John Pescatore

A member of the Gartner Blog Network

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Coverage Areas:

What You Hold In Your Hand Can Be a Lot More Secure Than What You Open on Your Lap

by John Pescatore  |  July 21, 2011  |  1 Comment

From a security perspective, Blackberries and iPhones are lightyears ahead in security compared to a Windows laptop.  Rim and Apple have had the advantage of controlling both the hardware and the operating systems, where Windows grew up in a time where the mantra was the OS had to run on any commodity hardware that met the basic BIOS and PC specifications. Over the years Windows had to have backwards compatibility with previous versions of a wildly evolving operating systems, and Microsoft jammed more and more application level functionality into the OS as part of its strategy to compete. All these are major factors in why even today it is difficult to keep a Windows PC secure.

RIM and Apple came along with very restrictive models, dictating the hardware and software combination and making it much harder (but not impossible) for users to load arbitrary executables – and, lo – the market loved it. The safety of being able to click on an app without having it explode in your face or mail your credit card number to criminals in Russia or China by far outweighed the fact that you only have 500 games to choose from, not 5,000.

This is not to say these devices are invulnerable – just as Windows can be rootkitted, iPhones can be jailbroken. Blackberry has had exploitable software vulnerabilities, as well. However, the change in the model has shifted the risk on these phones from a malware focus to a protection of data on the device focus – the biggest risk is physical loss of control of the device (theft, misplacement, phones that show up on eBay with all data on them, etc) putting a premium on local encryption and access policy support – not adding on layers of inneffective anti-malware software like in the PC days.

Droid came out and tried to go back the wild wild days of the PCs (any hardware! many versions of the OS! no restrictions on apps!) and immediately got hit by malware, and the market has already said “hey, where’s your App Store??” and Amazon and others have already started to offer App Stores for Droid.

This is huge – it is like users choosing cars that get high mileage and safety features over convertibles and roll-over prone SUVs. The market is driving smartphones in a much safer direction – the trick is for IT to be able to react and embrace this trend, vs. fight it and try to apply old world PC thinking to how these new devices should be managed and secured.

1 Comment »

Category: Uncategorized     Tags:

1 response so far ↓

  • 1 Most Mobile Apps Fail Password Security Test   August 9, 2011 at 4:07 pm

    [...] Android, however, has bucked that trend, with a anything-goes focus and handling sourroundings ethos, that recalls Windows. “Droid came out and attempted to go behind a wild, furious days of a PCs (any hardware! many versions of a OS! no restrictions on apps!) and immediately got strike by malware, and a marketplace has already pronounced ‘hey, where’s your App Store??’ and Amazon and others have already started to offer App Stores for Droid,” pronounced Pescatore in a blog post. [...]

Leave a Comment