A year ago, Target was in the midst of being pwned by cyber criminals that turned the season into anything but a Merry Christmas. The retailer ultimately discovered that more than 70 million customers had their credit card information stolen by an exploit that cost the company upwards of $400 million and the CEO his job. The year since has been filled with cyber-breach-of-the-week headlines (we’re looking at you, JP Morgan and Home Depot) to the point of giving the general public hack fatigue. Yet with people reliant on smartphones for more than just Facebook updates. Executives are increasingly leaving the laptop at home and working strictly off mobile devices.
I profiled an EMC exec in an earlier column and the Wall Street Journal has recently picked up on the trend with this article about the post-PC CEO. Consumers are also part of the mobile-first trend as we’ll see in this year’s shopping season when a third of us will use a smartphone and/or tablet to shop for gifts. Mobile security is no longer as aspirational goal. But as I detail in this column, it’s also no longer an oxymoron as a host of startups, along with some of the big security vendors, build new technologies and products that significantly reduce the risk of replacing a trip to the mall with a smartphone.
While consumers and employees may be tuning out the exploit overload, cyber security has IT professionals in a state of high anxiety. When asked about project priorities, IT pros put security at or near the top of the list. An InformationWeek survey of IT executives found 88% have security initiatives and major implementation projects planned for the next year or two. Although enterprise-wide security is top-of-mind, dealing with mobile app security issues is a close second, and it’s no longer optional. In the same InformationWeek survey, 80% of respondents say they plan to build mobile apps, while 58% are deploying tablets.
As the full column points out, Silicon Valley VCs have noticed and see a huge business opportunity. Last summer, Lookout, a developer of one of the first consumer-oriented smartphone security apps, landed $150 million to fund expansion into the enterprise market. This comes on top of earlier funding rounds from a who’s who of Silicon Valley VCs totaling $130 million. Other startups like Bluebox Security, Nok Nok Labs and Wickr have raised tens of millions in venture funding this year alone. Money like that clearly shows that security is a critical piece of the mobile ecosystem and economy.
Mobile security innovation is happening on several fronts. The key technology categories are:
- strong authentication and password management
- application sandboxing (also called application containerization): keeping business data safe from rogue applications employees might download on personal devices by controlling the code execution environment and interaction with the rest of the system
- secure, encrypted, time-limited messaging, aka Snapchat for business: a place to exchange sensitive information without risking that the messages live in perpetuity
As I point out in the column, a password vault is a great starting point for reducing your overall threat profile on both mobile devices and PCs. For mobile users password vaults mean never having to remember (and trying to type) a long, random password. Apps like 1Password, Dashlane and LastPass can either automatically populate login screens or be used to copy/paste into the password field. Some even support Apple’s Touch ID, meaning opening the password vault is just a thumbprint away.
There are several interesting password alternatives under development that I will be discussing in the coming months, but given the inertia involved in changing security procedures at millions of sites with billions of users, passwords will continue to be a part of our online existence for quite a while. Until that day of password-free bliss arrives, a password vault should be part of everyone’s mobile tool chest.