Fearmongers miss the point on mobile security

Mobile Security
Image Source: Technorati.com

Doomsday predictors have already portrayed a bleak future for mobile computing if it does not show paramount importance to security. The all-round perception is that smartphones are basically less secure than desktops or laptops, and the moment someone logs into a corporate network using their smartphone, the entire network is at a high risk of being compromised. There is truth in such a perception. There have been many instances where cyber criminals have successfully hacked mobile phones through malicious apps or by eavesdropping as the busy worker connects to the corporate network using an unsecured public wi-fi.

However, focusing on the risks from mobile use and refraining from leveraging the benefits that mobile computing brings is like missing the wood for the trees. The point is that mobile devices are no more dangerous to electronic data security than a photocopier is to paper archives. While both these devices undoubtedly make transmission or unauthorized copying of data easy, the root cause is elsewhere – lax security of the data in the first place.

The dominant approach to network security has been perimeter fencing, or trying to block access to data from unauthorized eyes. The spate of cyber attacks over the last three years, where ingenious hackers have successfully managed to circumvent such fences with ease has already rendered this approach obsolete. And this was even before smartphones proliferated, and the concept of BYOD had taken root.

Rather than concentrating on the device or network, a far effective solution to security is to make the data itself secure. Encryption is the most common way to do so, but there are other methods as well, such as storing data in multiple silos, coding, hashing, and more. When the data itself is secure and useless except for people who have the necessary credentials to make sense out of it, then it does not matter even if it falls into the hands of cyber criminals.

The present state of mobile security is just an amplification of the inherently insecure practices in vogue to date. Trying to make mobile computing more secure, while leaving the basic security untouched is like plucking the leaves of a weed, while not touching the roots.

Author : Nayab Naseer Date : 01 Jun 2013