A new vision of security for the device tsunami

In order for this new scenario to work, manufacturers of devices must share their APIs with security vendors so such cloud security agents can be developed and installed. While the current mobile platforms and devices are closed, in response to mounting security challenges, we believe that the natural force of evolution will push vendors of such devices to open up their platforms further in order to provide a broader range of applications. This must happen so we can bring scalable security to this new mobile world and block the kinds of attacks that are used every day to steal peoples' bank account information, corporate secrets and email – as underscored by recent intrusions at The New York Times, Wall Street Journal and even sensitive energy and critical infrastructure operations in the U.S. and elsewhere.

The security challenge is becoming more acute as computing activities continue the shift to mobile and remote devices that access an increasing amount of sensitive and vital information about our lives. It's bad enough that malware can jump to a corporate network via an employee's smartphone, but what if malicious code were injected into a personal heart monitoring device and changed its settings? The consequences are scary, needless to say.

What we are discussing here is just around the corner, so we need to prepare the security solutions now and get mobile platform makers – including Google, Apple and Microsoft – on board to come up with these standards for the future of security.

In the meantime, IT administrators could be doing much more with existing software and hardware to batten down the hatches. Many organizations are at risk and becoming victims because they aren't taking basic precautions to secure their networks. The most recent Verizon Business computer security report shows that 97 percent of data breaches could have been avoided if IT administrators had just taken some simple security measures. The SANS Institute has developed some guidelines that can solve this problem, and SANS Director John Pescatore will discuss them during our keynote together later at the RSA Conference.

We may already feel like we are awash in mobile phones, laptops, connected appliances, smart grid sensors and myriad other devices, but the real tsunami has yet to hit. Industry projections put the number of internet-connected devices at 24 billion to 50 billion by 2020. Five years ago, when the first iPhone came out, IT administrators refused to let people use them on the corporate network. But that was, in retrospect, futile and a BYOD ecosystem was born. Single platform solutions for mobile security will need to go the way of traditional enterprise IT solutions that proved costly and failed to scale. We need to take advantage of what cloud architecture has to offer, put effective security in place on devices, and get the different mobile platforms to coalesce around a smart strategy. It's a huge challenge, but I am confident we will rise to this challenge.