There will never be a year in which mobile security is not a major enterprise issue and concern. It comes with the territory. At the same time, however, every year is different. How is 2019 shaping up? Not surprisingly, it is destined to present a characteristically scary array of potential problems.
David Slight, the North America president of Quora Consulting, was purposefully repetitive about what will dominate enterprise mobility during the year ahead. "Security, security, security," he wrote. "This will dominate in 2019. Enterprises will continue to rollout device management and identify management solutions to keep control not just of access to the networks but also control of corporate information. Mobile users will see continued growth in two-factor authentication and VPN access solutions from home offices or when co-working."
Here are some of the key security issues with which the mobilized enterprise will deal during the year ahead:
The Year of WPA-3: An important transition occurred last year concerning the WPA-2 standard that the industry has used for a decade, according to Chris Koeneman, the senior vice president of Strategic Solutions at Tangoe. The standard, he wrote, has been "remarkably successful." All good things must come to an end, however. Vulnerabilities have been found and exploited during the past two years.
Thus, WPA-3 was introduced last year. The year ahead, Koeneman says, will see the standard rolled out into the field. This will require significant work, including an upgrade to the 192-bit encryption in WPA-2. "To use this enhancement, an enterprise will have to update its RADIUS service," Koeneman wrote. "WPA-3 for public networks (open access) will use a completely new encryption format called OWE. OWE prevents snooping and session hijacking. Wi-Fi access points will have to be upgraded to support WPA-3 … This will usher in an era of more secure access for mobile devices connecting to both public and enterprise networks."
Problems in the home not abating — and threaten home office security: In its annual comprehensive look at security, Trend Micro had some interesting things to say about enterprise mobility. A trend next year, the firm predicts, will be that the home will become a more popular attack vector. The firm said this is due to the fact that smart devices and home offices are becoming more popular. These devices are often used for both business and private purposes. This, clearly, is an inherently insecure structure. The mini-drama will continue to be played out during the year ahead.
Gearing up for 5G: A big issue in 2019 will be the rollout of 5G. As with any intensive new technology, security will be a central concern. The rollout of 5G mobile devices, which will be technically challenging and expensive, won't be widely available this year. But the die will be cast, according to Symantec:
Over time, more 5G IoT devices will connect directly to the 5G network rather than via a Wi-Fi router. This trend will make those devices more vulnerable to direct attack. For home users, it will also make it more difficult to monitor all IoT devices since they bypass a central router. More broadly, the ability to back-up or transmit massive volumes of data easily to cloud-based storage will give attackers rich new targets to breach.
It is likely that 2019 will be a preparatory year for 5G security. Carriers and their ecosystems are advised to use this time wisely.
The IoT is the Internet of Threats: The IoT is comprised of millions – perhaps billions – of endpoints. Each is nominal because costs must be kept down and ways found to power them. This means that there is little on-board security. The problem is exacerbated by the fact that IoT devices are readily available to hackers and crackers.
This means the IoT is a massive security challenge, and one that is growing. Moshe Kranc, the chief technology officer at Ness Digital Engineering, told InformationWeek that the IoT represents a tremendous threat because systems are primitive and vulnerable to attack. His advice is to hire outside penetration firms to help find the weak spots before the "real" bad guys do.
Vendors may not be paying enough attention. "I believe IoT security will continue to present challenges, though primarily in the raw scope of problem rather than any new types of vulnerabilities," wrote WatchGuard CTO Corey Nachreiner in response to emailed questions from IT Business Edge. "There are just so many IoT devices flooding the market and few vendors take secure design into consideration."
Criminals will think globally, act locally: A pernicious reality is that people – both in their private lives and at work – are careless, sloppy and gullible. This makes the bad actors' jobs easier, since they can work around the people and networks who do care about security.
Expect this to continue in 2019. "So where will the threat come from?" asked Joel Windels, the vice president of Global Marketing at NetMotion. "The chances are it will either be network-related - it’s much easier to compromise a single Wi-Fi connection than it is to bypass iOS security systems - or that it will be another type of compromise altogether: the user. Phishing, for example, is shifting away from email and toward mobile at an alarming pace."
Prepare for mobile credentials: Though it won't play a major role this year, the Security Industry Association (SIA) wrote that businesses should start preparing for the use of mobile devices to provide secure access via Bluetooth and near-field communications (NFC). "While we are likely two to three years out from a true mobile credentialing explosion, the focus of the technology for 2019 will be increased comfort with the public using mobile devices to complete transactions outside of access control," Joe Gittens, SIA's director of standards.
The bottom line is that the year ahead will look a lot like the one that just ended. Things usually don't change dramatically because a new calendar is pinned to the wall. One thing that definitely will remain constant is that the main vulnerability is people. "We are becoming wiser in terms of mobile security, but there is still a long way to go, according to Steve Tcherchian, the CISSP of XYPRO. "Humans and their conveniences are proving still to be the weakest link. As such, security departments are going to need to take more control back to better manage risk for the business."
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.