View
213
Download
0
Category
Preview:
Citation preview
Should We Believe the Hype?
Stephen FastLead, Cyber Innovation Strategy
Cyber Innovation DivisionApplied Research Laboratory
The Pennsylvania State Universitysaf8@psu.edu
Backdrop
• Much discussion and hype– Real danger or paranoia– Follow the money
• Vulnerability in antivirus software• “Worry-free experience”: Director of Cyber
Security Technology and Initiatives, Intel Corporation
• The customer is always right
PC trends
• Capability ↗• Complexity ↗• Vulnerability ↗• Attacks ↗• HW costs ↗• Exploits ↘?• PCs have become more complex, more costly,
expensive with unimproved security→ opportunity for mobile devices
Trends
• Smart phones outsold PCs beginning in Q4 2010
• Smart phones, tablets, mobile devices + cloud = more utility and advantage for most customer applications
• Strong brand loyalty (84% Apple, 60% Android)
• Battery longevity #1 customer complaint
Can the promise be fulfilled?
• Consumers prefer convenience over security– 32% believe smartphone is secure, 21% believe
secure enough to make a purchase• Mobile device attacks increasing• Publicity war about threat• Are we going to make the same mistake we
made for PCs for mobile?
Stakeholders
• Consumers– 38% use mobile for payments, 18% for banking– Fast adoption of mobile credit card readers (1000%
growth)– Low adoption of security protection adoption for mobile
devices– Pervasive belief mobile devices are more secure than PCs
• Lacking awareness• Low personal experience (except marketing)
– $0 liability protection for credit cards
Stakeholders
• Banks– $0 liability protection for credit cards → its really the credit
card companies and vendors problem– Financial loss and liability
• Business– Mostly driven by sensitive data leaks and business IP concerns– Primary drivers
• Early adopters of BYOD driven by productivity gains and competitiveness
• Others will segregate, control or deny devices• Competition will decide
Reasons for pessimism
• Financial incentives for carriers (managers of the devices) – Short duration support– Infrequent updates– Renew every two
• Limited resources– Battery– Bandwidth
• May drive knowledgeable consumers to jailbreak devices– Large malware exploit concern
• Some researchers believe mobile device security is significantly behind PC
Reasons for Optimism
• Devices built with understanding of previous security issues
• Wide adoption for IT cost savings• Productivity promise for adopters of BYOD• Financial sector to meet consumer and
business demand• Stabilization of iOS and Android OS• Growing awareness
Conclusions
• Unclear whether security within technological reach– If so, it requires serious commitment
• Align incentives• Identify market proponents willing to invest
– Vested interest in outcome– Compelling business case– Proponent may not b e obvious
Recommended