Interop: Mobile Security Is Weak Link - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Devices

Interop: Mobile Security Is Weak Link

Despite their growing prevalence in the enterprise, smartphones are the poor cousin when it comes to data protection—and that has to change.

While most enterprises have well defined policies for securing laptops and PCs, many still treat mobile devices as an afterthought even though the latter are increasingly likely to be in widespread use and contain valuable corporate data.

"The smartphone is the new computer--we're seeing that on steroids now," said InformationWeek.com editor-in-chief Alex Wolfe, who moderated an Interop Las Vegas panel Wednesday called Mobile Security: New Challenges—Practical Solutions.

"But security is the elephant in the room," said Wolfe.

And it's likely to be a growing problem for businesses. Gartner predicts smartphones will surpass PCs and laptops as users' primary computing devices by 2013, when more than 600 million units will be in use.

"The smartphone puts the same data you have on a laptop out into the field," said panelist David Perry, Global Director of Education at Trend Micro. Perry said 100,000 new pieces of malware make their way into the wild every day. The risk is such that "I don't have any important data with me ever," said Perry.

For CIOs and other tech officials, ensuring mobile security is more challenging than locking down PCs due to the number of platforms on the market—combined with the fact that employees tend to use their personal devices for work-related tasks.

"There's a consumerization effect occurring," said panelist Khoi Nguyen, group product manager for Symantec's Mobile Security Group.

Indeed, major platform providers like Google, Microsoft, RIM, and Symbian all have their own methods of implementing security standards and features. And if HP can restore Palm's status as a significant player in themarket through its proposed, $1.2 billion buyout, IT managers' multi-platform inspired headaches could get worse, said Khoi.

Still, there's an upside to the diversity—at least for now. "The main advantage for mobile (from a security standpoint) is that no one OS is dominant," said Perry. As a result, hackers get more bang for the buck targeting the homogenous PC market, where 90% of computers run Windows.

But with mobile devices becoming ubiquitous in the workforce, many believe it's only a matter of time before they become the primary target for malware, phishing schemes, and social engineering attacks. That means enterprises need to start developing comprehensive mobile security practices and policies now.

Panelist Jay Barbour, an advisor at RIM's Blackberry Security Group, said there are a number of steps IT departments can take to enhance mobile security. One major point of vulnerability is user-downloaded apps that trick individuals into giving away sensitive information.

"All you need is a bit of social engineering and the data is gone," said Barbour.

Downloads can also contain exploits that target corporate networks. To counter that, enterprises should "sandbox" non-business apps so they can only get to the Web and not to the network, he said.

Other steps enterprises can take to thwart mobile attacks include employing hardware-based code verification to prevent OS compromises, tamper resistant hardware, and denying full admin privileges to end users.

"Users are always going to make critical mistakes," said Barbour.

Finally, enterprises need to fully educate employees on the consequences of data loss—both to the organization and to their careers—and the fact that it's their responsibility to maintain physical control over their smartphones.

"The biggest risk is still the lost device," said panelist Ryan Naraine, senior security evangelist at Kaspersky Lab. "And that becomes the CIOs problem."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll