New Model for Selling Holistic Smartphone SecurityBy Ericka Chickowski | Posted 2009-09-17 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
The model is meant to aid channel partners, vendors and enterprises in navigating the chaos caused by massive user migration to highly-functional computing devices such as iPods and BlackBerry devices.
Security channel providers who help customers approach smartphone protection
in a holistic fashion could grab hold of a significant market niche if they
approach it the right way, says an industry analyst at Compliance Research
Group, which today released a
new model for implementing mobile security in the enterprise.
Meant to aid channel partners, vendors and enterprises in navigating the chaos caused by massive user migration to highly functional computing devices such as iPods and BlackBerry devices, CRG’s DUST model suggests that the mobile environment cannot be fully secured without protecting four major elements: devices, users, sessions and transactions.
"We developed the DUST model primarily because in our view there wasn't a practical, simple and easy-to-understand way for all of the different pieces to fit together," says said Mark Willoughby, principal and lead analyst at CRG. "The jigsaw puzzle was disconnected, and there wasn’t a practical way for either vendors or end users or channel partners and channel providers to understand all of the pieces needed to fit together to have a complete end-to-end solution for the emerging smartphone mobile marketplace."
Willoughby sees the DUST model starting at the basics with sound device security to protect against viruses, man-in-the-middle attacks and device losses. Then organizations need to secure the individual user activity through strong authentication. Next, session risks associated with transit through VPNs and various portals into the cloud or trusted network applications must be mitigated. And finally, organizations must account for the security of transactions once the user has reached the destination site.
"So the DUST model is a new way of viewing a complex end-to-end chain of trust from the user through the device through the sessions through the destination and the transaction to be conducted there," Willoughby says.
He believes the biggest challenge today in mobile security is bridging the security divide between consumer applications and enterprise applications that must co-exist on the same device.
"On that same device, leaping over [from consumer applications], we have to VPN to some secure corporate Websites in a trusted network in the cloud that contains a lot of sensitive information," he says. "Being able to do that properly is going to be a big challenge."
As enterprises try to meet those challenges, Willoughby believes that there is a tremendous amount of opportunity for the channel to swoop in and fill in holes within the smartphone chain of trust left behind by a fragmented vendor landscape.
"Very few people are able to fully provide that kind of end-to-end security. Even mobile carriers can't provide that kind of capability for their smartphone devices," he says. "For aggressive and visionary channel partners, they can quickly grab something like the DUST model to start using that to design and market and sell pieces of the solution to fill in the gaps."