Two stories we've seen recently -- and we're certain more have escaped our attention -- bring home the fact that IT managers and security personnel should prepare for consumer-grade mobile VoIP products.
We aren't engineers and certainly can't comment on the specific security, operational and related issues that are involved. However, we're certain they are significant. As potentially helpful and inexpensive as these services are, two realities are coalescing to make this a potential dangerous situation. One is that inexpensive consumer services almost certainly will not be as secure as locked-down, business-grade applications. The other is that it simply will be impossible to stop employees from using fring, Jajah and other emerging services.
It's a quandary: The services are here (and more are coming), useful, fun ... and potentially dangerous. Hopefully, there are effective ways to secure these services. We're not optimistic, however. Security vendors have spent decades figuring out how to protect devices sitting passively anchored to desks behind firewalls. They have had a lot of trouble, to say the least. The idea that thousands of clients downloaded into smart phones and other mobile devices magically will be immune -- or even particularly resistant -- to the hordes of bad folks out there is difficult to accept.
We've seen many stories and commentaries saying that mobile devices have dodged some pretty big security bullets, but that the odds are sure to catch up with them. Desktop security is improving, leading hackers to seek greener wireless pastures, and the value of information being sent over wireless networks is increasing. It's likely that consumer services, which will be easier pickings than more heavily protected enterprise services, will be attacked early and often.
One frustration for security folks is that they have relatively little control over what happens. The increasing use of consumer-oriented products and services by employees is a serious challenge that will grow. Employee education and strong policies are important but, in the final analysis, will only go so far to protect the company.