As a busy person, the importance of staying a step ahead of your clients and your family. You probably know the feeling of being tied to your desk or home so as not to miss that important email or phone call and to maintain convenient access to essential data—proposals, schedules, contact information, business news or the stock market. However, thousands have newfound freedom using PDA-style smartphones designed for business (and fun). These cellular devices trace their roots back to the personal digital assistant or PDA. Originally used as businessperson’s right hand to track important client information, project statuses, and task lists, these devices have evolved into an everyman’s (and woman’s) tool.
These cellular devices are much more than just cell phones; they provide instant access to the web. Whether you’re researching news to predict the stock market or looking for the perfect golf course on the weekend, you’ll find it on the net.
Many of these devices allow you to sync with your desktop computer. This means you can store, view, and work on documents directly on your handheld. You can also receive and respond to emails as they arrive in your inbox on your home computer with real-time push email.
These produces can also serve as multimedia devices, so your entertainment goes with you. They can store and display pictures and videos of friends and family and even entire feature-length movies. Most can take pictures and capture video, but the most common multimedia function is the ability to play MP3s—sit back, relax, and enjoy your favorite tunes while traveling or during breaks.
Another perk of using one of these devices is the fairly recent development of third-party applications (or apps). These apps range from those geared toward hardworking business tasks to entertaining games and everything in between. With thousands of apps available to download in a range of prices, there’s sure to be something that will appeal.
An almost perfect storm of advancing materials science, chip set development, software innovation and social networking has fueled the progress in handset design and capability beyond that which could be imagined only a couple of decades ago. Having such tremendous computing power, alongside user’s private data and contacts makes a tempting target for criminals. It could be argued that the security industry has been slow in recognizing the threat to such devices so only now are we seeing products and services designed to improve smartphone security.
Very few businesses want their data to be less mobile, aside from those that have just gone through a major data loss incident and are hurriedly trying to bolt the doors after the data has gone. In fact many businesses seem to pride themselves on the mobility of their data, on the basis that their employees will be accessing work related data at all times of the day or night and will therefore be more productive. Whether employees are actually more productive is another discussion, but certainly the drive to mobilize data has resulted in the endpoint of most organization’s network being in the handbag or pocket of their employees.
One exciting part of data mobilization is the tidal wave of smartphones being used by businesses to access their data. But what are the particular security issues and opportunities that these smartphones present?
Of course data is more mobile than ever before. Few people pause to consider why we should automatically assume that all data should be made mobile. Very few computer security types are successful in stopping this demand, certainly outside a handful of top secret establishments. One of the first questions many a new employee will ask is how they can connect their smartphone to the data they use. After all the success of web sites such as salesforce.com is based on the fact that, like all cloud computing solutions, the data can be made available from anywhere. A young in age workforce knows nothing other than mobile computing.
Most businesses accept mobile computing and, during this inevitable embrace, need to decide how to best protect their data. After all, the smartphone is where it is happening.
Try to go into a phone shop and buy a phone that doesn’t, at least, have some “smart” features and you will have a problem. Some organizations that try and equip their workforce with phones that don’t have a camera for security reasons have a problem. Some manufacturers have woken up to this and are now producing basic phones, especially for the older generation that may need improved handset accessibility. Consider that the biggest growing group of Facebook users are the 35 year old plus, all of who will want to access their accounts long into the future. Even if the Facebook site isn’t around a successor will be as social networking appears to be deeply entrenched into so many people’s lives.
Smartphone hardware marches on relentlessly. Handsets are certainly getting more powerful, for example in 2010 LG announced the Optimus 2X with a dual core 1GHz processor. Research has shown that 2011 is the year when smartphone shipments will overtake PC shipments, and both PCs and smartphones lay neck and neck at around 400 million units each, per year. The amazing growth in these fantastically powerful devices presents us as security experts with a significant challenge.
On top of all their other concerns most CISOs are now having to worry about a number of smartphone security issues:
* Are my smartphones going to be infected with malware?
* Is my smartphone based data secure?
* Will my mobile voice traffic be secure?
* Can my smartphones be remotely managed?
There is no longer a discussion about whether these devices should be allowed, now the conversation is how they can be accommodated safely and securely. Ultimately the CISO is worried about risk to the business, and in particular how this new smartphone risk can be managed whilst at the same time the business productivity of users improved.
Cast one’s mind forward 20 years and it boggles at the depth and breadth of attacks our mobile phones will be subject to. In the meantime anyone that conducts sensitive business using a mobile phone should seriously consider implementing preventative measures sooner rather than later. As more and more people use their mobile phones to run their entire lives, attackers will focus their efforts on getting the information they need from these devices. In many respects attitudes towards mobile phone data security reflect those held 20 years ago towards the humble personal computer. Back then attacks were minimal, anti-malware was yet to become established and hacking was in its infancy. Now we are in a maelstrom of attacks against the PC using sophistication and scale we previously thought impossible. The smartphone is next on the list.
References:
Nigel Stanley, Practice Leader Security, Bloor is speaking on “Can You Turn Mobile Devices To Your Advantage Or Are They The Next Big Security Hole?” in the keynote programme at Infosecurity Europe 2011.
No comments:
Post a Comment