Mobile // Mobile Devices
News
4/28/2010
08:18 PM
Connect Directly
RSS
E-Mail
50%
50%

Interop: Mobile Security Is Weak Link

Despite their growing prevalence in the enterprise, smartphones are the poor cousin when it comes to data protection—and that has to change.

While most enterprises have well defined policies for securing laptops and PCs, many still treat mobile devices as an afterthought even though the latter are increasingly likely to be in widespread use and contain valuable corporate data.

"The smartphone is the new computer--we're seeing that on steroids now," said InformationWeek.com editor-in-chief Alex Wolfe, who moderated an Interop Las Vegas panel Wednesday called Mobile Security: New Challenges—Practical Solutions.

"But security is the elephant in the room," said Wolfe.

And it's likely to be a growing problem for businesses. Gartner predicts smartphones will surpass PCs and laptops as users' primary computing devices by 2013, when more than 600 million units will be in use.

"The smartphone puts the same data you have on a laptop out into the field," said panelist David Perry, Global Director of Education at Trend Micro. Perry said 100,000 new pieces of malware make their way into the wild every day. The risk is such that "I don't have any important data with me ever," said Perry.

For CIOs and other tech officials, ensuring mobile security is more challenging than locking down PCs due to the number of platforms on the market—combined with the fact that employees tend to use their personal devices for work-related tasks.

"There's a consumerization effect occurring," said panelist Khoi Nguyen, group product manager for Symantec's Mobile Security Group.

Indeed, major platform providers like Google, Microsoft, RIM, and Symbian all have their own methods of implementing security standards and features. And if HP can restore Palm's status as a significant player in themarket through its proposed, $1.2 billion buyout, IT managers' multi-platform inspired headaches could get worse, said Khoi.

Still, there's an upside to the diversity—at least for now. "The main advantage for mobile (from a security standpoint) is that no one OS is dominant," said Perry. As a result, hackers get more bang for the buck targeting the homogenous PC market, where 90% of computers run Windows.

But with mobile devices becoming ubiquitous in the workforce, many believe it's only a matter of time before they become the primary target for malware, phishing schemes, and social engineering attacks. That means enterprises need to start developing comprehensive mobile security practices and policies now.

Panelist Jay Barbour, an advisor at RIM's Blackberry Security Group, said there are a number of steps IT departments can take to enhance mobile security. One major point of vulnerability is user-downloaded apps that trick individuals into giving away sensitive information.

"All you need is a bit of social engineering and the data is gone," said Barbour.

Downloads can also contain exploits that target corporate networks. To counter that, enterprises should "sandbox" non-business apps so they can only get to the Web and not to the network, he said.

Other steps enterprises can take to thwart mobile attacks include employing hardware-based code verification to prevent OS compromises, tamper resistant hardware, and denying full admin privileges to end users.

"Users are always going to make critical mistakes," said Barbour.

Finally, enterprises need to fully educate employees on the consequences of data loss—both to the organization and to their careers—and the fact that it's their responsibility to maintain physical control over their smartphones.

"The biggest risk is still the lost device," said panelist Ryan Naraine, senior security evangelist at Kaspersky Lab. "And that becomes the CIOs problem."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.