Summary:

Ahead of our Mobilize event Oct. 16 and 17, we asked experts how 50 billion connected devices and 6 billion people change their industries. In this essay, Bromium’s Simon Crosby takes on enterprise device security.

simoncrosby_formal_22543

Philosopher Sissela Bok writes that “Whatever matters to human beings, trust is the atmosphere in which it thrives.” Our social fabric is woven from the rich fabric of social interactions and trusted relationships.

What does this mean in an increasingly device-centric, mobile, Internet connected world? To put it bluntly, it’s rather scary: Every interaction we have with another person or with an application could put us at risk. Did that email really come from your colleague? Is the attachment a photo, or a virus? Are your Facebook friends who their profiles suggest? Are you being stalked by a Twitter follower?

mobilize-2013-essaySecuring our device-centric world is critical – for our society as a whole. We have never before had so much valuable information online, or been so vulnerable to skillful attackers. Fortunately we have learned some key lessons from the first three decades of computing – the PC era — on how not to proceed.

  • The open architecture of the PC, Windows and a lack of attention to security as a fundamental design requirement has led to the current insecure state of client computing.
  • The “connect easily at all cost” model of internet protocols massively increased our risk of attack, compromise and data loss.
  • The “detect to protect” paradigm of PC security failed miserably in the face of malware that continually changes shape to evade detection.

Increasingly we hear that we are in the “post-PC era”, but that does not mean that the PC is dead. On the contrary, PCs, Macs and ultrabooks will remain the primary device form factor for productive users. But the system architecture of devices, the device vendor ecosystem and legacy enterprise IT management practices built around traditional PCs are dead or dying. Courtesy of new device form factors, new vendor business models, and the evolution of OS and hardware technology, we have entered a new phase of endpoint device maturity that heralds a more cost-effective, secure and productive approach to end-user empowerment.

All hail the modern OS

Lock on computer chip / privacy / internet privacy / security / safety

There are several factors at work here. First, modern operating systems (including Windows 8, Mac OS-X, iOS and Android) are much more secure than legacy Windows XP/7 dominated IT desktops. Windows 8 is over 20 times more secure than XP; OS-X and iOS have excellent reputations for security, and the Linux kernel in Android has benefited from years of community oversight. All of them certainly have many remaining vulnerabilities – like all code – but they are vastly better than legacy versions of Windows from the 80s and 90s that were designed to be as open and feature-rich as possible without regard for security – maximizing the number of applications (and hence malware) that could run on them.

Second, the consumer and device-centric model of today delivers the OS and device as an inseparable unit so the OS is patched and updated by the device vendor. There is no need for enterprise IT to maintain its own OS images or manually patch devices. Moreover, these new devices can use new hardware features to help them protect themselves “in the wild” on untrusted networks, in the hands of gullible users.

Hardware security can make a device tens of thousands of times more secure than today’s PCs. For example, use of a Trusted Platform Module (TPM) (required by Windows 8) allows a device to securely attest to its own integrity when it powers on. In addition, CPU features for hardware isolation can allow the system to securely hardware-isolate the execution of untrusted code. The use of strong encryption for all data at rest means that a lost device need not result in a loss to the enterprise. Continuous cloud-based backup will save the data, and the lost device can easily be “bricked” if it ever connects to a network.

Third, app architectures, development tools and distribution models have changed. Instead of traditional thick client applications whose installation causes changes that pervade the OS, today’s apps are lighter-weight, graphically rich yet computationally less intensive renderers of predominantly cloud-hosted web applications. Moreover, apps are only given access to their own data and not to the whole OS file system, and are comprehensively sandboxed from the OS.

google-play-storeFourth, app distribution has consolidated, allowing us to build trust into the supply chain. Consumer apps are delivered from the device or OS vendor’s app store. The app developer registers with the app store and signs their apps before distribution. The app can be (superficially) checked as being consistent with secure design principles, before being signed by the app store. And devices can be restricted to running only signed applications from approved stores. A more reliable supply chain greatly improves security.

Finally, the enterprise management model for such devices is radically different from the PC-centric approach. The enterprise can host its own app store with signed enterprise-approved applications that are made available to users based on their roles and rights. Both enterprise apps and their data are managed using enterprise mobility management tools that leverage standardized protocols, offering granular policy based control for compliance.

What about the vendor ecosystem in a mobile world?

Tablet lunch sushi BYOD enterprise businesswoman
Massive changes loom for the enterprise vendor ecosystem: Traditional end point security products are excluded because mobile OSes eliminate the opportunity for third-party software to access critical OS data structures and services. Vendors can add value by delivering apps or competing in the crowded enterprise mobility management (EMM) tool-chain, where standardized management protocols will lead to commoditization. Most EMM vendors will not survive, and most of the features of today’s offerings will be subsumed into mobile OSes and device vendor management systems. Expect “the majors” (Microsoft, Apple, Google, Samsung) to offer free EMM services to strengthen their enterprise credentials, undercutting the market opportunity for 3rd parties.

The shift to the post-PC era will dramatically transform enterprise IT work practice, simplifying app rollout and addressing issues with app/OS compatibility. Those enterprise mobility management tools will help to achieve compliance, but they won’t eliminate the threat of compromise. Device and mobile OS vendors will continue to innovate to make their platforms more secure “by design,” using hardware isolation structures on the CPU and memory to block malware from compromising the OS at run time.

But the biggest opportunity of the post-PC era is user empowerment. Courtesy of a dramatically more secure supply chain and device architecture we will be able to securely empower users to roam freely on untrusted networks, and to be productive at the same time – seamlessly switching between work and play, without a need to forgo the innovative power of the web. We can get back to IT’s real role: user productivity and enablement, while more easily meeting regulatory requirements, and worrying a lot less about security. Adoption of more secure devices that are easier to manage will reduce the total cost of ownership of client computing and prevent data loss.

The future of IT infrastructure is clear: Applications will be cloud hosted (private, SaaS and IaaS based), and mobile clients will roam widely on untrusted networks. Devices will be consumer centric, more secure and manageable by design, and users will have freedom to install apps of value to them, without endangering the enterprise. They will be more productive because better security leads to empowerment. This is the Post-PC Era.

Simon Crosby is CTO of Bromium. This essay is part of a package for our Mobilize conference Oct 16th and 17th in San Francisco.

Comments have been disabled for this post