Yes, we know you're scrambling just to stay ahead of gadget-toting hoards expecting everything from email systems to wireless LANs to "just work," and it's easy to overlook security. That's where we come in.
InformationWeek's new Mobile Security Tech Center is designed to be your one-stop shop for news, analysis and commentary on the nexus of mobile computing and cyber threats. We're not going to be fear mongers, giving already besieged IT pros a dozen more things to worry about. We're here to interpret the news and provide timely, actionable advice. We don't want to just report problems, but give fresh ideas on how to fix them. For example, our report on Reducing Mobile Device Risks to Enterprise Data, free on this page,lays out a four-part framework, from using Microsoft ActiveSync for simple policy management to setting policies that restrict corporate access from phones with high risk factors, like unauthorized apps or out-of-date policies.
There's plenty more to talk about. Smartphone and tablet release cycles are in hyperdrive, and that very terminology breeds a false sense of security. Powering the iPad 2 is a CPU with dual, 1 GHz cores, each with over 4 MB of cache and access to half a gigabyte of RAM. This puts it roughly on par with notebooks of five years ago. Admittedly, these devices (unless jailbroken by tech-savvy users) run more tightly controlled operating environments than the PCs of yesteryear. But they're still eminently programmable, with full network stacks, advanced browsers, and ample internal storage -- often more than that five-year-old PC.
These attributes make mobile devices tasty targets for all stripes of malware and ideal vectors for maliciously novel "mobile aware" apps that can exploit these devices' unique features, like embedded cameras and GPS sensors, to take covert surveillance and identity theft to new levels of intrusiveness. And the risks from mobile gadgets aren't confined to software hacks and network snooping. Because they sport gigabytes of storage, while automatically adding every received email, text message, and phone call to built-in address books, these devices are USB sticks on steroids. Just ask Tiger Woods the damage that can be wrought when a phone ends up in the wrong hands.
While we won't shy away from reporting the latest exploits, most infosec pros have already gotten the memo that mobile devices are the next frontier in computer security. We want this site to be a forum (we welcome reader comments and encourage a dialog) for useful information on building mobile security architectures and policies, extending existing IT security practices to the mobile realm, and augmenting your security portfolio with innovative technology optimized for mobile platforms. Join us on what promises to be an interesting, productive, and perhaps even entertaining journey.