Mobile Security Is the Responsibility of Everyone in the Data Chain
NEWS ANALYSIS: There is no single place where security responsibility resides. Carriers, infrastructure providers and customers should take some responsibility.FORT LAUDERDALE, Fla.—The young woman in the brown uniform looked at me suspiciously. "I need some photo identification," she said. I glanced at her shoulder patch showing that she was with U.S. Customs and Border Protection and handed over my passport. Once she saw the document and confirmed (apparently to her disappointment) that I did, indeed, look like my photo, she motioned me through the gate in the security fence. This was the first time I could remember when I'd had to get past customs just to enter a convention center, but I decided that it must mean that the people putting on the Competitive Carriers Association annual meeting took security seriously. This was a hopeful sign, since I was presenting a panel discussion on security for mobile devices. Later, I would find out that the presence of the Border Patrol was unrelated to the conference—the city of Fort Lauderdale had changed something about entering their port, thus the security. The topic of the panel discussion I was moderating was "Security Works Both Ways: Helping Your Customer Stay Secure," which was intended to cover how carriers and providers of infrastructure need to work with their end users because security is a common requirement. This panel turned out to be remarkable for two reasons. The first was that we stayed on topic, which is unusual. The folks who came to see what we had to say were, in fact, very interested in the issue because it turns out that security issues that reach their customers also affect the companies. Some of the effects can be significant. For example, if malware makes a device on their network turn an endpoint into a bot network client, the carrier's network could suffer from the vast traffic load, but also by having its traffic to other networks blocked.
But, of course, things like malware aren't the only problem, as one panelist, my friend David Gewirtz, said when he pointed out the second remarkable thing. "Never underestimate the efforts of your users to overcome your security," he said. Gewirtz then told about one instance in which one of the first things a user had done, when issued a smartphone, was to try to eliminate all of the security protection.