Earlier this week, I blogged about the increasing need for mobile security policies. The bookend concern-and one that is highly interrelated-is smartphone security.
Smartphone Security Gaps
Employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.
Smartphone security is, of course, a topic that is getting increasing mind share as devices proliferate, the data floating around gets more valuable and the doors left open to the phones lead to more sensitive places. One anecdotal sign that people are working security into their policy decisions is that Lookout, a company that provides cloud-based backup security services to smartphones, recently raised $11 million and, more importantly, reached 2 million registered users after only about eight months of operation and two months after passing the 1 million user mark.
This week, Cisco said that its AnyConnect Security Mobility for iOS 4.1 now is at the App Store. The story at Enterprise Mobility Today says that the product can create connections with higher levels of security and enables administrators to control access on a user-by-user or group basis. Access can be limited quickly using the software, the story says, and connections to corporate virtual private networks (VPNs) can be maintained even as users switch between network types.
Not all smartphone security suites are created equal. PC Magazine reports on a study by Austraian firm AV-Comparatives, which tested four security offerings: ESET Mobility Security, F-Secure Mobile Security, Kaspersky Mobile Security and Trend Micro Mobile Security. The story does an adequate job of pointing out the differences between the products, and those differences seem to be significant. One example: The only software of the group that protects the iPhone is a limited-feature version of the Trend Micro product called SmartSurfing for the iPhone.
The fact that the security packages are different is matched by the fact that the malware also differs. Daily Tech says the Kerspersky reports that the Trojan-SMS.AndroidOS.FakePlayer.b that came to light earlier this month - and that was probably written by the same person or group that created a similar Trojan released a month earlier-only goes after Android. Folks downloading it on that platform could end up losing money, while others get what they are after (pornography) without incident. Other Trojans are appearing as well.
As the smartphone segment matures, two things are apparent: People are recognizing the importance of security, and the tools available are not yet near commoditization.