The other major attack vector telcos face is security for one of their most valuable assets in the modern era - source code for online games. Naidu he had just returned from Korea where he met with a telco that had hired Imperva to strengthen internal security to prevent source for the online game from being accessed by those who did not have any legitimate need, or to prevent employees from downloading all the source code before leaving for a competitor.
External users going into the network to steal code was also an ongoing concern.
In the modern workplace, staff are preparing presentations on their iPads and storing work files on Dropbox. This might have legitimate use and indeed, users need to work offline while on a long flight, or a manager should be able to reply to a work email that came in while he was looking up his daughter’s Facebook status.
One telco in Japan is releasing 50,000 iPads on its staff and part of the exercise is to see how they can increase productivity while keeping endpoints secure. Nobody quite knows what the solution is right now.
But part of the solution is to add visibility, tracking and auditing of these end-points to flag abnormal trends and ensure that those most at risk adhere to best practices.
Sarbanes Oxley has a requirement for strong passwords to be periodically refreshed. The Monetary Authority of Singapore requires banks to have audit trails of who has been accessing what data, for instance. That is what is needed, but on a wider scale.
Of course, the other threat is that despite the device being secure, governments may demand access to that data, such as what happened recently in India and now in the UK. How does he balance that call for national security versus personal or corporate security?
“I’m a supporter of this trend. Most governments have people’s safety in mind. They are not eavesdropping for access to information.
“[But] if they are going to embark on eavesdropping, they need a secure infrastructure,” he added, alluding to Bradley Manning and the Wikileaks incident.