Mobile device protection
If there is anything that characterizes today's computing environment – beyond virtualization and the techniques that has fostered – it is the pervasiveness of mobile devices. These units, from smartphones to tablets, have introduced to the enterprise a whole batch of new intrusion – and extrusion – vectors.
The challenges include new and very different operating environments, as well as the pervasive nature of mobile applications. Many of these are not vetted for malware, backdoors and just plain bad programming. There are limited protection tools for many of these environments and, probably worse, sometimes there is no way to know who is on the network. Moving between Wi-Fi and the wireless telecom network provides opportunities to exfiltrate data from one network onto another without authorization.
Demand for mobile devices within the organization is reaching epic proportions, often precluding proper policy development, testing and configuration of gateways. With all of that in mind, solutions to these challenges become a major challenge in itself. Managing everything from policy to enforcement poses huge challenges by itself. These are the types of challenges that require creative solutions, and they require those solutions quickly. It takes both experience and innovation to step up to the emergence of a new and very disruptive technology.
Returning for the moment to the subject of disruptive technology, this year our interviews have uncovered the interesting premise that addressing a disruptive technology, such as the explosion of mobile device use in all quarters, requires an equally disruptive technological solution, along with the creative business and go-to-market approaches to monetize it.
This year's Innovator is all of those things: experience, creativity, vision and a solid business approach. Taking the framework for security in the mobile environment, adding the dimension of compliance and considering the technological issues all play important roles in successfully addressing smartphones and tablets.
Mobile Active Defense (M.A.D.)
Here's a radical concept: Treat all of the mobile devices on the network as if they were computers. If one does, and secures them the way one secures computers, there will be no mobile device problems. Unfortunately, that is not quite as easy as it sounds. If it were true, there would be a lot of M.A.D. companies around. There aren't because it isn't.
The principals at Mobile Active Defense (M.A.D.) met while working at a consulting company. In 2008/09, they started looking at how to hack smartphones and, thus, how to protect them. Subsequently, the important issue is the app store and that increases the threat significantly. In early 2010, M.A.D. started developing its MECS (Mobile Enterprise Compliance and Security) Server Solution and launched the offering later that year.
Taking a certificate-based authentication approach, filtering everything through the MECS server and developing a strongly defined philosophy, MECS prevents a user from turning off protection. That means that the product is targeted at compliance, as well as security, rather than being focused exclusively on mobile device management.
The MECS solution is offered as either a fully hosted service or on a dedicated appliance that can be installed in the enterprise environment. If the fully hosted service is chosen, a site-to-site VPN typically is configured to extend access to private corporate resources and intranets. Customers choosing to host their own appliance simply install the MECS server appliance in a DMZ outside of their existing corporate firewall. This is the most secure installation, and traffic can undergo multiple points of inspection before entering the corporate network.
Treating mobile devices like computers on the network, with the firewall and IPS specifically built for the server management component is either in the cloud or data center. By partnering with security value-added resellers (VARs) around the world, M.A.D.'s line-up of products are localized, and channel partners can help them grow quickly.
“What is MECS,” we asked?
“Easy,” came the reply. “It's a next-generation IPS for the mobile world.”
AT A GLANCE
Vendor: Mobile Active Defense (M.A.D.)
Flagship product: Mobile Enterprise Compliance Security (MECS) Server Solution
Cost: $120 per device per year for one to 100 devices.
Innovation: Treating the mobile device as a computer and protecting it as if it is.
Greatest strength: Vision to see that there are better ways to secure the mobile environment.