Advertisement

Blog

Mobile Apps, Social Networks & Security: More Questions Than Answers

Both {complink 10867|Facebook} and {complink 2294|Google} this week have been accused of breaching the privacy of their users. With all the discussion recently on this site about using smartphones, the iPad, social networks, or mobile apps as supply chain management tools, I have the following question: How does data security work in these environments?

I honestly don't know, and I'd like to hear from our readers. I do know about security in the typical supply chain, at the systems level, and that's why I wonder about social media, search engines, and mobile apps.

When OEMs first began outsourcing, there was concern that an EMS company that manufactured for competing OEMs might have too much visibility into the design, IP, and BOM of the OEM competitors. An EMS could, conceivably, use this data for its own purposes (OEM A is using capacitor X and OEM B is using capacitor Y and if the EMS could convince them both to use X they could get a volume discount on X).

Then there were IP concerns: Some OEMs developed the process technology used to manufacture their boards and shared that with their EMS. The EMS could conceivably adapt that process technology as its own. Similar concerns were posed toward distribution: How can an OEM be certain its BOM isn't being passed around, or an ASIC recipe isn't being shared?

Obviously, VPNs, firewalls, passwords, EDI systems, intranets, and good business sense put most of these concerns to rest. Most, if not all, of this information is accessible wirelessly. Are the problems with Google and Facebook a result of their users not being concerned — or not that savvy — about privacy? Or is there a bigger problem here?

I'd like to know: What security measures does your company have in place to protect its supply chain information, and could those measures be adapted to social networks and search engines?

8 comments on “Mobile Apps, Social Networks & Security: More Questions Than Answers

  1. AnalyzeThis
    November 3, 2010

    I'd like to know: What security measures does your company have in place to protect its supply chain information, and could those measures be adapted to social networks and search engines?

    Security for Facebook and security in an enterprise setting are two completely different things. I'm not really too sure if you could adapt any practices from one thing to the other, either way.

    Facebook makes money via advertising and sharing user information. Facebook is not designed to be secure, it's designed to be easily accessible by a mainstream audience. It is not even remotely designed with the enterprise in mind and should not be used as such.

    Anyhow, to answer the question on security… obviously we have many of the standard procedures in place, VPN, etc., and since none of our security initiatives on the desktop-side are particularly unusual, I'll instead talk more about mobile security.

    As popular as the iPhone is, due to the security concerns we have (particularly with the iPad user information leak), it has never been seriously considered as an official, supported platform. RIM does a much better job providing solutions for mobile security. Thanks to BlackBerry Enterprise Server, encryption, remote device wiping/lock-down, specification of what apps can be run on the device, etc. is all taken care of. As a result, I don't spend a lot of my time worrying about mobile security.

    I think RIM is a little bit ahead of the curve in the enterprise and security space and eventually their competitors will follow suit.

  2. DataCrunch
    November 4, 2010

    DennisQ makes some good points.   I would see that mobile security measures are going to be a must for businesses to implement in the near future, especially those used to access and interact with the supply chain.  The mobile security market is expected to reach approximately $1 billion in 2011 and surpass $4 billion in 2011.  Every year mobile users are accessing more sensitive data than the previous, which is a huge concern for corporations to manage.  To enhance security and to attempt to protect privacy, future mobile devices will most likely come pre-loaded with some sort of security bundle, such as anti-virus, mobile VPN, One-Time Password (OTP), two-factor authentication, etc.  Corporations will need to purchase additional security appliances and remote device management software and services.

    These measures will certainly help, but there will always be a way to hack.  Currently, it is very easy to infiltrate a wireless network or snoop mobile data traffic, but fortunately so far, little to no damage has occurred from breaches in mobile security.  This is surely going to change and companies, wireless carriers and users must be more prepared to handle the threats.          

  3. Barbara Jorgensen
    November 4, 2010

    Thanks, gentlemen! This is very helpful and informative.

  4. tioluwa
    November 5, 2010

    I think we are jumping the gun here. Forums like this tend to see into the future before the future arrives.

    Like DennisQ said, social networking wasn't designed for business networking. Security will take the social out of the networking.

    I think social networking lik adverts are just for organizations to reach out to their customers on a personal basis, all business transactions must still be done within the usual secure lines they have always been done in.

    Product updates, news, customer relations issues, and the likes are what can be passed around via facebook, twitter and the likes.

    However, as for iphones and the mobile business, Dave says it all. We are thinking it already, but when the mobile service providers are ready to create it, they will turn mobile phone to mobile business kiosks, with all the security that is needed. All mobile phones will definitely not come pre-loaded with advanced encryption and data authentication features, but maybe there will be special business edition iphones that will meet all the business needs of the future, allowing the supply chain to really go mobile.

  5. Hardcore
    November 6, 2010

    Hi Barbara,

    O.K this is a long post……

    There is security as in firewalls ,passwords , VPN, anti-virus  etc. This is security we all know about…. then there is the 'dark-side', which relates to 'meta-data' security.

    OK lets look at this from two perspectives(supply chain implications here folks!!):

    1.you walk into a bar go over to a complete stranger, then you precede to give them  all the details about the clothes you are wearing, your credit rating, where you browse on the internet, your interests,  sexual or otherwise and the  details of your passport.

    would you do this?  … possibly not.

