rapid uptake of wireless LANs and Blackberrys. And, until recently, few organisations had even considered encrypting laptop data. Traditional corporate perimeters don’t safeguard mobile business operations. We need new solutions, new practices and new user behaviour. And time is running out to put them in place.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Add OpenMoko into your list. It has the advantage and disadvantage of being an open phone platform that's not tied to a big corporate. I'm hopeful that all these developments will lead to usable and customisable phones soon.
It's not so much that businesses have been caught offguard by uptake of mobile devices that is forming a block to the proper adoption of mobile security, although that has undoubtedly been a problem. It is just that many businesses - and even their security officers - simply do not seem to care about mobile security, rating it low on their radar. This is despite such high-profile cases as TJX, where most of their card account data losses were traced directly to non-existent security on their wireless LANs. If basic errors like this are still being made whilst the mobile information community grows at its present pace, then security consultants and suppliers have a long struggle on their hands!
More interesting info on Google's platform - - they have their own open source re-implementation of the Java Virtual Machine to circumvent licensing issues.
What surprises me is that we are actually surprised by this at all! It is a common theme that the minute a new technology becomes available that enables a new channel for a businesses processes, be it to a customer, within the supply chain or for general marketing, then the first people to pick up on this are the creative technologists and marketing. Does anyone really think that these people have security uppermost in their minds? I sat in a meeting that decided whether to go ahead with a new service. This was with one of the UK’s top 4 banks. When one of the CTO guys expressed his concerns about security, the business sponsor said “fine, but we will take that risk”. This was less than 2 years ago. Security isn’t sexy, doesn’t attract the best people because they are only seen as a cost and not an asset (or value add), and until this changes you will always see it lag behind within a business. This position is changing, but only gradually, and in the UK we really are behind the US in terms of understanding and adoption.