Comment: Mobile Security Shapes Up

The question data security managers will ask is: “Is this device managed or not?”
The question data security managers will ask is: “Is this device managed or not?”

There are three vectors for data security managers to address this year with respect to enterprise mobile devices: device and user authentication, data encryption and device health.

The question data security managers will ask is: “Is this device managed or not?”

The reason they will ask is because they must know that the devices accessing the corporate network are “known and trusted” so that they can prove compliance with legal imperatives, as well as knowing the details of how mobile devices use the network. The trail of network use is essential in reporting procedures.

Enterprise network managers are under pressure. They are being asked to allow smartphones and tablets to have the same access to IT networks that corporate laptops have. The business case for this expansion of access is strong; connection to and engagement with corporate network data at any time and in any place means that sales people, senior management and influencers can do a better job.

But the problem is that there is significant confusion about the means by which corporate networks can be secure, compliant and ready to report. There is currently no applied standard for device authentication. Laptops, notebooks, smartphones, tablets – how do corporate network managers ensure security?

The Mobile Trusted Module (MTM) and the Trusted Platform Module (TPM) are a first step. Devices that have the MTM and TPM establish a secure base from which mobile devices can engage with corporate networks. The MTM is a solution to corporate IT management that understands the need to control and monitor networks whose periphery continues to expand, and this expansion is driven by the adoption of mobile devices.

Because every mobile device is different, the logical answer would be to have an accepted standard for device and user authentication, data encryption and device health that is embedded but has no effect on device performance. The MTM (and the TPM) provides this.

If the mobile device is secure and difficult to break at its base, the management of the device becomes less complex. If the core is secure, the device is trusted.

The MTM ensures security because it works at the pre-boot level and monitors at the post-boot level. A mobile device user (and the device being used) who attempts to access a corporate network is checked, authenticated and monitored by network-level software.

The point of MTM adoption is clear. Standardization of embedded mobile device security means that enterprise IT managers would have complete control over which device is known and trusted, track access processes, know data exchange in full, and be confident of reporting capabilities.

Adoption of standards also reduces costs. If every mobile device has the same security process, organizations will realize substantial savings at every stage of the engagement process, from secure initialization to decommissioning.

Choice of management software to enable this evolution of the secure IT network is a matter for the enterprise decision-makers. But they must make a decision this year, because the network that supports their business is now mobile.

Because the device is of itself secure and trusted, the opportunities for commercial exploitation of this are substantial.


Wave Systems is exhibiting at Infosecurity Europe 2012, the No. 1 industry event in Europe held on 24–26 April 2012 at Earl’s Court, London. The event provides an unrivalled free education program, exhibitors showcasing new and emerging technologies, and offers practical and professional expertise. Visit the Infosecurity Europe website for further information.


Since taking the helm as CEO of Wave Systems in 2000, Steven Sprague has played an integral role driving the industry transition to embed stronger, hardware-based security into the PC. He holds executive responsibility for all operations within Wave. During his time as CEO, he has guided Wave to a position of market leadership in enterprise management of self-encrypting hard drives and Trusted Platform Module security chips. As a popular speaker and IT security thought leader, Sprague speaks at dozens of conferences and events each year – educating global audiences about the latest PC hardware security advancements and industry standards (both on behalf of Wave, and in his leadership role with the Trusted Computing Group). His expertise lie in leveraging advancements in hardware security for strong authentication, data protection, advanced password management, enterprise-wide trust management services and more. Sprague earned a BS from Cornell University in 1987.

What’s hot on Infosecurity Magazine?