Weinschenk: Are companies sticking with the antiquated approach out of habit or do they think it is a better approach?
Bancroft: I think it’s a mix. They are acting partly because companies know they need to do something. The MDM approach on the surface sounds like a good one because it’s a model they are familiar with. But when you look at it in detail, it really gives you a false sense of security.
Weinschenk: What are the elements of a better approach?
Bancroft: The first thing is that the encryption keys need to be independent of the device. If you are using a device’s PIN code as the encryption key, if you hack or root that device, you can find that encryption key and all the security of the container is lost. So the first point is that keys must be independent of the device and not stored on the device. For example, the encryption keys in iOS are generated using the device’s pin code.
For a sophisticated hacker, a four-digit numeric pin code can be hacked in a few minutes. To make it strong enough, it needs to be long and a combination of lots of different characters, not just numbers. Most people are not willing to have a long, strong PIN code on their device.
The security system you deploy must generate session-specific encryption keys that are delivered to the device once it has been authenticated and must be good just for the duration of that authenticated data session. Once it finishes that session, those keys can no longer be valid.
Weinschenk: So where do the encryption keys come from?
Bancroft: Businesses create access and authentication schemes that they are comfortable with. They typically include user name and passwords. They include rules on the mix of characters, how long they are and how often you need to change it.
The assumption is that the access and authentication model in the network is strong. The security model in the enterprise is one that the enterprise has decided is sufficient. Strong means long and strong passwords and changes of password regularly. There is additional multifactor security, not just a password.
To sum up, a good overall approach starts with focusing on protecting data and not the device, the second element is a strong access and authentication model -- ideally the same one used in the corporate network -- and the third element is strong end-to-end encryption.
Weinschenk: So good security isn’t a simple choice between protecting the device or protecting the data. It’s a bit of both.
Bancroft: There always is a tradeoff between usability and security. You have to establish the right balance. If you have the best security possible to implement, it is very hard to use devices. But if you make it too easy, you probably don’t have good security. It’s a balance. You have to get the balance right and that involves a number of choices.
Weinschenk: Where does HTML5 – the environment in which an increasing amount of apps will be written – fit into this?
Bancroft: Using HTML5 makes it possible to do all the things we’ve talked about. And there is a benefit in the fact that an app running on the device is running inside a browser. That’s important because there are a large number of standards-based, broadly available and widely accepted security tools and techniques that you can use by default, such as HTTPS or open SSL for encryption of the data being transmitted. So there is whole security model that comes in the Web.
Weinschenk: Isn’t that true with anything written in HTML? What changes in HTML5?
Bancroft: The difference with HTML5 is that they have written important enhancements that made it possible to write rich and exciting and secure mobile apps.