What is your password? Are you REALLY protected?

By: Violet Le

I just came back from the 2013 MobileCon in San Jose hosted by CTIA, which was said to be “the best user conference on anything mobile in North America”.

It was great to see all these IT giants and newbies talking, buzzing about anything mobile, ranging from Enterprise APP development, to M2M, to mobile payment. It was even greater to listen to various approaches on how they plan to protect our data from the “bad guys”, which are “extremely good”.

The whole event was so thought provoking that for a second, I thought I was watching The Matrix. In fact, I believe at least 2 of the speakers mentioned the movie “The Matrix” during the leadership forums, and at least 2/3 of the key note speakers used at least 1 slide on mobile security. I heard jokes on BYOD, where people say it should be “bring your own disaster” instead of “bring your own device”;-) I saw a list of the top 10 pins that are easily guessable, and I even watched a demo of how fast one can hack your cell phone password with an open source software (yes, open source and free) in less than 3 min.

It was no doubt that Security is on the top of everyone’s list.

MobileCon BlogSo how can we be protected?

There In addition to the usual ways for IT security and data protection like encryption, access control, authentication etc. I came across a new concept called “Containerization”. Containerization is an application level, device independent encryption method. Containerizing data, applications, and processes, makes it more difficult for others to penetrate, and this technology will also protect personal data when wiping off the corporate data from your device. Very Interesting.

But I feel something is still missing.

What if the person who puts the “container” was under some sort of disguise? How do you ensure your good people are your good people? More importantly, how do you know the one who accesses this “contained information” is the right person? Strong authentication requires providing more than two-factor authentication. Username and password, which are the most common form of identification and authentication, have served their purpose, but in our modern world they’re no longer adequate. (See Google’s article earlier this year on “The Password is Dead”) Ultimately, we need some sophisticated identification and authentication mechanisms to pair with the new IT security technologies to provide real protection.

mobilecon2

To me, this is where biometric industry leaders like ImageWare Systems (IWS) possess a unique advantage. IWS provides patented, multi-modal, cloud-based biometric identity management solutions combined with an interactive mobile security platform (SDK) that can be deployed across multiple platforms. They also provide biometric identity management as a service (SaaS) in the cloud. They have several big name customers that have used their platforms to secure their public and private infrastructures and applications for over a decade.

With everything and everyone going mobile, and the prevalence and power of social media, business will need to be able to provision and secure their customer identities based on social-network identifications rather than managing an account for them (think about “log in using Facebook” or “apply with LinkedIn account”). Thus, Identity and access management need to be looked at from a whole new perspective. In the end, BYOD and mobile technologies are here to stay, and whomever can capture this market in a simple, fast, and secure way will be the winner.

Let’s reflect on what Gartner said earlier this year: “ The adoption of cloud services, especially when end users access them without IT department approval, means traditional security controls such as anti-virus and perimeter firewalls are increasingly ineffective. There’s a need to ‘shift up the stack’ in security, ‘beyond networks and devices’”.