     

    2. you go into a bar, a stranger sitting with a laptop , scans any RFID tags in your clothes, they scan the RFID tag in your passport, as you open you mobile phone/computer/ipad , they 'grab' the wireless traffic as you work, noting down , the sites you browse, your interests, you blog etc. 

    Would you allow this?…. no,  so why do you let google/face-book perform a variation of it?

    In reality number two happends all the time.

     

    for any smart alic who 'think' they are safe (you use wire less security, WPA/WPA2, RSA cos u heard it is cool……!!)

    I just configure my computer to look like a wireless router…… you communicate 'securely' with 'MY' computer and i forward your unencoded requests onto the 'real' router', yep you are still using WPA/WPA2  for your link to my computer….. or maybe its a public hotspot you are using.

    Both google and face book , know exactly what they are doing, this is not about technology 'catching up'. This is about 'theft' of personal data pure and simple. Unfortunately the people in power are easy to have the wool pulled over their 'eyes'.

    Google should be seriously shafted for this, and the  board held financially accountable.

     

    The 'excuse' that an engineer put the code in by mistake, just does not wash, why?

    Did the engineer also authorize the cars to be fitted with the special antennas and equipment needed for the code to perform its work, did the engineer authorize the budget for this equipment then ensure it was included in all the blueprints for the cars?

    Meta-data security has massive implications for both the 'supply chain ' industries and personal freedom.

    consider that it is already possible to track a person round a shopping arcade by the RFID tags in the cloths they have bought/wear.

    I will give you a final example from google, that would make people think 'hay thats really kind.. wow i like google'

    Google provide a 'dns service':

    http://code.google.com/speed/public-dns/

    So that 'you' can find what you want without being blocked (wow google that is really really kind)

    now the sinister side…….

    Every single site on the internet has an identifying ip-address, to resolve that address you use a DNS server, which takes the URL name E.G” google.com” and converts it to an ip-address

    Normally you use your ISP DNS server, so all your web brousing is anonamised with the thousands of other people using the same DNS system.

    Once you use googles  DNS server, you become an individual that is identifible, every single site you look at on the web, requires communication with the google DNS server.. they 'can' identify 'you' by the google cookies they leave on your machine, which then resolves to your google email  and face-book information/ history files google maintains about the cookies.

    so now they have:

    1. the deatails of every site you browse

    2. the deatails of youre google accounts

    3. your sexual/other interests

    4. possibly your full name/address and friend list.

    5. any details of sites you may have purchased from on the internet (if you used google to find the initial contact)

    6. possibly your bank account details, if you use google advertising.. to make money from adverts on your site.

    7. all paypal details about your account……. since they bought the company.

    8. your geo-location from both face-book and your router/dns searches.(which they trace and also 'accidentally' acquired)

    This is one reason why i use a pseudonym, when posting….purely to make it harder for companies like google to gain access to my personal information.( but a person with the right background would know exactly who/where i was, this type of person work at google/face book)

    As I say this has massive implications for RFID

     

  6. Ashu001
    November 6, 2010

    Barbara,

    The rules of the game and engagement have changed and changed considerably thanks to smartphones ,Social networks and all those ultra-portable devices.

    We need to make a quick and firm decision on what Data is important and what is'nt.Anything that is,needs to be encrypted thoroughly regardless of performance concerns/complaints(major issue with encryption).

    As far as Social networks go,the key remains user education into their personal privacy concerns and how comfortable they are and with how much data freely available about themselves online.This is a Personal decision and its my opinion that Companies(including those that Hire these people) should stay out of it as long as they don't say anything against their parent company.

    regards

    Ashish.

  7. Hardcore
    November 7, 2010

    Again another good Idea,  try to  grade the data and decide what is private , but again this would give Google/ FB / supply chain  trackers, a framework to work around.

    Unfortunately we have entangled ourself so much with technology that I don't think there is a 'clear' answer or grading system we could put in place. However even this dark cloud has spun off several 'industries' and businesses.

    behold:

    the anti trackable passport /RFID case. (read the links to see why this is a potential problem for supply chain)

    http://www.rfid-shield.com/

    There is a joke amongst hackers about people wearing Tin foil hats to protect their privacy against 'aliens'

    I suspect that  the joke is on the rest of us…. and that these  tin foil hat wearing people are actually the sane ones.

    The issue with encryption, is that to utilize it, either public or private keys need to  be provided,  whilst you may not be able to 'crack' the key ,unfortunately you can 'acquire' it in other ways (case and point the DVD fiasco)

     

  8. Barbara Jorgensen
    November 8, 2010

    Hardcore–wow–this is a tutorial! Thanks for all the info. I realize now that Google, Facebook etc. are not meant as platforms for anything except information sharing–voluntarily or otherwise. I also hadn't seen RFID in the same light but it makes sense. You are correct–we are users should first and foremost be aware of this and go in with our eyes open. Of course there will always be hackers, but in as much as I can control the information I share, I should do so. And respect the paramaters my company gives me as well.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.