Mobile endpoint security: What enterprise infosec pros must know now
A comprehensive collection of articles, videos and more, hand-picked by our editors
IT pros looking to move away from BlackBerry in their next mobile device refresh now have a number of secure mobile device alternatives to choose from.
One company that has made strides in providing mobile device security for enterprises is Samsung.
Enterprises must maintain and have control over security.
principal, Farpoint Group
Samsung's mobile security software KNOX, combined with Lookout Inc.'s mobile antivirus software, protect Android-based phones, the most widely used mobile operating system and biggest target of malware attacks, according to reports.
In 2012, 79% of malware threats to mobile operating systems have occurred on Android devices, according to a release by the Department of Homeland Security and the FBI.
Samsung hopes to reverse that trend with KNOX, which is due sometime this fall. The software separates the business side from the personal side of devices for companies that support a bring-your-own-device policy.
Securing Android devices
In addition to the security KNOX's dual persona provides, Lookout provides real-time, cloud-based security threat scanning for email attachments, Web traffic filtering and file-sharing services. It also helps to prevent data leakage, according to Nick Rea, vice president of technical solutions for Samsung Mobile in Dallas.
"Lookout secures the whole device," said Chris Hazelton, research director of mobile and wireless at 451 Research, an IT research company based in Framingham, Mass. "Any time a user installs an app, it's scanned to Lookout's database to make sure it does what it's supposed to do."
Lookout's findings give IT an idea what threats and policies they should put out and which applications to blacklist, Hazelton said.
When interacting with KNOX, the only difference end users will see is a container, Rea said.
"Home-screen and navigation flow has the same look and feel. Users can switch over from work and personal [screens] with no noticeable changes, and they don't have to learn how to use this application either," he said.
End users also don't have to worry about IT wiping or looking into personal data.
Apple iOS security, manageability
Enterprises that choose to deploy Apple's iPhone might be intrigued by its security and stability compared with the Android's. The recently released iOS 7 features tools that help IT in securing the iPhone to make sure company data stays safe.
"There are two things that companies look for. One is secure management for devices, especially those bringing phones from home and are storing company info on it," said Michael Oh, president of Tech Superpowers, an Apple support firm based in Boston. "The other is, is the phone hackable and data accessible? Will IT admin be concerned about it?"
Apple has been building in management features for a long time, and iOS 7 is an example of this.
"IT admin can lock the phone down," Oh said. "Admins can also say whether you can have access to certain things like iCloud."
Outside of Microsoft, Apple is pretty much the only manufacturer that has complete control over the hardware and software, Oh added.
With the tight scrutiny Apple has over apps, threats of malware and hacking aren't as prevalent.
"It does seem that what they're doing is more successful than Android in weeding out malware off people's phones," Oh said. "What Apple says, goes. It has caused friction with app developers, but it has paid off and made the iPhone and iPad more secure."
There are new security features in the latest iPhones as well, such as the Touch ID fingerprint scanner on the iPhone 5s. The idea of it might intrigue enterprises, especially for accessing company apps.
"In the future, [mobile device management] might try and take advantage of this," said Chris Silva, principal analyst at High Rock Strategy LLC in Melrose, Mass. "One day I'd like to use the thumb swipe to access email."
The security value of that type of technology can't be understated.
"At the end of the day, just knowing the device is protected will give enterprises a peace of mind, and that means a lot," Oh said.
Securing Microsoft Windows phones
While the mobile market is dominated by Apple and Android devices, Microsoft Windows 8 phones shouldn't be excluded. Microsoft's phones offer security features that help IT.
"There are Microsoft tools to secure data and information where IT can manage the device and do partial wipes and manage secure apps," Hazelton said.
Windows 8 phones also limits access to the file system to protect personal information, sandboxes apps to protect against malware, encrypts all communication using Secure Sockets Layer and provides device encryption of the internal storage of the phone, according to a Microsoft spokesperson. Device encryption must be enabled by an IT professional using the Exchange server or a mobile device management (MDM) system such as Windows Intune.
In addition, all of the Microsoft apps are reviewed by Microsoft before hitting the Windows Store, Hazelton said.
"With Microsoft, you can only download apps from their stores," he said. "When apps are submitted, they're inspected for malware."
But what all three mobile vendors are interested in is making sure their phones are safe for the consumer, Hazelton said.
What's safe for consumer isn't necessarily safe for enterprises, though. IT pros can enhance mobile device security by using enterprise app stores where IT can deliver sanctioned apps that employees can download from any device, Hazelton said. Those private app stores are often part of an MDM offering.
Looking ahead, mobile security is increasingly important, but it's up to the enterprise to take responsibility, said Craig Mathias, principal at Farpoint Group, an advisory firm specializing in wireless and mobile technologies that is based in Ashland, Mass.
"Enterprises must maintain and have control over security," Mathias said. "You can outsource [security], but you have to take responsibility."