Intel Buys McAfee to Strategically Attack Smartphone, Embedded Markets

Rob Enderle
Slide Show

Smartphone Security Gaps

Employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.

In its largest acquisition to date, Intel bought security vendor McAfee this week to aggressively address the emerging embedded and smartphone markets, both of which increasingly are poorly secured. It could provide Intel, which was having trouble gaining a foothold in tablets and smartphones, with a significant advantage and set up similar opportunities for markets such as automotive technology, where lack of security makes it potentially life threatening. It is rare that a company sees an opportunity like this and makes a move of this magnitude to address it. This is history in the making. Let's explore that.


Short Security History


When IBM came to market with the mainframe, security came up with it and while there were third-party solutions, IBM generally owned, and still owns, security for this platform. This had two advantages: IBM could blend the solution between hardware and software, and it would sell its solutions as a component of the platform, not a patch for a flawed design. The latter became important later.


Fast forward to Microsoft and Windows and the idea that security should be handled by third parties. That was likely one of the biggest early mistakes that company made. This had one advantage: Someone else had to deal with security and Microsoft could just focus on building products. But it also had two massive disadvantages (or three): Security software wasn't easily integrated into the product and often caused more problems than solved, and security companies were motivated to find problems in order to sell their software. Both pit the security firms and Microsoft against each other. To this day, many believe that some of the viruses and attacks were initiated at security companies needing reasons for people to buy their offerings. In the end, the savings by not doing security was overwhelmed by the result.


Microsoft rethought this and bought a number of security technologies and at least one security company, but was unable to fully integrate solutions like the free Microsoft Security Essentials offering (which is actually rather good) because of antitrust restrictions.


The lesson is that platform owners should own the security of that platform or really bad things happen.


Smartphones: Exposed at Birth


In many ways smartphones are paralleling Microsoft's experience, with the exception of Research in Motion, which did take security seriously (but is having a different kind of security problem at the moment.) Apple and Google did not and now malware is starting to spread on their platforms. To exacerbate the problem, the ARM platform, the most common hardware used in smartphones, has little extra headroom for antivirus offerings. To get around that, the operating system owners limit which applications can run simultaneously. This limits the ability for an anti-malware product to operate in the background unless it was co-designed with the hardware to behave properly and not hurt performance.

Embedded Exposures are More Frightening


At least with smartphones, there are built-in protections like application stores and carrier firewalls that can make infection more difficult. The worst things that can happen aren't life threatening. But embedded systems operate in manufacturing equipment, automobiles, airplanes, boats/ships, lighting systems, fire systems and people movers like elevators. Increasingly these systems are becoming networked with little focus on security because, up until recently, they didn't need it. Now if someone hacks into your smart-grid refrigerator and turns it into an oven, you will be upset because your food has become foul-smelling sludge. But if your car is hacked and the safety systems turned off, you'll likely be even less amused. And this seems to be happening.


Wrapping Up: Getting Ahead of the Problem for Once


By buying McAfee, Intel is going back to the beginning of the computing market and will be differentiating its solutions by building security into them at the start. Rather than starting from scratch, it is beginning with one of the largest security teams on the planet to assure results that are mature and don't cause more problems than they solve. Like IBM, Intel will be able to provide optimal results, so users won't have to choose between adequate performance and adequate security.


It won't be easy to pull this off, but if it is accepted by those who build the systems, it could result in a better, safer future for all of us and a more successful one for Intel. It is kind of nice to see everyone's needs come together like this from time to time.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.