The explosive growth of mobile device use within the enterprise has created numerous management and control challenges for organizations that need to protect information that is accessed and/or stored on these devices. Next-generation mobile devices are as sophisticated as computers, yet the security for these devices is lacking, due to the intrinsic constraints imposed by portability, battery life and economics of connectivity. For example, while in a Wi-Fi or 3G mobile network, a mobile laptop could become infected before its anti-virus software signature is updated.
According to industry analysts, half of the devices connected to corporate networks will be mobile by 2015. Recent years have seen exponential growth in malware, targeting mobile phones specifically. According to a 2011 report, Google had to remove more than 50 malware infested applications on Android devices from its marketplace.
The consumerization of business applications on mobile devices increases the risk of data loss and malicious attacks. Poorly designed applications are also exposing private identity information. In addition, many of these devices belong to employees and enterprise data and applications are not partitioned, thereby exposing content.
In many instances, employees download applications, as opposed to IT provisioning devices. Accessible platforms and applications open the doors to malicious attacks both on and from mobile devices.
For example, the Zeus Botnet uses SMS messages to break into users' bank accounts. The attacker steals both user name and password from the infected phone and uses the information to access the victim's bank account. Another Android mobile operating system attack allowed users' private information to be transferred to a remote site. iPhone and iPads that are jail broken lose 70 percent of the security features.
There are some steps that enterprise organizations can take to address the vulnerabilities associated with mobile computing, including the following:
1. Batton Down the Hatches: Securing Endpoints – Eliminate malicious attacks before they reach mobile devices. Protect all endpoints, including mobile devices, to ensure that network traffic is free of malware, spam and unacceptable URLs. Firewalls and traditional intrusion detection systems (IDSs) provide only limited protection and often introduce network latency. Look into emerging technologies that provide accurate, high-performance threat detection, complete visibility of what is transmitted through the network and the ability to stop the transmission of malware in real-time.
2. Protect Web and Social Media Data – Implement full content scanning and inspection across all protocols. Include protection against third-party services or applications including Web-based services such as Gmail and applications like Facebook and YouTube.
3. Ensure Anywhere, Anytime Security – Employees roaming outside of an enterprise's protection perimeters can have their traffic routed through malware scanners to ensure the safe usage of mobile data and applications. The consistent enforcement of IT security policies and optimization of Web resources provides all employees with safe mobile usage across distributed enterprises while reducing time required for IT departments to spend on management and control issues.
4. Get Real-Time Visibility – There are immense benefits when network traffic can be looked at across all layers including the application layer, enabling visibility into the actual intent of the traffic. If this reconstruction and comprehension can be done in real-time, real-time security policies can then be applied to the traffic. This kind of deep content inspection can provide visibility, comprehension, manageability and real-time action for the information.
Knowing that all of the proper security protections are in place provides organizations with assurance that mission critical data on mobile devices will remain safe, and systems protected against the spread of malware.
Hongwen Zhang is president and CEO of Wedge Networks.