The two hottest areas in enterprise security are undeniably mobile and cloud. As small and large security companies go after the fast growing markets, few seems to understand that both markets will rapidly converge to be serviced through a single solution. Yet, it should Beyond the simple fact that mobile is about the cloud and the cloud needs to be mobile, there are profound technology-driven drivers for mobile and cloud security solutions to become one. Unlike the PC platform that preceded them, IOS and Android heavily sandbox application and data, making them very poor platforms for security software developers to replicate yesterday’s agent-based security approach. Turn yourself now to the cloud and it is the same dilemma. Since an enterprise does no longer run the applications and infrastructures that host corporate data and services, it is no longer possible for security vendors to leverage traditional infrastructure hooks to provide consistent security. In particular, the network-based security controls are outside of reach since cloud vendors will not expose them.
Where does it leave us? The answer is as simple as it is obvious. Both mobile and cloud require the emergence of a new security control point that stand below mobile devices and above cloud providers. Think of it as a new layer of security. That layer of security will control and police service and data access across mobile devices, cloud data and services. It is an identity security service. It will have to control and protect the flow of information between mobile devices and cloud storage. It is an information security service. It needs to enable audits of event across mobile and cloud access . It is a log and event management solution.
Indeed, mobile and cloud security are the two faces of one and the same security, and compliance solution. The perimeter is dead, but the age of “security in the middle” only begins.
[Cross-posted at Blue Ocean]