This week, I had a very interesting discussion with Werner Thalmeier, CTO of M86 Security, about the protection of systems and information. He used the analogy of the “secure pipe” to explain the approach they are following – today, our drinking water is clean, we can use it directly out of the pipe. In former days, it wasn’t. It had to be cooked, filtered, and so on. The approach of M86 Security is basically the same – keep the pipe clean so that you don’t have to care about what comes out.
We ended up in a discussion of new challenges in that area, especially the “apps” for the so called smart phones (I still think that this is the wrong term – they might be smart, but they aren’t made that much for doing phone calls. But that’s another story.). These apps are harder to secure given that there isn’t a browser anymore where HTML code could be analyzed and so on. That leads to the question: What is the pipe and where to filter? The obvious answer is: The only place to secure that type of IT (e.g. the technology) to protect the information (it’s about Information Security and the I in IT, Technology Security is just a means to achieve that goal) are the providers.
That’s where Telcos come into play. They are the ones which are connecting the app providers and the devices. ISPs (which are frequently Telcos as well) have to be added, for apps running on WLAN connected devices or classical notebooks and desktop PCs today or in the future. These are the ones who have control about pipes.
What would that mean in practice? Telcos will have to offer this as an value add service to their corporate customers. Corporate customers will have to look at the legal details and to prepare policies for the usage of corporate devices and corporate information, if not done yet. Telcos will then have to implement the technology to filter, best done in a way which allows the corporate customers to flexibly apply their internal policies and to integrate this with existing security tools. For Telcos, that could be one (of many) value add business. For corporate customers, it is about using Telcos as a MSSP (Managed Security Service Provider). Obviously, we have to rethink security in a perimeter-less world – and Telcos can play a vital role in the future information security business.