Balaji,
this is a brilliant topic. Being in the mobility space myself,
security is always a -HUGE- conversation point, and critical learning
for most our clients, even the telco's (small AND large)!!!
As Chandra stated, there is the IMSI and the IMEI number and a Device
ID. How this comes about is kind of dependent on the device
manufacturer (not always what you expect, even though it is meant to
be a standard).
There is now mobile capability to have policy configurations. Current
WM devices (6.1 pro) and MS remote mobile management suite can give
some extra bells and whistle. there are a number of 'products' that do
this sort of stuff, although, so can development to a 'standard'.
One thing to bear in mind is that mobile devices are single user
oriented and are also stack based devices (ie: threading is not real,
it is more time sharing on threads).
This does give some leniency for device security, but the key to the
security, as is always, is protecting the data. From experience this
would be in the case where a device may be lost/stolen and people know
that the 'new found' device can be used in a malicious manner.
This is where IMSI/IMEI, DeviceID and credentials are important. There
is a company we are partnered with which has quite a 'strict' security
mode, where there is a two factor authentication mechanism. As much as
"Company A" can do it's own authentication verification, sometimes to
have an external aspect to re-verify this, on a challenge routine at a
request-by-request basis... thank modern capability for fast mobile
networks!!!
Nothing stopping anyone to use SSL, 3DES, SHA and so forth (we use
them by default), even on that request-by-request process... can take
it even further and generate a 'virtual' token purely for the request-
to-acknowledgment, and within that something like a 'transationID' for
each aspect, can wrap PGP/MD5 around all this too! This 'virtual'
token would only be known to the 'methods' invoking/accepting calls
to<-- -->from eachother!
Any way.. My 2¢ worth!
I am by far not a security expert, but sharing my experience from what
my day-to-day mobility work sometimes entails!!!
How it applies to the cloud, I would assume would be in a similar
fashion, except each node would have a role and responsibility :- by
person & signature for when the steaming heap hits the fan there is
somewhere to turn to!!! I too am getting to speed with CC though, and
am darn interested in this particular topic!
On May 27, 9:01 am, Balaji Prasad <
bprasa...@gmail.com> wrote:
> With the increasing proliferation of mobile apps and their ever-rising
> popularity as a viable gateway into the enterprise or the cloud - enforcing
> security on these devices becomes all the more important. However
> traditional security solutions (anti-virus, real-time malware detection
> etc.) are bulky and CPU intensive - and the technology is not suitable for
> these smaller devices. Given that the cloud represents the ultimate network
> computer - with the endpoint becoming the thin client, is it possible to
> offload the security and admission control functionality to the cloud? I am
> interested to hear your thoughts on this matter.
>
> Balaji
> --
>
> Bette Davis <
http://www.brainyquote.com/quotes/authors/b/bette_davis.html>