& cplSiteName &

Security-as-a-Service = Protection Racket

Brian Santo
2/12/2016
100%
0%

If you use a smartphone, you are your own security risk. Apps are increasingly being used as vehicles for malware, especially productivity apps, which means that businesspeople using their phones for work are engaging in the riskiest behaviors. (See Report: Apps Undermine Mobile Net Security.)

Read that again. If that doesn't make your blood boil, think about it this way: App developers are apparently not responsible for making their apps more secure. You'd think that mobile network operators might be responsible for making their networks more secure, but they're not.

If you use mobile apps and you get infected by malware, it's entirely your fault for using the mobile apps that app developers and mobile network operators are doing everything they can to make you want -- nay, need to use if you're a businessperson.

Trying to get app developers to do something about that? Not even discussed by Allot Ltd. (Nasdaq: ALLT), which analyzed the data (with Kaspersky Lab ), identified and evaluated the risks and published its findings in a recent report.

So shouldn't the mobile network operators make their networks more secure? Shouldn't they be secure already?

After all, it's been common knowledge for decades that malware can be spread through executables. And yet years after mobile carriers began offering broadband, Allot tells us, their networks still lack basic security measures to protect data users.

And why should network operators offer basic security measures to protect data users?

If security was the network operators' problem, they'd have to provide it, and hardly anybody is trying to make them provide it, Allot notes. Therefore it must not be their responsibility.

So who does that leave?

You. Apparently because you're fool enough to think that app developers might write their apps in such a manner that they're more secure, or that the mobile network operators might have some basic -- basic! -- security measures in place.


Want to know more about protecting mobile networks? Check out our mobile security channel here on Light Reading.


The industry built the equipment, wrote the software, devised the networks and invited people to use them. And because all of the constituencies in the electronics industry -- chip makers, OEMs, software developers, network architects -- can't be bothered to coordinate with each other to make the whole system safe, it must somehow be the users' fault? Companies have rushed to make life convenient for customers and subscribers and users of their products and services, and then they blame users for not employing security measures that tend to be inconvenient, impractical and all too often inadequate?

This is one of the most irritating arguments ever made by the electronics industry.

Allot sells security technology and services. And since their customers aren't buying, they've tried to give them a viable reason to start. You can't blame Allot for suggesting its customers and potential customers could make money from offering security-as-a-service.

Because "security-as-a-service" sounds so much better than "replacing an irresponsible business model" or "protection racket."

— Brian Santo, Senior Editor, Components, T&M, Light Reading

(10)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
mendyk
50%
50%
mendyk,
User Rank: Light Sabre
2/17/2016 | 1:00:34 PM
Re: Big leap
Exactly -- shared responsibility works better than the "it's somebody else's problem" approach.
jbtombes
50%
50%
jbtombes,
User Rank: Light Sabre
2/17/2016 | 12:58:36 PM
Re: Big leap
Insofar as it's a 'yuge' problem, it might be useful to bake in ownership among all stakeholders, in a sort of 'triadic' way, where if one approach to security fails you still have two others...
mendyk
50%
50%
mendyk,
User Rank: Light Sabre
2/16/2016 | 9:16:06 AM
Re: Big leap
JB -- That's a YUGE issue with security -- it's somebody else's problem to deal with. The reality is that responsibility for security has to be baked into every aspect of building and running networks and services. It's a mistake to cordon off security as a separate layer in the process, but that's a mistake that's commonly made.
jbtombes
50%
50%
jbtombes,
User Rank: Light Sabre
2/15/2016 | 10:04:35 PM
Re: Big leap
Do we have a tragedy of the commons in play here, with no one owning the problem? That said, Brian's way of putting it reminds of me of the time when, the day after I declined a door-to-door solicitation for a home security service, I was awakened middle of the night by strange noises at the window.
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
2/15/2016 | 5:27:58 PM
Re: Big leap
Sadly I think we are going to start seeing a level of malware on apps akin to the old days of Windows. It's not necessarily the OEMs that this is a problem for, its the fact that hackers are targeting mobile platforms with a lot of gusto these days. 
mendyk
50%
50%
mendyk,
User Rank: Light Sabre
2/12/2016 | 5:26:18 PM
Re: Big leap
Yes, and the levels of security are different -- as in there's security at the physical level, the network level, the app level, the end-user-device level.
inkstainedwretch
50%
50%
inkstainedwretch,
User Rank: Light Sabre
2/12/2016 | 5:20:19 PM
Re: Big leap
If Allot (and no doubt its competitors) is saying that service providers can offer security-as-a-service, the tools have to be there.
mendyk
50%
50%
mendyk,
User Rank: Light Sabre
2/12/2016 | 4:39:18 PM
Re: Big leap
Yes -- because, well, there isn't enough outrage in the world right now. But how is a network operator capable of mitigating security problems caused by a crappily designed app?
inkstainedwretch
50%
50%
inkstainedwretch,
User Rank: Light Sabre
2/12/2016 | 4:33:04 PM
Re: Big leap
The point is that nobody capable of mitigating security problems is responsible for security problems. That's an outrage.
mendyk
50%
50%
mendyk,
User Rank: Light Sabre
2/12/2016 | 4:08:14 PM
Big leap
To say that network operators are not providing security is not accurate. Their security efforts are focused on maintaining the integrity of the network, which is as it should be. The idea that network operators are responsible for security problems in the apps that run over their networks is strange -- unless I'm missing something.
More Blogs from Brianiac
The test/assurance crowd is missing in action when it comes to testing orchestration software – but whose fault is that?
The next G.fast plugfest will lead into the certification process for commercial products, which some service providers will start deploying shortly thereafter -- in just a few months' time.
Will test and measurement companies get infected with the M&A frenzy we've seen in other sectors?
Should we be worried about artificial intelligence? Maybe. But it sure makes for good reading, viewing and game playing.
You might think Amazon's Unlimited is just another me-too streaming music service. You'd be wrong. If successful, it will be a critical tool to help slice off a fat, juicy chunk of Google's $75 billion ad business.
Featured Video
Flash Poll
Upcoming Live Events
September 17-19, 2019, Dallas, Texas
October 1-2, 2019, New Orleans, Louisiana
October 2-22, 2019, Los Angeles, CA
October 10, 2019, New York, New York
November 5, 2019, London, England
November 7, 2019, London, UK
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
All Upcoming Live Events