In this third and final installment of the mobile security blog series I conclude with a look at mobile location and commerce and its impact on security.
One of the key attributes of the mobile revolution is the constant awareness of the user location. Typically in the past this information been available to the operator alone and no real businesses have spawned as a result of this knowledge. Fast forward to today and LBS - location based services - are one of the fastest growing segments in the mobile services segment. The reason is quite intuitive - imagine being able to target advertising and promotions tailored to the user and location to make the experience more relevant from the user perspective and make the advertising ROI more tangible from the businesses' perspective.
The security challenge here is to maintain the privacy of this critical piece of user information so that it is accessible only with the strictest access controls. Loopt - a location based social-networking startup is still trying to recover from a privacy stumble as users accuse it of spewing text-message spam and disclosing user cell phone numbers and whereabouts without permission. The controversy is sure to be a forerunner of privacy battles to come, as GPS-enabled cell phones like the iPhone enable businesses to track -- and disclose -- where people are at any given moment.
The mobile handset as a device of commerce is already making headways in various parts of the world. From simple SMS based money transfer schemes - M-PESA is one such example in Kenya where a sixth of the population is using this to initiate money transfers and fulfillment outlets dot the country's landscape to close this commerce cycle. One of the largest philanthropic foundation in the world - Gates' foundation - has embarked upon a program called the Mobile Money for the Unbanked (MMU) program, which will work with mobile operators, banks, microfinance institutions, government and development organizations to encourage the expansion of reliable, affordable mobile financial services to the unbanked. In a number of countries in APAC, the PayWave technology is well entrenched whereby one can literally wave the handset and the transaction is completed using the NFC - near field communications - technology.
The security challenge here is to protect and indemnify this device against loss, maintain integrity of communication, exercise robust user and device authentication, maintain sanctity of the device in the face of viruses, malware, spyware and protect the accumulated user transaction data with the strictest of controls
In these series of blogs, I have attempted to portray the various facets of the mobile revolution and their impact on the security. With a well strategized and executed security stance, the mobile revolution will continue to enthrall consumers and bring in sound business opportunities to operators, content providers and eco-system players. However, if security is not factored in at the very beginning and becomes an afterthought, consumers and businesses alike will suffer immensely.
Discussing a wide range of topics impacting enterprises and
data center security.