The Big Switch and Mobile Security

Written by

The Big Switch is a book by Nicholas Carr, first published in 2008, that – while making many arguments about the social and moral implications of the modern digital world - drew a strong comparison between cloud computing and the electricity grid.

Before the arrival of grids, factories, farms and even some households had their own electricity generators. Each generator owner paid for their own upkeep, maintenance and fuel, and were responsible for their own power supply – and therefore carried 100% of their own risk.

Clearly, this was in many ways inefficient, insecure and unreliable. And so, electricity grids were created. These broke the siloes of access and served local areas, towns and eventually countries. Costs were shared and maintenance and supply were centralized and everyone benefited from better and greater resources being available to all.

The parallel with enterprise cloud computing is of course that rather than each company having its own servers and infrastructure, plugging into the cloud led to massive cost efficiencies, access to resources that were previously unaffordable and therefore enterprise-wide performance improvements.

But this ‘centralize for efficiency’ logic has been forgotten in mobile security, and enterprises are suffering.

Today’s mobile security is typically reactive and provided locally on device. Threats are dealt with by each enterprise independently – or not – and then combatted individually. But this is inefficient and more importantly, insecure. In many cases, the detection will be too little, too late.

The mobile security grid – stronger together

The logic of centralization needs to be applied to mobile security. One enterprise acting alone, investing in its own tools and looking for threats on only its own mobile data stream is at an increased risk. Many enterprises acting together, jointly analyzing a combined data set, means that more data can be assessed, the more patterns identified and the more threats detected – and faster.

Just as with electricity grids, providing centrally-generated power to whole communities, or water being purified before even being piped to households, mobile data security relies on centralized analysis.

If an enterprise joins this centralized ‘mobile security grid’, it benefits from being alerted to threats identified in another’s mobile data stream and knowing to proactively implement protection measures, even though the threat has not yet reached their data.

For example, enterprise A may identify that a particular app is leaking employees’ data to a malware site, but because it has been spotted in one data stream, enterprises B, C and D are able to put in place policies that prevent the use of this app on corporate devices.

Clearly, this approach of centralized security requires as much traffic as possible, which means as many organizations’ data streams simultaneously joining together whilst also being kept reassuringly siloed. This requires a common ‘grid owner’ who can pull the data streams together without jeopardizing their independence and analyze the data for new threats, patterns, and suspicious behavior.

Unfortunately humans are not capable of identifying patterns quickly enough and the patterns that they do recognize are limited. Similarly, nor are linear algorithms sufficient to investigate beyond their pre-programmed routes. In contrast, machine learning techniques identify correlations and anomalies in data that simply would not occur to humans, or deterministic algorithms.

Stronger Together

Machine learning does exactly as its name describes – it learns. The machine adapts to new anomalies in the data stream, new apps’ activities, and to new threats, ensuring continuous mobile security. But the machine only learns if it is exposed to as much data as possible. The ability for threats to be identified quickly enough, both now and in the future, relies on a huge data set being made available for centralized analysis.

A true cloud intelligence relies on billions of daily mobile data inputs collected from different sources and analyzed in real time. This would ideally entail non-signature detection techniques and automated machine-learning to dynamically generate fine-grained heuristic parameters that build up a detailed view of each mobile data request and the associated security risk. Your cloud mobile security provider should be inspecting the content, studying the apps making each request, and maintaining a reputation for each app. The formula for real-time threat prevention is simple: when you can analyze more data, you intelligently prevent more threats.

CISOs cannot be realistically expected to keep up to date on all new innovations in security, and the even greater innovation that occurs in threat development. They need to rely on a mobile security provider that has the ‘finger on the pulse’ or more accurately the ‘scanners in the cloud’.

Equally, a single enterprise cannot maintain and deploy multiple scanning engines. It costs too much; it doesn’t work technically; it is highly inefficient; and it does not represent incremental value for money with each additional scanning engine investment. However with a centralized grid system of mobile security, everyone involved benefits from joint resources that simply would not be affordable by an individual enterprise.

Enterprises need to adopt a centralized approach, just as with utilities. We really are stronger together, and that includes with the support of the machines.

What’s hot on Infosecurity Magazine?