The proliferation of mobile devices may point to embedded security, but the real answer is a move to real-time query-based systems, says Rik Ferguson.
Now, I don't want to mention any names, but a recent proposed acquisition in the security field has really opened up the debate about the proper place for security.
Should security be moving closer to the silicon? Should security be an ever more embedded, integrated function, or are the particular requirements of effective security best met by a specialist working in partnership with other vendors?
Enabled in hardware
If you are Intel chief executive Paul Otellini, then clearly you believe security should be more embedded. In the press conference after the announcement of the Intel's planned takeover of McAfee, he said the company believes that "security will be most effective when enabled in hardware".
Another stated reason for this surprise marriage came from McAfee chief Dave DeWalt, who said that the "current cybersecurity model isn't extensible across the proliferating spectrum of devices".
So there we have it. Ostensibly, the Intel acquisition of McAfee has come about because security technology will be more effective and more widespread when enabled in hardware.
While I can see the logic in these statements, I think that it is dangerous to accept them simply at face value. Let's consider Otellini's statement first.
Speed and associated throughput
There are certainly aspects of security that can be more effective in hardware than in a software allegory.
For a number of years, functions such as encryption and deep packet inspection have already been ported to custom Asics in intrusion-prevention appliances, for example, and hardware cryptographic processors. The central benefit is speed and associated throughput.
I wonder if this approach could apply to the more mainstream world of anti-malware. I rather suspect not. Most enterprises first and foremost will be unable or unwilling to standardise their hardware estate around a single processor manufacturer, and if that doesn't happen, bang goes your centralised management and reporting capability.
Secondly, how will the much more frequent updates to the client end of any anti-malware system be handled? It's one thing to manage and distribute software updates on an enterprise scale, which is an onerous task at the best of times, but quite another to manage the reflashing of hardware.
Given that McAfee still currently relies on pushing new signatures out to each and every endpoint, it's difficult to see how this process could be avoided.
Problems with security implementations
This leads me on very nicely to the second assertion: the "current cybersecurity model isn't extensible across the proliferating spectrum of devices". I don't see this is a problem with the cybersecurity model — whatever that is — rather as a problem with many of the current implementations of security technology.
The traditional means of keeping security up to date and the provision and distribution of pattern files to each protected endpoint is absolutely not scalable; there, I would agree. However, it isn't the cybersecurity model that isn't extensible, it's the 20th-century implementation of it.
Intelligence has to move away from static file-based systems to dynamic, real-time query-based. We need to remove the need to push updates to the proliferation of mobile devices and instead empower them to access the intelligence they need, exactly when they need it.
The idea of embedding security in mobile devices may sound like a good idea in theory. But when you consider that security can be resource-intensive and battery power is a finite resource, then surely the right place for the lion's share of mobile security processing is actually off-device, into the cloud.
Rik Ferguson is senior security adviser for Trend Micro. He has over 15 years' experience in the IT industry with companies such as EDS, McAfee and Xerox.