July 30, 2013
I had a conversation recently with one of the top consumer antivirus companies in the world. What came out of this conversation was very intriguing. The conversation presented a vision into how mobility is shaping consumer views on security and how security of the home might be improved.
The vendor and I began by discussing the rapid growth that homes are seeing in the number of Internet-connected devices. An average person today has approximately five consumer devices connected to the Internet in their home, and the number is growing rapidly. For example, my home has the following devices connected today:
- Two iPhones.
- Two iPods.
- Two Kindle Fires HD.
- Two Apple TVs.
- Four TV set top boxes.
- One Mac Mini.
- Three Windows laptops.
- One printer.
- One Xbox.
That’s a grand total of 16 devices, and I’m sure I missed at least a few odd items in my “off the top of the head” listing. I’m willing to bet that we are only slightly above average for a suburban family of four when it comes to Internet-connected devices.
So what does this have to do with security? The primary question that this particular vendor and I were discussing was the security management of the rapidly expanding connected home. It’s likely my family will expand our device count over the next few years with network-connected televisions, additional pad type devices, and even some appliances that communicate with the Internet. It’s likely none of our devices will be very secure by default, and if I want to make them secure it’s going to be a configuration management nightmare. The scope of “Home IT” is growing equally in proportion to the number of connected devices per home. At some point, the average home will require today’s equivalent of a small business IT support capability.
Right now my family has an ad hoc way of managing the 16 Internet-connected devices, some of which don’t offer any security settings at all. Each device has its own method of configuration, requiring me to log in to them separately when I need to change some settings. Most people simply place these items behind the personal consumer grade NAT device / router / firewall and call it a day. This sounds eerily like the late 90s’ “M&M candy” networks when enterprise computing environments had the hard crunchy shell and the soft gooey inside. We all know how that worked out for the security of enterprise data; my guess is it won’t be any better for consumer data either.
The particular vendor I was talking to wants to do it right. They are modifying the strategy of their company at large and tackling the home security problem as a package. Applying security to mobile technologies in isolation from the home PC is a recipe for confusion to the end consumer. Doing so will result in a weaker level of security as consumers turn off, or disable, features just to get their devices operational. What is needed for the consumer is a single place of security management, configuration, and logging that is easy to use, has a strong customer experience, and can tie into multiple vendor Internet offerings.
If the big name consumer vendors don’t add these features soon, somebody else should. This is a perfect opportunity for an entrepreneurial person to create one heck of a new venture. Good luck and make sure to thank me in your VC pitch deck!
No More Chewy Centers: Introducing The Zero Trust Model Of Information Security
– John Kindervag