Advanced Mobile Device Security Still a Work in Progress

Carl Weinschenk
Slide Show

Smartphone Security Gaps

Employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.

It's unfair to say that smartphone security is the 800-pound gorilla in the room, since that expression refers to a danger or threat that goes unmentioned. People are talking about smartphone security, and both vendors and IT departments are doing something about it.

 

That is great, of course, but it doesn't make the topic less frightening to IT folks and C-level executives who understand that the most valuable information their companies control-which was once safely ensconced in databases and servers behind the firewall-now are anywhere and everywhere.

 

InformationWeek reports on an Ovum study that said eight of 10 CIOs in Europe think that smartphones increase their organization's vulnerability. There is a good deal of denial or laziness reported in the survey as well because despite that recognition, half of the organizations fail to take no-brainer security steps, such as device authentication.

 


There is a growing debate about whether the company issue or employee device-corporate or personal-liable-approach is best. This has a big impact on how mobile security is approached and administered. Ovum notes that 48 percent of employees bring their own and 70 percent use equipment issued to them by their companies. Of companies providing or planning to provide advanced mobility to employees, all but 10 percent are or will be based on the BlackBerry, Apple or Android operating systems.

 

There is little reason to think that much is different in the states. Juniper Networks, in conjunction with a product introduction, released research that dovetails with Ovum's. Juniper found that about 76 percent of surveyed users access sensitive corporate information on their mobile devices, and that 25 percent of devices aren't password protected.

 

A TechNewsWorld feature starts with a rather sobering-though not surprising-assessment of the dangers of smartphones. This is just a sample:

Moreover, the same threats that traditionally plague computer operating systems can attack smartphones when they are being transmitted in emails, social media sites, games, screen savers, pictures, text messages, tweets, audio clips, slide shows-or in some cases, by shady URL-shortening services.

There is more, and the piece does offer something besides a good rationale for a security pro to leave the business. The writer provides ten best practices for smartphone security. The list includes: creating a smartphone policy, treating the devices as unsecured endpoints, using secure socket layer virtual private networks (SSL VPNs), scanning all traffic and encrypting/decrypting. The writer also suggests using firewalls, controlling application traffic, employing wireless access security, managing VoIP traffic that goes through the phone and managing traffic bandwidth. More information is available in the story on each of these tips.

 

The good news is that research is ongoing. Some of it is unique, such as the ability to use a smartphone's camera to verify identify and unlock the phone. Much of it is a bit more mundane, but no less useful. For instance, the Juniper Networks announcement involves additions to its Junos Pulse software with products aimed at securing mobile devices, including smartphones. The new functionalities, which protect tablets and smartphones, include anti-virus, personal firewall, anti-spam and monitoring features. Operating systems covered are Windows Mobile, Symbian, iPhone, Android and BlackBerry.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.