Bringing your own device is popular. Bringing your own secure device needs to gain traction as well.

The enterprise is certain to be headed for a handful of surprises as employees and suppliers bring their own devices and connect them to the network. BYOD doesn't necessarily assure that these users also "Bring Your Own Secure" devices.

I had a talk with Route 1 CEO, Tony Busseri about their communications and services platform, MobiNET. MobiNET provides identity assurance and individualized access to networks and data. The solution is patented and built on FIPS 140-2 cryptographic modules.

The short version of how MobiNET works is simply that whatever device connects to the network becomes essentially a dumb terminal. Identities of users are authenticated and the solution is not device driven. IT and network managers steer what is accessible, and where in the network users are permitted. (See Solutions Overview here)

Tony noted that you must keep data within the fortress as well as knowing who the user is and authenticate them to strengthen the ability to stop data from leaving (see diagram below). Currently, many enterprises find themselves in a crunch, as they're pressured to let any device connect using any means; an exponential number of risks are either ignored, mitigated with self-insurance (banking), acted on with varying degrees of security at a wide range of costs, often betting the technology against an estimate of acceptable risk.

In my past post: Lost & Found: Another Security Nightmare,I wondered: The numbers of lost handheld devices compromises how many networks? But lost devices won't lead to changes in decisions until the attitude of protecting your data changes within the enterprise. I've long said that it's not what's coming into the enterprise that's as damaging as what is leaving it. This example rings true back to earlier times of private hardened networks being compromised by data leaving. Many of these compromises were either procedural flaws or failures to provide a degree of physical separation. With the BYOD rush, scores of new risks potentially enter and then obtain data from the interior of the fortress.

Since most of them are mobile, BYOD devices are potential moving targets. Oddly, when Apple employees allegedly lost their iPhones, a media storm either promoted the event of a new cool iPhone while ignoring the potential data compromise, or Apple feared some compromise of what, discovery of new hardware? Sadly, the new iPhones retain what the old offered and that is a 4-digit PIN to unlock the phone. But security and being open to communicate and obtain any data when and where you want it isn't a major selling point to the consumers. Arguably Apple and Google and scores of other firms aren't necessarily making security a key concern for users.

I asked Tony what key industries he thinks are vulnerable, and he said banking and law, because both of them are open to identity theft. Now as hardened vs. un-hardened browsers are concerned and whether or not all my data is safe, am I concerned? The reality is I want the convenience of having all my accounts linked at my bank so that it's easy for me. This is the cold hard reality of many users, and it's the challenges for network managers that try to appease them. The other reality is I am taking a risk, and the convenience is worth it until there's a compromise. Then, you will hear another tune and story as to why you don't do this. Will the bank be able to protect my data and is their platform secure? How secure? The word bank isn't always indicative of safe because bank robbers and hackers seem to target these assets. With a plethora of mobile devices, it's certain to be more than temptation that may lead to new and more effective attacks on mobile