NEW YORK -- Mobile Network Security Strategies -- Call it variations on a theme. Ericsson vice president and head of the cloud software product line Jason Hoffman repeated an argument today made by data security experts throughout Light Reading's mobile security conference: A perimeter-centric security model is no longer sufficient in an era of mobile and cloud-based technologies. (See also AT&T Adds Virtual Layer of Security.)
In fact, Hoffman stated, the industry needs to adopt a posture where everyone is classified an insider (meaning there's an assumption that everyone has system access), and every system is defined as compromised. Instead of trying to secure the entire system, companies should instead work to secure the important data within it.
There are several components to a data-centric security solution, but one that Hoffman highlighted is the need for cryptographically provable integrity around things such as identity and file or application authenticity. He even cited the Bitcoin approach, with its distributed encryption technology, as a good strategy to emulate if "you throw away the actual currency part of it."
The modern computing environment hasn't shifted entirely yet, but as Hoffman pointed out, it won't be long before our data systems are all massively distributed, and there are substantially more connected devices than humans.
Hoffman made the analogy that data centers are becoming the 21st century equivalent of factories, and that in the cycle of industrialization, data systems are progressing through five steps: standardize, combine, abstract, automate and govern. Unfortunately from a security standpoint, at the heart of the third step -- abstraction -- is programmability. Programmability inherently requires accessibility, and that means that systems are growing more vulnerable.
Going back to the idea of a security perimeter, companies are now, through abstraction, blurring every aspect of what was once a fixed boundary.
— Mari Silbey, special to Light Reading