Securing the handset is becoming critical as it becomes the key tool for the mobile workforce. With the growth of employee-liable devices – the consumerisation of the enterprise – the IT department has less day-to-day control.
With more left to the understanding of the end user, a comprehensive, well-understood and practical mobile security strategy is as fundamental to the corporation as issuing badges to all employees.
A complete understanding of this strategy includes four areas that might look familiar to those who worked to secure laptops back when they were first issued to the general population: securing the OS and its embedded applications; preventing external attacks, including hacking; social engineering, including phishing; securing user data.
All told, the various mobile-centric security technologies are expected to more than double, from a €1 billion opportunity in 2009 to €2 billion in 2013, according to recent IDC analysis.
The financial impact on the operator of being able to offer management of the infrastructure for delivering these services, or even offering capabilities directly as SaaS, is probably an order of magnitude greater. And, the potential positive financial impact on the end-user is greater still.
Mobile platform providers regularly issue security updates. In enterprise settings, these updates are mandated by corporate IT, but until recently it has been the user’s responsibility to make sure that their OS is up-to-date.
In the past this would involve procuring a PC, installing one or more pieces of software and connecting the mobile device to the PC with a special, often proprietary, cable.
This, however, is changing. Firmware-over-the-Air (FOTA) is increasingly used to deliver updates to entire fleets of devices, ensuring that vulnerabilities are patched and the subscribers have the best possible experiences.
It is not just network operators doing this either – some device makers also provide OTA update services –saving the end-user time and hassle.
Antivirus and firewall applications go a long way toward preventing many common exploits, which often operate in known ways, making it possible to counter their actions.
However, in order for protection to be useful, it is vital there is a mechanism in place for updating and otherwise controlling security related applications on the device.
Although attacks against smartphone OSs are not yet commonplace, they are growing in number. With smartphone growth and the rise of open source platforms, we are reaching a critical mass where phone exploits are becoming appealing to hackers.
Full article in Mobile News issue 446 (August 24, 2009).
To subscribe to Mobile News click here
David Ginsburg is vice president of product management for InnoPath Software, a mobile network technology vendor. He is the author of several books on internet working and is a former chair of the Broadband Content Delivery Forum. He discusses how security of mobile devices is becoming crucial