The threat is becoming more and more relevant each and every day. Basic precautions with your mobile device are no longer sufficient. There is a real need for mature mobile device anti-malware protections. Also, mobile device management can provide a limited mitigating control.
This is one of the more intriguing stories I have read coming out of RSA this year, and frankly it is a bit of a “light bulb” moment for me. As we have seen the growth of cloud-based services drive end users to a more ubiquitous device/app approach for accessing data, it seems obvious that edge defense can and should adjust to this architecture. Google has simply (easy for me to say) taken the next step and moved all interactions to an open, untrusted network topology.
I am energized by the idea of building security methodologies that focus on trusting the user and the device and less on defending the perimeter. Culturally, I believe we will be dragged in this direction regardless of our personal philosophies on the subject.
Beware…this will affect general patching efforts and add an additional load for March’s patch cycle.
Enjoy this interesting conversation about the direction of IT security testing and better ways to tackle this challenge in a “test and defend” world.
Though not surprising, these findings are still disturbing and point to the uphill battle most IT security professionals face when trying to advance the cause of cybersecurity.
This is my favorite event of all during RSA week and it honestly saddens me greatly to have to read about it versus being there in person. Enjoy!