Smartphone Security Gaps
Employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.
It's unfair to say that smartphone security is the 800-pound gorilla in the room, since that expression refers to a danger or threat that goes unmentioned. People are talking about smartphone security, and both vendors and IT departments are doing something about it.
That is great, of course, but it doesn't make the topic less frightening to IT folks and C-level executives who understand that the most valuable information their companies control-which was once safely ensconced in databases and servers behind the firewall-now are anywhere and everywhere.
InformationWeek reports on an Ovum study that said eight of 10 CIOs in Europe think that smartphones increase their organization's vulnerability. There is a good deal of denial or laziness reported in the survey as well because despite that recognition, half of the organizations fail to take no-brainer security steps, such as device authentication.
There is little reason to think that much is different in the states. Juniper Networks, in conjunction with a product introduction, released research that dovetails with Ovum's. Juniper found that about 76 percent of surveyed users access sensitive corporate information on their mobile devices, and that 25 percent of devices aren't password protected.
A TechNewsWorld feature starts with a rather sobering-though not surprising-assessment of the dangers of smartphones. This is just a sample:
Moreover, the same threats that traditionally plague computer operating systems can attack smartphones when they are being transmitted in emails, social media sites, games, screen savers, pictures, text messages, tweets, audio clips, slide shows-or in some cases, by shady URL-shortening services.
There is more, and the piece does offer something besides a good rationale for a security pro to leave the business. The writer provides ten best practices for smartphone security. The list includes: creating a smartphone policy, treating the devices as unsecured endpoints, using secure socket layer virtual private networks (SSL VPNs), scanning all traffic and encrypting/decrypting. The writer also suggests using firewalls, controlling application traffic, employing wireless access security, managing VoIP traffic that goes through the phone and managing traffic bandwidth. More information is available in the story on each of these tips.
The good news is that research is ongoing. Some of it is unique, such as the ability to use a smartphone's camera to verify identify and unlock the phone. Much of it is a bit more mundane, but no less useful. For instance, the Juniper Networks announcement involves additions to its Junos Pulse software with products aimed at securing mobile devices, including smartphones. The new functionalities, which protect tablets and smartphones, include anti-virus, personal firewall, anti-spam and monitoring features. Operating systems covered are Windows Mobile, Symbian, iPhone, Android and BlackBerry.