Information Assurance

Lee Cocking: The Future of Mobile Cloud Infrastructure

The Future of Mobile Cloud Infrastructure

This is a guest post by Lee Cocking, VP of Corporate Strategy at Fixmo – a Guardtime partner that provides mobile security, risk management, and compliance solutions to governments, ICT operators, and enterprises, with a focus on BYOD.

FixmoThis morning Fixmo announced a strategic partnership with Guardtime to deliver tamper-evident forensic auditing for our end-to-end mobile security and risk management solutions. If you know anything about Fixmo, this probably seems like a very obvious step for us to take, considering our NSA heritage and background is in ensuring that mobile devices start and stay in a known trusted state, in other words, verifying the integrity of devices. Our partnership with Guardtime, and integration of their groundbreaking keyless signature technology, will allow Fixmo to provide end-to-end integrity for all of the information Fixmo is generating including audit logs, compliance reports, and general logging.

So, what does this have to do with cloud?

We’re reaching a tipping point where mobile access to the Internet is surpassing access from traditional wired workstations. In mobile first markets this effect is even more pronounced, as there is little infrastructure in place and it’s a sure bet that all your data will live in the cloud, making the cross-section of cloud and mobile an extremely important one for the decades to come. However, all of your data living in the cloud presents a problem in that you have to trust the cloud (and the cloud operators).

Guardtime’s keyless signature technology provides a mechanism for the authenticity of data in the cloud to be independently verified, ensuring it is tamper free. The first cloud infrastructure provider that is bringing this technology to market is Joyent, who also happens to be a strategic Fixmo Partner. As The Art of Service pointed out in a recent article, the combination of Joyent’s “double-hulled” secure virtualization with Guardtime’s keyless signature concept is a “game-changer” for the entire industry, and will ultimately alleviate fears associated with embracing cloud adoption.

In this respect, keyless signatures and integrity of data is incredibly important, and I believe absolutely required, but the true value of this game-changing technology is unearthed when you combine Fixmo’s mobility solutions with Guardtime’s keyless signature technology on Joyent’s SmartOS and SmartDataCenter, and their newly announced Global Cloud Network for ICT operators. This trifecta delivers a solution to a number of problems that ICT operators and enterprises (their customers) are facing, and I’ll summarize these below.

The Mobile Explosion

First, as I talked about in my recent post on why the Fixmo / Joyent partnership is so important, IT is undergoing significant changes thanks to the rise of cloud computing, social networking, the proliferation of mobile devices and apps, and other disruptive forces. I wont go into detail here, but one of the biggest impacts is the dramatic shift to BYOD or Bring Your Own Device instead of using the standard corporate issued fanfare. Organizations are desperately trying to figure out how to both embrace BYOD and mobility in a secure fashion, while simultaneously maximizing the usability for their employees (and if possible, driving down cost!). There’s a mishmash of solutions on the market but vendors are struggling to deliver all the functional elements required to address enterprise needs as they swing away from traditional BlackBerry deployments, open the doors to employee owned devices, and start cranking out mobile applications at an alarming rate.

There’s Diminishing Operator Margins

As Cheetan Sharma has pointed out in his Operator’s Dilemma paper, ICT operators are experiencing, or will experience soon, diminishing margins on the first three growth curves of Voice, Messaging and Access. The next big growth curve for operators will be Value Added Services or OTT applications that leverage their significant infrastructure and subscriber base to drive new revenue. I think Chris Anderson’s term, the “Long Tail”, fits very well within this 4th curve for mobile operators, and we’re going to see revenue being gobbled up across a multitude of verticals, and a lot of it by startups. The problem here is the market for the 4th curve is incredibly diverse, full of strong competitors like Google, Apple, LinkedIn, Facebook (by extension Instagram too), and thousands of startups, and many tier 1, let alone tier 2 operators, aren’t able to execute fast enough to compete. Many don’t have the luxury to make the necessary acquisitions and they’ll need to rely on turnkey solutions that can be easily deployed with little upfront investment.

