Mobile Security Is a No-Win Game When Cyber-Criminals Have the Upper Hand
NEWS ANALYSIS: Mobile security is at best a zero-sum game in which the bad guys are the only ones with a positive payoff potential. Corporate network and data security managers can only hope to keep cyber-crooks at bay.By now, you are likely wondering why Im talking about game theory when discussing mobile security. The reason came when I chaired a panel at the NetEvents Americas Press Summit on the topic, and realized that the very best a network security manager can do is keep the bad guys at bay. Whats worse is that its a battle that you certainly cant win, and that the best you can do, if youre really lucky, is break even. To say that the odds are stacked against you is an understatement. One of the panelists, former FBI Special Agent Jill Knesek, who is now head of Global Security with BT Global Services, said that her company performed an analysis of Android apps from Google Play and found evidence of active or dormant malware in about a third of all Android apps.
Adding to the difficulty of maintaining security in the enterprise is the ease of breaking security rules without realizing it. A good example is cloud storage such as Google Drive or Microsoft Skydrive. While the services themselves encrypt the data thats stored there, its accessible to anyone who knows or can figure out the password. This sort of problem is made worse with BYOD, both because users arent thinking about security since they own the devices and second because there are significant impediments to maintaining security, including laws in some places that can keep you from wiping your company data from a personally owned device.