What does Winston Churchill’s Foot Tell us About Mobile Security?


Thought Leadership

What does Winston Churchill’s Foot Tell us About Mobile Security?

Neil Farquharson

Most people will recognize the name of legendary wartime leader Winston Churchill: As well as having a United States Navy destroyer named after him, he is one of only eight people ever to have been proclaimed an Honorary Citizen of the United States. One of the many bronze statues of Churchill is at the south entrance to the lower chamber of the British Parliament in London; and for many years, Members of Parliament (MPs) entering the voting chamber would rub the left shoe of the statue for luck, in the hope that their government bill would pass.

You wouldn’t think that rubbing your hand briefly over a bronze shoe would hurt it, but if you look at the close-up photo of the shoe, you can see that it soon became shiny and, unfortunately, over the years this tiny action, repeated over and over again by hundreds of MPs, eventually caused “small holes and fractures” to appear in the metal shoe. Thus, in the fall of 2013, MPs were permanently banned from touching the statue.

Over the holidays I read a report about the many vulnerabilities inherent to most mobile apps. It reminded me of Churchill’s shoe in that the actions of a multitude of small attacks, ceaselessly, day-in day-out, can ultimately lead to the compromise of the whole; in this case, the compromise of a mobile device. The main finding of the report is that 87% of Android apps and 80% of iOS apps have encryption flaws that include storing sensitive information in the mobile devices’ permanent memory as clear text. In a recent live interview, world famous security expert David Kennedy stated that the security included in traditional Enterprise Mobility Management solutions typically has no bearing on the ease with which hackers can compromise mobile devices.

Essentially, all the vulnerable apps referred to above can be attacked again and again, day after day, until eventually the mobile device itself is compromised. ZixOne on the other hand does not store any sensitive information on the device. Even the authentication required to access your email server is stored not on the device, but in the server. Consequently should your mobile device be compromised, there will be no corporate data stored in your device that can be harvested. You can read more about ZixOne here.

I wish you a Productive and Secure 2016.