Smartphone Anti-Theft Database: What's Enterprise Impact? - InformationWeek
10:30 AM
Connect Directly
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Smartphone Anti-Theft Database: What's Enterprise Impact?

Major U.S. phone carriers hope their new database will deter thieves. But experts say the plan won't soothe many enterprise data security concerns.

When it comes to data theft in the BYOD age, malware is a concern but the most prominent threats involve lost or stolen devices. To discourage would-be thieves, major U.S. phone carriers -- notably T-Mobile, AT&T, Sprint and Verizon -- have activated a database to track missing mobile phones and block them from being used.

The proactive step will likely benefit consumers, many of whom neglect security precautions. It's unlikely the new initiative will decrease the need for data-protection tools within the enterprise, however.

Intentions to build the database were announced in April by the FCC. Now that the program is operational, an owner whose mobile phone goes missing can contact his or her carrier, who will add the device to the database and prevent it from being re-appropriated by illicit parties. In the past, taking control of a stolen phone could be as simple as inserting a new SIM card. The carriers' program, however, identifies handsets via International Mobile Equipment Identity (IMEI) numbers, which are device-specific.

[ How does mobile biometrics play into the future of identity and access management? Read more at Mobile Biometrics: Your Device Defines You. ]

Many experts agree that the program is well-intentioned but that its potential impacts should not be overstated.

In an email, IDC analyst Stacy Crook wrote, "[I]t's great that the carriers came together to work on this for the good of the consumer." She countered, however, that though the effort could be helpful to IT, she doubts it "magically solves all of their problems." She pointed out that enterprises still face data loss concerns related to sensitive content being stored in public cloud services, suggesting that even if the IMEI database is successful in deterring thieves, IT security initiatives are unlikely to change. As for the database's potential effectiveness, she said, "Criminals are nothing if not creative."

451 Research analyst Chris Morales expressed similar views in an email, writing that IMEI-based blocking probably won't have any relevance to the enterprise. He pointed out that even if a phone's cellular service is turned off, a thief could always hook a device over the Wi-Fi anyway.

In an interview, Tim Williams, director of product management for Absolute Software, said the database probably won't impede smash-and-grab thefts or other crimes of opportunity; rather, it might simply decrease the resale value of stolen devices. He said that smarter thieves who are interested in data, rather than the hardware itself, might realize that they have a limited window before a given device will be wiped or deactivated. Existing security tools, though, have already established this constraint. The database, he remarked, has nothing to do with protecting data.

Speaking of those data-focused bandits, it might seem plausible that the database could increase their numbers; that is, thieves who profit from illicit phone sales could shift to data theft if they perceive their revenue stream is drying up. Williams said this is doubtful, remarking, "It would require more industry and victim-specific knowledge than you'd expect [most criminals] to have." He said it's possible stolen data might be ransomed rather than sold but added that thieves would be exposing themselves to pretty clear risks.

Williams speculated that the database could actually be detrimental if it lulls consumers into a false sense of security. "It's obviously still a high priority for enterprises to manage encryption and passwords," he asserted.

The carriers' approach is new to the U.S. but not particularly novel on the international scene. A similar program has been active in the UK since 2007, for example, and its effects have been mixed.

Time to patch your security policy to address people bringing their own mobile devices to work. Also in the new Holes In BYOD issue of Dark Reading: Metasploit creator HD Moore has five practical security tips for business travelers. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/6/2012 | 3:05:53 PM
re: Smartphone Anti-Theft Database: What's Enterprise Impact?
In full disclosure, I work for a company called Protect Your Bubble. New to the US earlier this year, Protect Your Bubble is one of the top insurers of mobile devices worldwide.

As the holidays draw near, folks can expect that their gadgets will be a prime target for thieves. Before investing in an expensive smartphone device, consumers should consider tablet insurance. Not only to protect against damage, but also against loss and theft which are major reasons to protect your device. For Protect Your Bubble, Loss and Theft made up 75% of all of our claims. Better safe than sorry.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll