The pervasive nature of the mobile world has made it difficult to successfully curb security threats on smartphones and other mobile devices offering internet access, says Alain Rollier, founder of AXSionics.
In an interview with Biz-News.com this week, Rollier gave a detailed account of how security threat on mobile devices was shifting from the traditional devices that offer Internet Access.
“Mobile phones become or in many cases are already as powerful as any other Internet Access device, therefore the known security issues on the PC and Laptops will appear on mobile.
“So all the problems of laptop/pc world are heading the way of the smartphone, plus a few more as a direct result of the pervasive nature of the mobile world,” he said.
The security expert dispelled myths that certain operating systems were more secure than others. He said the crux of the matter was the operating environment more than anything else.
Rollier said his company has developed solutions that work on all operating systems as well as networks.
“I don’t think it’s really a question of only the operating system. I think the more important question is the operating environment. We have developed a solution that does not rely on the security of the operating system or the network or the access devices and still delivers complete security for transactions and identity management, Rollier explained
Biggest threat to security on a smart phone
Security issues around the smartphone are crucial because the device already accounts for 25 percent of the cellphone market. Given their current growth rate and the number of new devices, smartphones will account for an increasing share of the overall market with some sectors predicting as much as 40 percent over the next five years. This would be at a minimum 400 million devices per year.
Rollier is of the opinion that security threats to smartphones are similar to those found on PCs or Laptops, but acknowledges that the use of many interfaces will be problematic on security.
“Smart phones have all the issues around security that a pc or laptop has, plus a couple more which come from the additional interfaces like SMS and SIM cards. By nature, having a lot of interfaces is not helping to secure devices; one challenge is to have two independent channels on the same device – internet browser and communication. I think a shift in thinking is required,” he said
Rollier said all devices including the smartphone would be impossible to fully guarantee security but noted that emphasis must be on ensuring secure identities and transactions.
“The smartphone, laptop or pc will always be impossible to fully secure. The question we have to answer is ‘how do we make sure that identities and transactions are always secure when this is the case?’
“This is what has driven our thinking at AXSionics, and we have developed a solution that provides this security regardless of how unsecured all the elements in the chain are,” he said.
Enterprise security policies on mobile devices
Biz-News.com enquired from Rollier if it was possible for companies to implement security polices on smartphones as much as they did on desktop computers.
The security expert was quick to point out that some firms had already implemented policies to that effect but acknowledged that due to the nature of the mobile world it would always be a challenge for these to be a success.
“Some companies also implement PKI type solutions which can, in very controlled environments, help. However, in the pervasive word of mobile communications, these solutions are not sufficiently scalable and hence cannot be successful.
“Allowing companies to implement their current enterprise security policies on mobile devices will not solve the problem,” he said.
On data theft, he explained that companies and individuals must be wary of data that was not on the smartphone but could be accessed by the device.
Rollier pointed out that enterprise data, e-Banking, commerce transactions, identity data and username/password combinations that are available and that can be accessed and used by cyber criminals should be of concern to everyone.
“I think a mobile security product is one part of the answer but we must stop thinking of these devices as anything more than a pc or laptop, only much more pervasive and much more vulnerable,” he said.
Affordable and accessible security solutions
On the question of availability and how companies and individuals can afford security solutions, the founder of AXSionics said their solution worked effectively on both secure and insecure operating systems on smartphones.
“We provide solutions that work regardless how secure or insecure the operating system of the smart phone is. We use the smart phone and the internet connection only to transport encrypted information from the service provider to the AXSionics Internet Passport. It’s very secure, doesn’t drive usage costs and is very convenient for the user,” he said.
AXSionics has in recent past won several awards for its innovation, concept and design. These included the Red Dot Design Award, the Red Herring Hot 100 Europe Award and the European Innovation Award in Identity Management.
Rollier said despite the product being new, it was currently in use in a number of high security areas including defence and in volume use in retail banking. It has many innovations built in to ensure it is scalable, easy to use and convenient.