CISOs: Big security vendors caught on the hop by rise in enterprise mobility

CISOs of Network Rail, Commerzbank, Field Fisher Waterhouse slate bigger vendors for slow response to BYOD

The chief information security officers (CISOs) of Network Rail, Commerzbank and law firm Field Fisher Waterhouse have slated bigger security software vendors for lagging behind smaller rivals in mobile security.

In a panel discussion at the Infosecurity Press Conference yesterday, Andrew Yeomans, head of security engineering at Commerzbank, said that traditional security vendors have been slow in responding to changes in mobile use.

Peter Gibbons, CISO of Network Rail, agreed, adding that security vendors should have been more alert to the rising use of mobile technology in the enterprise.

"It does feel that [mobile use] just crept up on everyone and, all of a sudden, workers ask if they can use their email on this device and security companies seemed to have missed it. The whole industry has missed a trick. Even Apple was caught out by enterprise use of the iPhone," he said.

"The big suppliers in the mobile device management (MDM) market, such as Touchdown and Good Technology, are not traditional technology companies that were heard of five or seven years ago, and they are now the leaders in the market," he added.

The CISO of Field Fisher Waterhouse, Tracy Andrew, explained that this was because the smaller vendors could react much more quickly to changes in the industry. "The major vendors were working on an overall strategy, but they've picked the wrong product," he said.

The Cyber Security Challenge programme, which is sponsored by the Cabinet Office and 50 other public and private organisations, aims to identify, nurture, support and encourage future talent to defend the UK online, and Andrew believes it is helping to fuel innovation in the MDM arena.

But even though the major security vendors may have missed the boat, they could attempt to buy one of the MDM companies instead.

"They could certainly try to buy the smaller vendors," said Network Rail's Gibbons. "Or they will say let's leave them to survive on their own and work out how we will integrate, and that's what the biggest security companies are working out - what the integration layer is," he added.