Posted Jan 15, 04:44 PM by ben
My brain has been going down a train of thought over the last few days. This train includes platforms, iPhones, digital natives, and contexts.
First lets start with platforms and what makes a platform succeed. There’s even an entire book (which I’ve not read) called Platform Leadership. I’m beginning to think of things in a platform view in regards to input/output, creating an open structure, enhanceable and what not. The security industry fails all of these at some very basic level but that’s a different post.
This contemplation led me to iPhones and blackberries. Expectations and trends to merging worklife with homelife is a fundamental problem. I’ve not seen any discussions on the separation of these two worlds. Personal data is private to the individual and Corporate data is private to the company. These two things should not be mixed, however blackberries and iPhones are doing just that. And it’s unavoidable.
And then we have digital natives who set the expectations higher for their digital wants and expectations. Who wants to carry around a personal cell as well as a blackberry? Who wants separate address books or notes? The upcoming generation does not (I don’t). This strengthens the argument for convergence of these two (corporate and individual) worlds.
The embedded market as well as computers in general need to seriously begin work on creating these contexts in devices. Minus an extra SIM, I see no reason why a mobile device cannot have both a work number as well as personal. The employee supplies the device and the company supplies the work SIM. From there on out it’s a software issue. Context of data needs done. A certain policy should exist for corporate data versus personal data.
This data context needs created on the mobile workforce. One- because the security industry fails at creating scalable platforms and will not address what is a fundamental product issue. Two- because these devices are interacting with the company data and barring draconian rules (that will be circumvented) it is only a matter of time until the company loses the war. And finally, data is supposed to be easy to use, not arcane.
Incidentally, data contexts could be driven by a form of federated services. Microsoft could make this happen, google or cisco could also make it happen. Once the identity is known and apps understand context then we can apply inherent transparent separation.
// :: brainstorming/ rant
Commenting is closed for this article.
This work by http://electricfork.com is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
I lead an information security ops and response team. This site is a collection of interesting notes and brainstorms on the protecting from, detecting of, and responding to badness. You can read more about me or my site here.
You can subscribe to my blog via rss 
, or if you're looking for older items check out my archive of previous posts.
I organize a small infosec meetup in baltimore called charmsec. If you are looking for charmsec details you probably want to go here.
RSS