Mobile security

Security-as-a-Service = Protection Racket

If you use a smartphone, you are your own security risk. Apps are increasingly being used as vehicles for malware, especially productivity apps, which means that businesspeople using their phones for work are engaging in the riskiest behaviors. (See Report: Apps Undermine Mobile Net Security.)

Read that again. If that doesn't make your blood boil, think about it this way: App developers are apparently not responsible for making their apps more secure. You'd think that mobile network operators might be responsible for making their networks more secure, but they're not.

If you use mobile apps and you get infected by malware, it's entirely your fault for using the mobile apps that app developers and mobile network operators are doing everything they can to make you want -- nay, need to use if you're a businessperson.

Trying to get app developers to do something about that? Not even discussed by Allot Ltd. (Nasdaq: ALLT), which analyzed the data (with Kaspersky Lab ), identified and evaluated the risks and published its findings in a recent report.

So shouldn't the mobile network operators make their networks more secure? Shouldn't they be secure already?

After all, it's been common knowledge for decades that malware can be spread through executables. And yet years after mobile carriers began offering broadband, Allot tells us, their networks still lack basic security measures to protect data users.

And why should network operators offer basic security measures to protect data users?

If security was the network operators' problem, they'd have to provide it, and hardly anybody is trying to make them provide it, Allot notes. Therefore it must not be their responsibility.

So who does that leave?

You. Apparently because you're fool enough to think that app developers might write their apps in such a manner that they're more secure, or that the mobile network operators might have some basic -- basic! -- security measures in place.

Want to know more about protecting mobile networks? Check out our mobile security channel here on Light Reading.

The industry built the equipment, wrote the software, devised the networks and invited people to use them. And because all of the constituencies in the electronics industry -- chip makers, OEMs, software developers, network architects -- can't be bothered to coordinate with each other to make the whole system safe, it must somehow be the users' fault? Companies have rushed to make life convenient for customers and subscribers and users of their products and services, and then they blame users for not employing security measures that tend to be inconvenient, impractical and all too often inadequate?

This is one of the most irritating arguments ever made by the electronics industry.

Allot sells security technology and services. And since their customers aren't buying, they've tried to give them a viable reason to start. You can't blame Allot for suggesting its customers and potential customers could make money from offering security-as-a-service.

Because "security-as-a-service" sounds so much better than "replacing an irresponsible business model" or "protection racket."

— Brian Santo, Senior Editor, Components, T&M, Light Reading

mendyk 2/17/2016 | 1:00:34 PM
Re: Big leap Exactly -- shared responsibility works better than the "it's somebody else's problem" approach.
jbtombes 2/17/2016 | 12:58:36 PM
Re: Big leap Insofar as it's a 'yuge' problem, it might be useful to bake in ownership among all stakeholders, in a sort of 'triadic' way, where if one approach to security fails you still have two others...
mendyk 2/16/2016 | 9:16:06 AM
Re: Big leap JB -- That's a YUGE issue with security -- it's somebody else's problem to deal with. The reality is that responsibility for security has to be baked into every aspect of building and running networks and services. It's a mistake to cordon off security as a separate layer in the process, but that's a mistake that's commonly made.
jbtombes 2/15/2016 | 10:04:35 PM
Re: Big leap Do we have a tragedy of the commons in play here, with no one owning the problem? That said, Brian's way of putting it reminds of me of the time when, the day after I declined a door-to-door solicitation for a home security service, I was awakened middle of the night by strange noises at the window.
danielcawrey 2/15/2016 | 5:27:58 PM
Re: Big leap Sadly I think we are going to start seeing a level of malware on apps akin to the old days of Windows. It's not necessarily the OEMs that this is a problem for, its the fact that hackers are targeting mobile platforms with a lot of gusto these days. 
mendyk 2/12/2016 | 5:26:18 PM
Re: Big leap Yes, and the levels of security are different -- as in there's security at the physical level, the network level, the app level, the end-user-device level.
inkstainedwretch 2/12/2016 | 5:20:19 PM
Re: Big leap If Allot (and no doubt its competitors) is saying that service providers can offer security-as-a-service, the tools have to be there.
mendyk 2/12/2016 | 4:39:18 PM
Re: Big leap Yes -- because, well, there isn't enough outrage in the world right now. But how is a network operator capable of mitigating security problems caused by a crappily designed app?
inkstainedwretch 2/12/2016 | 4:33:04 PM
Re: Big leap The point is that nobody capable of mitigating security problems is responsible for security problems. That's an outrage.
mendyk 2/12/2016 | 4:08:14 PM
Big leap To say that network operators are not providing security is not accurate. Their security efforts are focused on maintaining the integrity of the network, which is as it should be. The idea that network operators are responsible for security problems in the apps that run over their networks is strange -- unless I'm missing something.
Sign In