IDF 2011: Enterprization of the Consumer

Rob Enderle
Slide Show

Seven-Step Security Health Checklist

See how you fare with this security checklist.

At IDF, Intel's developer conference, there is an interesting counter-trend under discussion. While we have been talking, as an industry, of the consumerization of the enterprise, which is the entry of consumer devices (smartphones and tablets) into the enterprise, problems have emerged behind the scenes.


This trend has created an increasing exposure as hostile forces started to attack these less-secured devices in order to gain access to protected corporate data. Intel acquired McAfee to address problems like this and, at IDF, started talking about the enterprization of the consumer, or massive effort to secure these new devices with technologies that evolved out of the PC market. Called "DeepSafe," this effort, jointly developed by Intel and McAfee, represents a new blend of hardware and security software to address this hostile threat using a method more conducive to smartphones and tablet strengths and limitations.


Let's discuss this.


Tablet and Smartphone Limitations


These emerging product platforms have some severe performance limitations and don't have the headroom to run deep, invasive anti-malware applications to root out these things once they are installed. So the approach is very different; it is more of a prevention than a correction approach to the problem. If the malware can be identified and blocked in the first place, the performance hit may be avoided and the code embedded in the hardware would be very difficult to compromise.


Intel and McAfee's Approach


Now this approach isn't absolute, but then the goal with an effort like this is to make the cost of compromising a device so protected unacceptably high, shifting the attack someplace else. Containing elements of device identification, encryption (storage and transmission), pervasive usage rights for data and elements of trust, this technology isn't expected to reach final shipping form for 18 months. This is also expected to be part of a multi-level security approach that would include traditional site security and would have to include some type of network access protocol so that devices that don't have something like DeepSafe don't make it into the environment.


This last creates a possible competitive exposure.


Multi-Vendor Exposure


Even though it's owned by Intel, McAfee promises to remain multi-vendor and this means it will likely approach similar solutions with other vendors. However, it is likely these solutions will be slowed by Intel's ownership and the two firms are developing this jointly, which assures Intel will be to market first regardless.


This will likely slow adoption of the technology as firms that require a multi-vendor approach hold off deploying, or relying exclusively, on the technology until more than one vendor supports it. However, the massive increase in security exposure being monitored in businesses suggests the need to adopt this technology rapidly and shifting the threat away from companies may significantly offset this.


PCs Get It First


While the initial target for this technology appears to be the devices coming in from the consumerization trend, they will appear on PCs first because the requirements are shared and this is the majority of Intel's market today. In fact, initially, the work is focused on the Core (i3, i5, i7) and will address PCs first even though the requirements came out of the consumer devices. But it will embrace other platforms as Intel moves into those markets.


Wrapping Up: Be Prepared for Changes


The two important parts of this is that it will vastly change how devices are treated and secured in business if it is successful, and it will be at least 18 months before you'll be able to buy it on devices in volume. However, as with all major security initiatives, this is being driven by what appears to be a massive and increasing threat to smartphones and tablets, which remain relatively vulnerable given few, if any, run anti-malware products today. It is worth keeping an eye on this both to utilize opportunities to provide input and potential, reduce avoidable deployment pain when it shows up and to better assess this growing threat and prioritize its mitigation.


And you got a new term today, "enterprization of the consumer" (or "IT strikes back"), which you can use in staff meetings to remind folks that IT actually does have a job to do that goes beyond getting the latest toy on the network.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.