Conversation with Thomas Cannon on Android Security, Part 3

VPN Haus continues its conversation with Thomas Cannon, a security researcher who made news last month when he discovered a vulnerability on the Android OS that could make devices susceptible to data theft. After finding the threat, Cannon alerted Google, receiving a response from their security team in 20 minutes. In his blog, Cannon points out, “responsible disclosure would normally prevent me from publishing the advisory while there is a chance the users will get a fix in a reasonable timeframe. However, despite the speed at which Google has worked to develop a patch I don’t believe this can happen. The reason is that Android OS updates usually rely on OEMs and carriers to provide an update for their devices.” VPN Haus: Do you think security concerns will keep the enterprise from embracing Android? Is there anything the enterprise can do to bolster the security of Android devices? Thomas Cannon: I don’t believe openness will stop organizations from embracing Android, I see it as an advantage. I do think there is a real opportunity for a company to offer support and management of Android devices for organizations, and perhaps that will be a catalyst. In terms of bolstering security of an Android device, the weaknesses are fairly universal across mobile platforms so the same kinds of solutions apply; applications that sandbox and encrypt corporate data, virtualization (you will soon be able to get VMWare on Android), and keeping data in the cloud (web based services or Citrix). VPN Haus: Are there any other key security concerns surrounding the open platform model for mobile devices? (as Windows is taking a similar...

What We're Reading, Week of 12/20

Information Week, 10 Steps To Mobile Worker Support PC World, Crack Your Own Passwords for Better Security Wi-FI Planet, 2010 in Wi-Fi: the Year in Review ZDNet UK, What’s Changed Since...

What We’re Reading, Week of 12/20

Information Week, 10 Steps To Mobile Worker Support PC World, Crack Your Own Passwords for Better Security Wi-FI Planet, 2010 in Wi-Fi: the Year in Review ZDNet UK, What’s Changed Since...

Conversation with Shahid Shah on mHealth, Part 4

This week, we feature the final post in our series with Shahid Shah, an enterprise software analyst that specializes in healthcare IT with an emphasis on e-health, EMRs, data integration, and legacy modernization.  He is also founder of the popular Healthcare IT Guy blog. VPN Haus: When we last spoke, you said mobile phones will be just a small area of mobile health. What else can we expect? Shahid Shah: There are going to be sensors as you walk into hospitals that will be placed on you, the way band aids were placed on you. Those sensors are going to collect information and that information is going to have to be shared somehow. So this data will have to be treated in a HIPAA compliant way.  So if you’re interested in healthcare IT in general, you typically hear about medical records, but really the big growth area is with the sensors, body area networks, wireless within hospitals and the ability to tie in the patient’s home to make the patient’s home a tie-in to the doctor’s office or hospital. VPN Haus: How would this data be protected? Shah: I would like to see smart information architectures, like patient data management, that keep the patient’s clinical data fully segregated from the patient’s ID data. So if you’re looking at a patient’s demographics, that might sit in on database separately than clinical or HIPAA protected information. So if somebody stole all the clinical data, it wouldn’t mean anything because they can’t identify the data. VPN Haus: Thank you, Shahid. For the first three parts of Shahid’s Q&A, click...

What We're Reading, Week of 12/13

Internet News, OpenBSD Backdoored by the FBI? Computerworld, Look, It Makes Them FEEL More Secure, OK? Network World, What You Should Know About Next Generation Firewalls Enterprise Network Planet, IPv4 Space Continues to...