Cisco security exec cheers on Android’s security flaws

Cisco is rooting for Google’s Android mobile operating system — but probably not for the most genuine of reasons.

The provider of networking technology is betting that Google’s relatively open approach to allowing apps on its mobile platform will let in less-secure code, forcing IT professionals to bring in Cisco’s technology to secure their networks, said Tom Gillis (pictured right), general manager of Cisco’s Security Technology Business Unit.

The Android operating system is more open than other development ecosystems, meaning it’s easier to develop and publish applications on Google’s official Android Market and other third-party app marketplaces. Contrast that with Apple’s tightly controlled process for getting apps into iTunes. But because there’s very little oversight, security concerns exist for larger companies that let their employees use Android phones. Some applications might leak data or fail to meet strict security standards at some large companies.

“As a security vendor, we’re rooting for Android,” Gillis said. “There are going to be problems with that platform, guaranteed.”

The Apple approach, a closed app-approval process, is inherently more secure, he said. Each application that’s submitted to the iTunes App Store has to be manually approved and gets a once-over from an Apple employee. So it’s harder for more malicious or less secure software to make it onto the phone.

The biggest change in security is going to be a shift to more security on networks. More companies are letting their employees use devices of their choice rather than supplying company phones or other mobile devices. Cisco, for example, lets its employees pick a device of their choice and then secures it by locking up data in certain applications. That security happens through the network, rather than through an anti-virus software.

Right now, the markets are about equal for network security and endpoint security — basically antivirus software from companies like Symantec and McAfee. Both markets are worth about $6 billion, he said. But over the next several years, the tide will shift toward network security, making antivirus software less relevant — but not totally lost, he said.

That’s bad news for Symantec, which plans to focus almost exclusively on endpoint security, he said. McAfee has been on the right track, and surprisingly so has Microsoft with its Microsoft Security Essentials antivirus software.

Gillis said it would be around three or four years before malware on mobile devices — especially Android — became a significant problem. That’s because adoption of these phones is still in its early phase. A few instances of malware have popped up in the wild already, but those have mostly been on third-party marketplaces. There hasn’t been a major security fiasco on Google’s Android operating system yet, but odds are, it’s coming, he said.