At Google I/O, people spent a lot of time talking about secure containers like Samsung Knox to better secure Android phones. However, I’d just finished reading the latest McAfee Security Report and one of the trends it identified made it clear that the smart container approach likely won’t work. This got me thinking about how I’d rather see the problem addressed and that likely would be by keeping the device class that was attracting viruses away from the functions I needed to secure. Suddenly, the 5-inch Toughpad from Panasonic and the solutions favored by companies with government ties at the NASCAR event I went to last weekend make far more sense.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iLet me walk you through it.
The Problem with Containers
The core problem with the container approach to a security problem is assuring that the foundation they are on is equally secure. For instance, much like building a super-secure bank in the middle of a high-crime area wouldn’t be that secure because the customers going in and out would be attacked, building a secure container on a platform that can be rooted and made to capture keystrokes (passwords and IDs) isn’t secure either. The information that is captured can be used to breach the secure container and if anything is created on the device, it will be compromised by keylogging before it can be secured.
The latest McAfee security report indicates that while there was huge dip in rootkits when the different smartphone makers moved to far more secure 64-bit platforms, this dip has reversed. Hackers have figured out how to get people to install rootkits on these phones now and, once again, they are compromised. Unless you block side loading or figure out a way to reengineer the users so they don’t do stupid things, a container simply isn’t going to work.
Separate and Tether
The small smartphone form factor has several advantages. It is more portable, it is generally cheaper than a tablet, particularly when hardened and made outdoor viewable, and if it isn’t a popular phone it is far less attractive to thieves. This suggests that a far more secure practice for small portable electronic use for business would be to have a separate device that is focused on the tasks you need done rather than trying to expand an employee’s cell phone to do this duty. You can tether the small tablet to the phone if you need wireless connectivity and, given that this is being used for a purpose that requires security, encrypt the data so that it can’t be compromised in transit. You can lock the device down (and most do) and if you need it to connect wirelessly, the Panasonic can have phone features or WAN functionality added as options. It runs embedded Windows; even if users could figure out how to load a rootkit, someone would have to create one uniquely for the device, which few outside of hostile governments would have the interest or resources to do.
But given the massive increases in mobile malware identified by the McAfee report, the only thing that may work to truly secure a mobile transaction is to get that transaction off the phone and to a separate device. Yes, it is more expensive but against the cost of a breach, the extra cost is trivial.
Wrapping Up: Rethinking Secure Mobility
I get that firms want smartphones to be able to do anything, and potentially they can. But asking them to bridge personal games (which are being used to spread malware, according to the McAfee report) and highly secure tasks is just asking for a breach. They aren’t that sturdy either. Even though you can wrap them with cases, in the end, you are just trying to force a device that was designed for fun and entertainment to be something it wasn’t designed to be. It’s like trying to turn a sports car into a tank. Yes you can do it. I just don’t think it is a good idea.
The firms I spoke with at NASCAR were planning to use this new 5-inch Toughpad where others might use smartphones because they needed the job done correctly and securely. Often, it is best to use the right tool, not the cheapest. This is something I’ve learned the hard way more than once when working on a car.