He is a member of several Nokia internal security related management boards, and Nokia’s main representative in the Trusted Computing Group and EICTA’s Mobile Security Group. He is a frequent speaker at security conferences.
What is your background and how did it prepare you to face the challenges in your current position?
If I look back over my career, there is one common denominator and that is the Internet. I started my working life in software development for small and medium sized businesses, while using the majority of my free time surfing the Internet. In the 90s I was working in the banking industry responsible for electronic banking related tools and software. This was the time when Internet sales, payment and banking systems really took off and this gave me great experience which I can rely on now as Nokia expands its focus from mobile devices to a range of Internet services.
What new security trends and technologies do you find exciting?
I believe that the transition from simple voice centric phones to fully open Internet and open source software based personal devices with standardized platform features is fascinating. The mobile industry has learned a lot from the PC industry and right now we can see how those learnings will make a difference. More generally, the evolution to multimedia experiences and complete freedom of time and place are very very exciting.
How does security integrate into the product manufacturing lifecycle of Nokia business phones? How important is security to Nokia's overall product strategy?
I used to say that "security is equally important as any business enabler, no more, no less". Security is a vital part of devices targeted to business segments, but has a significant role in other devices and segments as well.
Differences become evident if we look at security more closely. Platform and system security must be well defined and accurately targeted in both. The clear difference is in the area of security services for mobile devices, such as terminal management and VPN (Virtual Private Network) systems.
One key area where we have invested heavily is mobile device management, technology which allows IT organisations remotely manage their IT security policies on their Nokia business devices based on their individual and organizational requirements. Security must be part of the design process, right from the start of platform development. In order to be effective enough, security can not be added afterwards, when the device design is completed.
What is your policy when it comes to establishing security rules for new products?
The main principles that we bear in mind when designing new products are high usability and putting maximum control in the hands of the device owner and user. The settings are made to meet the standard needs, and after this, the user can decide what level of protection he or she needs.
Most of your high-end devices run Symbian but Linux is coming into the picture. In your opinion, which platform is more likely to stand the test of security over time? Do you plan to release more Linux-based devices?
My view is that there are no major differences between these platforms when it comes to security. Most of the protection is based on architectural design and applications used on top of the platform. Both are designed for demanding security environments. And both have their target customers and user groups.