Security on mobile devices continues to be a major challenge as companies struggle with increased levels of attacks and as mobile devices become the preferred platform for enterprise users. We expect notebooks to represent more than 50% of enterprise PC deployments within two to three years, and more than 85% of enterprise users will deploy smartphone devices within the same time frame. It is clear, then, that mobile security must be at the forefront of most enterprises' security planning.
Most companies currently focus on protecting PCs by providing antivirus and firewall capabilities. Few companies currently provide antivirus and firewalls on smart devices, but we expect this market to grow dramatically in the next one to two years as new threats emerge and awareness grows. But with increasingly sophisticated attacks and with more complex machines and operating systems (OS) emerging, can a machine be fully protected just through antivirus and firewall software without killing its performance? The move to multicore chips and virtual machines will help, as security can run effectively in parallel with user applications instead of competing for resources, but this is not a panacea. And current security subsystems (e.g., TPM chips) tackle only part of the problem. It may be time to consider an alternative -- a dedicated hardware solution to tackle increasing threat levels.
We expect the effort to protect various devices to move from today's purely software-directed approach to one that uses more sophisticated and harder-to-break technology that includes external hardware devices. These devices can be assigned to a user and can easily be managed from a corporate location (via connection over broadband networks to a management server), and they can easily be moved to other devices or even to the front end of a small network (e.g., in front of a wireless hub in a home network) to protect multiple machines. These devices are currently standalone external devices, but there is no reason they can't ultimately be integrated directly into machines.
Though not the perfect solution, the personal hardware security appliance does provide some real benefits that, if conveniently provided at a low enough cost, could raise the level of security of mobile devices. First, it could bypass the need to keep the OS patched to stay ahead of the hackers -- a near impossible task. Next, it would provide the ability to enhance a firewall with incoming and outgoing data traffic monitoring to allow easier detection of problems. Third, it would allow policies to be set by an enterprise or trusted source. Finally, it could more easily track virus-like behavior by examining specific packets of information using a heuristics model. These devices would need to be upgraded periodically with new algorithms via a subscription service -- much as antivirus is now.
We expect to see a variety of devices become available in the market in the next two years, at price points well below $100. In order to be successful, however, these devices must be extremely simple to deploy, they must prove they are not vulnerable to attack by hackers, and they must not significantly affect the performance of the machines and/or networks they are meant to protect. We expect this capability to ultimately be embedded in machines rather than continue as external devices that users must carry.
About the author: Jack E. Gold is a recognized expert in mobile computing and is founder and principal analyst at technology research firm J. Gold Associates. He can be contacted at firstname.lastname@example.org.