Elastic Scalability is a Must

In consideration that many ICT operators, especially the smaller ones like MVNO’s, do not have the resources to deploy additional infrastructure and make large upfront purchases, elastic scalability is critical. Being able to deliver VAS/OTT solutions, like mobile security, BYOD and risk management, in a highly scalable, multi-tenant and elastic fashion (both up and down), removes a lot of the upfront investment risk in rapidly rolling out the solution, beginning to see impactful revenue, and ensuring that the ICT operator isn’t relegated to “dump pipe” status. Also, if you think of cloud as simply being the next computer, ICT operators really shouldn’t need to be concerned about how their value added applications are scaling. Automatic tuning of CPU, memory, storage and compute in general should be largely opaque and just magically happen.

Indemnification is Required

A critical factor when dealing with data in the cloud is to consider who has access to the information. Cloud providers and ICT operators must be able to prove that your data is secure and hasn’t been tampered with or compromised. This is the business of indemnification, and it’s a large business opportunity for ICT operators of the future as Geoff Hollingworth and Jason Hoffman pointed out in their aptly titled paper “Changing The Game Before The Game Changes You”. The ingredients to indemnification, as CEO of Guardtime Mike Gault points out in his article, “How the Cloud Will Displace Human Trust“, is a factor of ensuring the CIA triad, meaning the Confidentiality, Integrity and Availability of the system.  This is important for all organizations, especially governments and those in regulated industries like financial or healthcare who have concerns over being fined, sued or shutdown in the face of a breach.

50 Billion Connected Devices

We’re rapidly moving into a world where tens of billions of devices will be interconnected, online, and presenting another attack vector for hacking, cracking and compromising our networks. This moves way beyond the few billion mobile smartphones and tablets we’re seeing and firmly into the world of M2M, or machine-to-machine communications. M2M, cloud and mobility all go hand-in-hand, and providing mechanisms to securely identify and authenticate connected devices, detect fraud, and prove the authenticity of data will be critical elements to protect ourselves as we move into a totally connected world. ICT operators, providing the underlying network for these devices, are uniquely situated to provide the required security features that are necessary to embrace M2M.

It’s Time For a Secure Mobile Cloud Stack

For the most part, enterprises and especially ICT operators are still just getting a grip on the basics of this new mobile world. Security capabilities, and definitely risk management capabilities for mobility are not yet in the forefront of their minds. There are a few leading operators who are definitely thinking ahead like Telefónica and AT&T, but most are still scrambling and desperately need a turnkey solution that has a proven security record and is being adopted by the biggest governments and organizations in the world.

When you put our three technologies together, Fixmo’s NSA-based mobile integrity and risk management, Gaurdtime’s keyless signatures and Joyent’s double-hulled virtualization, the result is a highly secure mobile cloud stack. This triad of partnerships and technology is designed to help ICT operators worldwide provide solutions to enterprises, governments and multi-national organizations to securely embrace the mobile explosion, including BYOD, via an elastically scalable solution with end-to-end integrity and indemnification that can ramp up revenues in the 4th growth curve. Operators already have a billing and service relationship with customers so they are in a perfect position to deliver this end-to-end solution and capitalize on the urgent demand for secure cloud mobility across the globe.

ICT operators are in a tough spot right now, amidst a sea of change. From explosive growth in mobile data usage as pointed out by Virgin Media Business CEO Mark Heraghty, to dramatic shifts in how mobility is being used in enterprise, to mobile replacing plastic for payments, to emerging technologies like SDNs and network virtualization. It’s an incredibly innovative and disruptive time, and I believe the ICT operator of today will look drastically different a decade from now. Fixmo, Guardtime and Joyent are dedicated to smoothing that transition.

I wish I could talk a bit more about what we have cooking between Fixmo, Guardtime, Joyent and a few other unique and disruptive partners, but I’m still holding some cards close to my chest. I will say that we’ll be tackling some of the biggest security problems that are arising as we embrace this new mobile world, billions of connected devices, and a truly networked society.

For those that are interested in learning more about BYOD security, mobility compliance, mobile risk management and related topics, check out our website, subscribe to our Mobile Risk Insider newsletter, check out our blog, and review our BYOD white papers. Or feel free to email me directly at lee [dot] cocking [at] fixmo [dot] com.