SPOTLIGHT Biometrics, cloudy passwords and the ongoing Android versus Apple debate with Marcus Chambers, vice president and general manager for EMEA at Good Technology.
Last month's launch of iOS 7 and the iPhone 5's raised a lot of questions for the mobile security industry. Will biometrics catch on? Are cloud-stored passwords really secure? And, of course, the eternal debate rolls on; which is more secure, Apple or Android?
Biometrics the next big? So many factors need to be in place for a technology to catch on. Context is everything. How usable is it? Do consumers want it? How much does it cost? The past year has seen an explosion in awareness of privacy and security issues by everyday end users. With this in mind, it's likely that now is the right time for Apple to bring out biometric capabilities. From the industry perspective, having a well implemented, widely deployed, integrated biometric sensor (Touch ID) in the new iPhone 5's is a great security addition. Adding in additional layers of authentication to an app could be of potential interest for a number of use cases. It will also be interesting to see how developers can take advantage of Touch ID. Yet while Touch ID is a timely and welcome innovation, it shouldn't be considered a security cure-all. This is especially true in the context of BYOD, where devices are likely to have multiple fingerprints registered to the device.Controlling accessible dataBiometrics control access, which is important, but controlling data that can be accessed is even more essential. If you allow a user free reign once they gain access to the device, your security policy is flawed. Imagine a husband having fingerprint access to his wife's personal iPad that she also uses for business. We wouldn't want the husband to have inappropriate access to enterprise apps and data, but at the same time what right does a company have to limit use of a personal device at home? For this reason, enterprises will still demand authentication to be separate from that of the device.
Biometrics does offer a way to crystallise one of the big challenges facing the mobile industry; identity management. It's a more nuanced task, as the balance needs to be struck between what information is reasonable to enter and requiring something unique or that only the genuine person will know. Biometrics could be it.
Passwords in the cloudA huge haul of passwords is a challenge for pretty much anyone who uses a computer these days. We know we need strong, unique passwords but keeping track of them is difficult. Apple is now offering a service that will store passwords and credit card details. The information can then be auto-filled when signing into a website or making a purchase. A great idea, but users need to be wary of what information is stored and ready for auto-fill. In this regard it's not too different from many other services out there, but being incorporated into iCloud it's likely to get significantly more use. The simplest way to think about it is that our lives require different containers. Am I comfortable having my Facebook or Twitter password saved on iCloud ready for auto-fill? Probably. Am I comfortable having passwords for a banking app or an app that contains sensitive corporate data? Not on your life.Securing Apple and AndroidThere are differences between platforms when it comes to security. One difficulty stems from the vast number of different flavours of Android. Estimates put the number of Android phone models at about 4,000. That stands against just six iPhones and an assortment of Windows phones. There are other technical ways that the different operating systems can be hardened, but trying to secure the whole device or operating system is really a backward approach. Ultimately there are specific pockets of data that need protecting and the focus should be on those areas. The best way to tackle secure mobility is to essentially ignore the operating system and take a containerised approach that looks at securing specific apps or programmes and, most importantly, the data within, rather than the whole device. This allows IT teams to worry less about which device an employee is using and focus on protecting the asset that is most important to the company, the information. While offering personal privacy to end users it also removes concerns about which device enterprise employees are using. As long as the managed container is secure, the device or operating system is of no real consequence.Where to?Security technology delivers endless innovations, but seeing something as cool and sci-fi as a thumbprint access for a mobile phone can make it easy to forget what the focus should be. Regardless of the innovation, ultimately it's just another tool to find new ways to secure information, and protect our privacy.
Good Technology is transforming how mobile work gets done, through secure app-to-app workflows that include integrated email, communications, document management, business intelligence, social business, wireless printing, and more.