The mobile market has presented many products that lock down, control, report and monitor business mobile phone fleets. BlackBerry was the original pioneer with its BlackBerry Enterprise Server, which locked down and controlled the handset. Professional Services Consultant, James Allen from Intercity, spoke to Comms Business about how the mobile security landscape has now changed.
As technology has improved and handsets have become more feature rich, the market has changed and as a result users want devices that not only receive email, but can access a wide range of consumer services that are available to them. Business and personal factors play a part in this, but in a world of increased mobility the user experience is key to businesses.
Many large Enterprises with big budgets and sufficient resources have explored mobile security risks and as a result have invested in Mobile Device Management (MDM) products that bring the BlackBerry type control back on iPhones and other smartphones. Mobile Iron, Airwatch and Xen are all popular products being used for MDM, but in truth, only known to larger organisations.
My observation is that most businesses don’t understand the true potential of mobile security and quite frankly, can’t see what all the fuss is about. It’s easy to enforce a password on handsets and remote wipe via an email system, so to an extent I understand why they would struggle to understand that paying extra costs to restrict services would be beneficial to them.
So what are the threats to users and businesses?
The danger of Apps – Do end users really understand what these Apps are doing behind the scenes and what access they have to personal data? Apps can gain access to company data and leak this sensitive information to the outside world. Many Apps have been seen to transmit passwords, email addresses and payment information including locations. Gartner predicts that 75% of all mobile security breaches will be the result of mobile app misconfiguration or misuse.
The danger of malware – A common word in the laptop/PC threat world and is now taking hold in the smartphone arena. Mobile malware is malicious software designed to steal personal information stored on a device through silently watching what is happening on the handset and in some cases even gaining control of the handset. Information is stolen, which can lead to phishing and fraudulent activity including identity theft and banking fraud.
The danger of Jailbreaking or Rooting – Users have to go to extreme lengths to do this, right? Wrong! Clever cyber criminals can now jailbreak handsets without your knowledge. Jailbreaking removes the security limitations imposed by the handset OS vendor and permits root access to the OS file system.
Organisations that want to secure these threats have two options, either restrict handsets or lock them down completely via an MDM service, which in my opinion limits the user from experiencing the full functionality of the technologies on the handset. The other option is to look at measuring and reporting the threats through Mobile Data Optimisation (MDO).
The way MDO works is that a gateway sits in the path of mobile data in between the device and the internet and scans the data in the network in real-time, actively monitoring the handset for vulnerabilities. This means that threats are dealt with immediately through blocking malicious traffic and providing early warnings of suspicious behaviour. MDO doesn’t blanket all mobile devices with the same security measures, it has the ability to analyse and report on each device individually, providing businesses with the visibility and power over device management.
We ensure PC’s and laptops are secure and safe, but we are yet to ensure the same for the smartphone and tablet. Mobility is moving forward at a very fast pace with handsets now being used for a wide range of services. The risks are there whether the organisation employs COPE or BYOD strategies and actions need to be taken as these threats are only set to increase as the use of the mobile phone evolves.