
MOBILE SECURITY
Mobile devices: Corporate security strategies
Lisa Phifer 02.14.2007
Rating: -5.00- (out of 5)




|
At the Gartner Wireless and Mobile Summit 2007, analysts painted a scary picture for companies grappling with mobile/wireless security. According to John Girard, more than two-thirds of enterprises will experience security failures resulting from mobile users improperly connecting to insecure services or downloading malicious applications. Analyst John Pescatore predicts that mobile malware will become commonplace in 2007, with attacks causing real business interruption by the first half of 2009. Fortunately, most of these exploits will take advantage of vulnerabilities that are identifiable and resolvable. In this tip, we examine business strategies for securing mobile wireless devices.
Cybercrime: Coming to a mobile near you
Wireless PDAs and smartphones have been used for years with few headline-grabbing security breaches. Pescatore argues that unsecured mobile devices have flown under the radar because mobile malware writers have been hampered by platform and operating system diversity. "There have definitely been examples of mobile malware," he said, "but most of it has been ineffective, caused very little real damage, and did not spread." For example, a recent McAfee survey of 200 mobile operators found that 83% had been hit by mobile infections, but just five of those incidents affected more than 100,000 devices.
Malware impact is likely to change, however, as the mobile workforce grows, mobile environments become more consistent, and business system connections expand. "This is the year that enterprises should begin to deploy security processes, architectures and controls to defend against mobile malware," Pescatore recommends. "Mass worms and viruses will not be the real threat .... Mobile malware will be more targeted to particular devices, applications and businesses. Enterprise protection strategies need to be developed with a new approach in mind."
Wireless interfaces used by mobiles represent another vector for attack. John Girard
To continue reading for free, register below or login
To read more you must become a member of SearchMobileComputing.com
');
// -->

believes there have been few wide-area wireless exploits because carriers secure their own networks. "Digital satellite and cellular networks use two-way authentication and strong encryption to discourage attempts to eavesdrop, track communications, or decrypt data and voice streams," he said. In stark contrast, Wi-Fi and Bluetooth exploits have been frequent, caused by unpatched legacy vulnerabilities and end user misconfiguration. "Wi-Fi in smartphones is unfortunately yet another opportunity to repeat [those same] old mistakes."
Turning back the tide
Most companies are all too familiar with fighting Win32 malware and wireless leaks. An effective strategy for protecting business PDAs and smartphones will require a combination of existing best practices and new techniques and tools.
Conclusion
Most PDAs and smartphones used for business today are "bring your own" devices. Many employers could not begin to enumerate the devices touching their network, servers and data, much less take rapid action to stop a major mobile malware outbreak. That first outbreak may be coming soon -- or it may still be years off. Either way, it is simply common sense to start considering strategies for mobile security. Size the problem by inventorying the mobile devices already used by your workforce. Take near-term action to mitigate those existing vulnerabilities in accordance with business risk. Then resist the temptation to deploy mobile applications and devices without building a security strategy into those long-term plans.
About the author: Lisa Phifer is vice president of Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.
 |

|
|
 |
|
 |