Recently NASA launched three smartphones to space to take hundreds of snapshots of a circular object we have all come to know and love as Earth. After straddling the stratosphere, the Phonesat Androids began to scan the globe with a multitude of spacial blue illustrations. While some bits and bytes were lost with the transmission of packets via ham radio waves, enough were captured to show some amazing shots. Despite this though, the mission was considered only a partial success. Unfortunately the trio of droids burned up on re-entry, sort of like the Jupiter 7, the TV series that resulted in the first Android in orbit, “Lost in Space”.
In the security world, many of us that speak on the topics of threats and vulnerabilities, also frequently find ourselves using similar verbiage – camera, photographs, packets and snapshots. In most scenarios, Kodak cameras are used as an analogy, referring to the security scanning of our networks for threats and weaknesses. A snapshot of our security posture at that moment in time.
It's all about the numbers
Global population is now reported to be above 7 billion. Interestingly, mobile devices are pegged at roughly 6.3 billion. It is expected that the amount of mobile devices will surpass global population in 2014. Talk about a chicken in every pot and a car in every garage, this is a mobile device in every hand! The numbers seem in line with the growth we are currently seeing. Mobile subscribers and mobile devices are multiplying daily.
But what we don’t know can be dangerous – while we can recognize the mass of all of these devices, we don’t know a lot about these devices. Things like where they are located, the vulnerabilities or risk that they present. Less than 1% of these devices are scanned for vulnerabilities or tested for unprotected confidential data. Data that could put you at risk, such as cardholder data or PHI.
Much like the universe is made up of dark matter that we can’t see or touch but we know is there, our networks are too. Sending packets, taking pictures and traditional security scanning are great for discovering what we can see and touch. But this approach simply does not work with the bring your own devices (BYOD) universe. Smartphones, Tablets and Laptops on-the-go, are on and off the network and must be scanned differently as this is the dark matter of your network.
Looking down from Space on BYOD
In 1999 during the dotcom days, I had the luxury of traveling from London to New York on a Concorde. At 59,000 feet high and travelling at Mach 2, I felt as though I could touch the curvature of the earth. When I reviewed the recent NASA Droid pictures of Earth, I was expecting a pretty blue ocean but was instead, blinded with a handful of BYOD dots and a plethora of mobile connectivity fuzzing my vision. Today’s Androids and iPhones don’t burn up upon arrival from space. They have arrived and are only going to grow. The battle on BYOD security is a challenge, yet will take innovation and a shift on how we perform assessments. The main question we all have is, how can we identify vulnerabilities, creatures and aliens brought to our dynamic networks from outer space.
Packet Scanning from Space didn't work, but BYOD Security Scanning does...