For most people, Feb. 14 was a day of hearts and flowers and romance. For many of us in the security industry, however, that same day was the beginning of one of the biggest conferences of the year: RSA 2011.
Swoon! Nothing says loving like protection from infectious cyberthreats, am I right?
This year's RSA Conference in San Francisco was, aside from the start date, business as usual in many ways. There was the usual assortment of vendors, booths on the exhibition floor, parties and meetings and running into old friends (including the inevitable one or two that are at a different vendor's booth from the year before). And, also as usual, there were some notable themes which came up again and again throughout the week.
While last year, everybody's big concern was “cloud-based security”, this year the topic on everyone's lips was mobile security. Just like in the computing devices themselves, the focus is decidedly moving away from the desktop to mobile and virtual space.
The mobile security space is a particularly interesting one, given the context of its development. Security products on the desktop started as very simple little widgets that grew more and more complex as the number and type of threats increased.
There was a part of me which assumed this was how things would be in mobile-land as well. Oh, how wrong was that assumption. Despite the relatively small numbers of threats that currently exist for mobile phones, the products are anything but simple.
There seem to be no simple anti-malware apps out there, which makes sense. Why would you have some single-purpose anti-malware app, waiting for the day when mobile malware becomes an everyday problem when you can have an app which is like multipurpose insurance for your phone?
Most security apps are suites that have just as broad a feature set as most desktop security programs, in addition to things like remote-wipe or data backup in case your phone is lost or stolen. This is something which is already a common issue for most phone owners.
Another issue which I mentioned in my previous article is phishing: Many of the mobile security apps protect against spam, malicious URLs and phishing. Perhaps as adoption of these apps increases, we can see a decrease in the rather appalling numbers of mobile users who are visiting these malicious sites.
Most of us are a bit jaded about the “sky is falling” coverage of the mobile security landscape, but vendors have developed products which provide utility beyond just the realm of malware. Even if you never (in that year or two before you can upgrade to the next amazing smartphone) have a malware attack on your phone, these products could be useful for the average user.
Of course, the utility of these products need testing. But that is a discussion for another day, soon.