These were the main themes of a panel discussion Wednesday at CTIA Wireless I.T. & Entertainment 2005 entitled "Mobile Security: Meeting IT's Toughest Test." Industry figures explored key areas of weakness in enterprise wireless infrastructure, as well as the threats these pose to sensitive corporate data.
"As the number of mobile devices increases, so do the capacity requirements for the network, and that places greater strain on the security infrastructure," said Kara Hayes, product marketing manager of secure and mobile connectivity for Nokia Enterprise Solutions.
Hayes said that Nokia's new Business Center solution, the result of a partnership with RIM, Good Technology and Vista, addresses the enterprise email security issue by providing a direct encrypted connection with the corporate server for push email.
Next generation mobile handsets are capable of using different types of wireless networks, and they're being powered by a growing number of mobile operating systems. According to Scott Schelle, COO of Bluefire Security, Baltimore, this is stretching enterprise security infrastructure to its limits. "You're asking a system that was designed for one type of user, using one type of network at a time, to suddenly bridge into this multi-threat environment," said Schelle.
Todd Thiemann, director of Device Security Marketing for Trend Micro, agrees. "You might have someone who accesses an insecure Wi-Fi network and downloads a virus that is then spread to the mobile network or enterprise network," he said.
Although mobile viruses have thus far been mostly proof-of-concepts, Thiemann believes that certain types of devices could become attractive to hackers. "Smartphones are particularly susceptible to malware because they're not locked down," he said. The potential for a smartphone to become infected with a virus and start dialing 900 numbers creates a potential customer service nightmare for carriers, he added.
The current level of user authentication on mobile devices is another area of vulnerability for enterprise security. "Although mobile VPN encryption is capable, what is typically being used is simple password authentication, which is easily broken," said Stu Vaeth, Chief Security Officer of Toronto-based Diversinet Corp. Strong authentication could also prevent a malicious user from remotely accessing the corporate network and wreaking havoc, he added.