Smartphone Security Gaps
Employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.
In its largest acquisition to date, Intel bought security vendor McAfee this week to aggressively address the emerging embedded and smartphone markets, both of which increasingly are poorly secured. It could provide Intel, which was having trouble gaining a foothold in tablets and smartphones, with a significant advantage and set up similar opportunities for markets such as automotive technology, where lack of security makes it potentially life threatening. It is rare that a company sees an opportunity like this and makes a move of this magnitude to address it. This is history in the making. Let's explore that.
Short Security History
When IBM came to market with the mainframe, security came up with it and while there were third-party solutions, IBM generally owned, and still owns, security for this platform. This had two advantages: IBM could blend the solution between hardware and software, and it would sell its solutions as a component of the platform, not a patch for a flawed design. The latter became important later.
Microsoft rethought this and bought a number of security technologies and at least one security company, but was unable to fully integrate solutions like the free Microsoft Security Essentials offering (which is actually rather good) because of antitrust restrictions.
The lesson is that platform owners should own the security of that platform or really bad things happen.
Smartphones: Exposed at Birth
In many ways smartphones are paralleling Microsoft's experience, with the exception of Research in Motion, which did take security seriously (but is having a different kind of security problem at the moment.) Apple and Google did not and now malware is starting to spread on their platforms. To exacerbate the problem, the ARM platform, the most common hardware used in smartphones, has little extra headroom for antivirus offerings. To get around that, the operating system owners limit which applications can run simultaneously. This limits the ability for an anti-malware product to operate in the background unless it was co-designed with the hardware to behave properly and not hurt performance.
Embedded Exposures are More Frightening
At least with smartphones, there are built-in protections like application stores and carrier firewalls that can make infection more difficult. The worst things that can happen aren't life threatening. But embedded systems operate in manufacturing equipment, automobiles, airplanes, boats/ships, lighting systems, fire systems and people movers like elevators. Increasingly these systems are becoming networked with little focus on security because, up until recently, they didn't need it. Now if someone hacks into your smart-grid refrigerator and turns it into an oven, you will be upset because your food has become foul-smelling sludge. But if your car is hacked and the safety systems turned off, you'll likely be even less amused. And this seems to be happening.
Wrapping Up: Getting Ahead of the Problem for Once
By buying McAfee, Intel is going back to the beginning of the computing market and will be differentiating its solutions by building security into them at the start. Rather than starting from scratch, it is beginning with one of the largest security teams on the planet to assure results that are mature and don't cause more problems than they solve. Like IBM, Intel will be able to provide optimal results, so users won't have to choose between adequate performance and adequate security.
It won't be easy to pull this off, but if it is accepted by those who build the systems, it could result in a better, safer future for all of us and a more successful one for Intel. It is kind of nice to see everyone's needs come together like this from time to time.