Monday, 6 September 2010

How Secure is Our Information in a Ubiquitous Communication World?

Security has traditionally been a fixed Network discussion due to the historical limitations of what Mobile networks were able to do and more importantly what Mobile devices could actually understand.

Over the past 5 years all of this has changed with a number of key developments:

o The evolution of the Handset into a Smartphone – in some aspects doing more than what a Desktop can do today!
o The rapid technology development in Mobile, starting with the introduction of 3G, Mobile Broadband and now WIMAX and LTE
o The increasingly blurring of the boundaries between Fixed and mobile networks as perceived by the end user.

Security has become a Holistic communications concern; various forms of communication which were previously only possibly behind a desktop are now possible on almost any device than can connect into the meshed communications environment today. Whether for Fixed or Mobile Networks, Subscribers and Network Operator Security all share a growing unease as to how Secure our information/content is in this new world.

The implications that traffic of any kind can now be seamlessly routed between Fixed and Mobile Networks raises the concern on how do we manage this increased complexity? Historically a firewall or spam filter on your desktop would have solved most of your security fears, of course this was before our Mobile Phones became a critical aspect of our working and social lives with all of the tools and communication mechanisms to go with it. – Think about it how much of your email do you now send via a mobile device compared to 5 years ago? Did you ever think you would be updating your friends on forums through your mobile device or even using your mobile as a mechanism for paying bills, buying movie tickets or even network gaming! We used to think that our Mobile device was anonymous and only when we made mobile calls would anyone see our caller id, however the applications we are now accessing or the services we are now subscribing to online are doing so under the same principles as your home PC, that is connecting through the internet. Once we connect to the internet we are establishing an electronic identity that can be tracked to us as a user whether fixed or mobile, in doing so our existence in the use of these applications, services or even social network forums is not as anonymous as we might like to believe.

Mobile Networks add challenges as unlike fixed networks they are – as the name suggests – “mobile”, how do you protect your network and equally important your subscribers from all of the threats that have now evolved from the fixed network into the mobile space

o SPAM

o Fraud

o Remote Accessing Mobile Devices

o Content Filtering

o Terrorism

o National Security

o Adultery

The growing demands of Personalization by end users have increased the complexity in service management as well as the enormous diversity of content they areaccessing through their mobile device. The Openness to which ends users are willing to share their personal information – in many cases unknowingly is only adding to the growing concern that many advisers in the Security field have been raising with Network Providers and Operators around the world.

Governments, Regulators, Operators and Vendors all need to take collective responsibility for improving security requirements / solutions that will capture all aspects of communication and their associated platforms. It is no longer sufficient to consider that a Firewall, or a Filter on SMS will suffice to address the various security concerns mentioned earlier. The Industry MUST look at security wholisitically, how do we provide Security from the network to the content being accessed or downloaded to the protection of the end user – particularly the younger generation (Mobile Phones are increasingly common place in the hands of 8-10 year olds!) who are not likely to be aware of the risks that may confront them through their use of the mobile phone.

This not meant to be a doom and gloom message though, there is good news in a lot of these developments. The fact that networks are becoming increasingly blurred, the fact that applications and services that end users are accesing from both fixed and mobile networks are increasingly the same and finally the trend of all communications to an IP base provide a common framework from which to work from. The Industry needs to look at how we can address these common elements. Therefore knowing that the convergence of platforms, content and device capability we need to ask the question of How?

o How do we protect the end user with personal security irrelevant of the device they use to share, download or communicate information?

o How do we ensure Networks are secure from attack through flooding, remote control, and fraud?

o How do we ensure National security both in terms of terrorism and protecting national interests? (this could in fact be considered equally important for Corporations concerned with corporate espionage!)

I can imagine you are expecting to find the answer at the end of this article, there is no one answer to addressing security, as every requirement is unique, however this article does seek to provide you with a series of suggested guidelines that should be considered in establishing a security framework that addresses the above.

1.) Awareness – this is the most important aspect of any Security Strategy, by improving awareness of employees within an operator as to the critical role the network has in protecting its subscribers and also itself is a great start to driving improvements in all functions from Procurement, to Product Mgt through to Customer Service & Support. Improving awareness of end users with regards to actions they can take in ensuring greater self security and what they should do should they identify a security concern.

2.) Policy Management – It is important to capture the security requirements across all communication platforms to drive a set of standards making it easier to manage and providing assurances to subscribers that they can continue to realize the benefits that personalization brings without worrying which communication tools is more secure than another. Mobile Operators today will find this an even greater challenge given the multiple platforms they are now looking at managing – SMSC, MMSC, Mobile Broadband (on 3G, Wimax and soon LTE)and Wi-Fi, although the access mechanism is different the communication tools and content that is being shared is increasingly similar.

3.) Supply Chain – Ensure that All vendors Partners and even subscribers not only understand the policies being enforced to ensure Secure platforms and Services but also the expectations on those vendors, partners and subscribers on the expectations you have on them in maintaining that Security framework.

4.) Managing Change – Security needs to be a Dynamic element within any Operator (fixed or Mobile), it is not sufficient to simply run a program within a business and maintain, security threats, user behaviours, technology ALL continue to evolve and increase in complexity, it is therefore crucial to continue to look forward.

5.) Sharing Best Practices – Too many Operators feel it is critical not share the security concerns with other operators, this can actually create greater risks if they are not aware of Security threats that have been addressed by some operators but are not yet on the radar of others.

This article is not meant to dissuade operators and subscribers from continuing to maximize the benefits that these development s in the mobile communication space are providing, but more importantly to provide insight as to how we can continue to evolve our communication and content sharing tools and platforms but with an increased degree of awareness and security that Ubiquitous Communications demands.

No comments: