Should mobile security start from device or data?

As the number of Web-enabled devices continues to grow, one security research believes focus should be placed on protecting the data, not the device. However, others maintain that efforts should still be trained on securing the handset, especially amid the emerging BYOD (bring-your-own device) trend.

At the recent RSA Conference, Ari Juels, the security vendor's chief scientist of and director of RSA Labs, told ZDNet Asia that as cloud intermediates with devices, data will flow seamlessly among devices. As such, data should be the key focus in mobile security today. "The term 'mobile' will [disappear] because every device will be portable and our data will be universally accessible from any devices we're carrying," Juels said.

However, Dan Shey, mobile services practice director of ABI Research, disagreed with this assessment, noting that the device must still be the focus in security.

The U.S.-based observer explained that apps and services used to secure mobile devices are not the same as those deployed to secure other platforms such as desktops and laptops. Different platforms have differing operating system (OS), memory, and processing power, Shey remarked.

As such, devices need a different security focus, which coins the term mobile security, he surmised.

The ABI analyst added that security comprises many levels and data security belongs to a different one from that associated with devices.

Elaborating, Shey noted that for data transiting from one device to another, the focus should be on security services that transit and scan for malware on networks. This is also where virtual private network (VPN) operators play a role, he remarked.

On the other hand, mobile security is typically associated with device-centric features such as remote lock-and-wipe, complex password capabilities, and ensuring the apps are free from malware, he said.

BYOD calls for mobile security
Michael Sentona, Asia-Pacific vice president and chief technology of McAfee, added that with the growing adoption of BYOD practices, non-corporate devices will be used to access business information. This calls for an even greater need to protect devices, he noted.

Sentona explained that there will be instances where enterprises do not know how users are accessing the company's sensitive information or whether the platform used is secure. Hence, handset security will be of paramount importance, he said.

Denis Maslennikov, senior malware analyst of Kaspersky Labs' global research and analysis team, agreed that increasing BYOD adoption and number of people accessing corporate data from devices "anywhere" further heighten the need to protect devices.

He reiterated that people are the weakest link in security and cybercriminals will try to exploit human weaknesses to spread their programs.

"It’s like securing your house," said Russia-based Maslennikov. "You can have the finest burglar alarm in the world but if you don't turn it on, and only care about hiding your expensive 'stuff', it offers no protection at all."