Call it Murphy’s Law’s first cousin: If there’s a technology target that can be hacked, hijacked, corrupted or otherwise compromised, there are countless cyber-criminals who will be only too happy to oblige.
According to various industry estimates, more than 100 million smartphones will be sold during 2008 alone. Add that to other handheld mobile devices sold this year plus the vast number of smartphones and other devices sold in previous years, and you’ve got one gigantic and irresistible target if you happen to be a hacker, spammer, virus developer or other species of cyber-vermin.
If, on the other hand, you happen to be an IT manager charged with protecting your organization from penetration by unauthorized individuals or groups, this explosive growth in the use of mobile devices constitutes a substantial and rapidly growing threat to the security and integrity of your enterprise.
This threat should not come as a surprise. After all, it’s a logical extension of the same ubiquitous activity that has been plaguing the desktop world for years. And it didn’t rear its loathsome head just yesterday.
The first mobile malware was discovered in 2004. What may be a bit surprising, though, is that since that first discovery, more than 400 malware variants, capable of attacking a broad range of devices, have been discovered. And the number continues to grow, as does the sophistication of the various types of malware. Where the early forms of mobile malware were primarily a nuisance, their goal increasingly is distinctly malicious.
The latest mobile malware in the form of viruses, trojan horses, worms and spyware can disable devices, seize control of applications, steal and/or delete data, steal identities, record conversations and messages, send costly messages, and replicate automatically across your network to do even more damage.
Ready or not, to preserve and expand upon the productivity gains and competitive advantages you’ve realized by extending your enterprise to the frontlines of business, you now have to treat this new frontier as the frontline of your enterprise security strategy.
The good news is, there is a solution available to help you do just that with a full range of security features including encryption, port control, messaging encryption, device lockdown and data wipe.
Implementing effective mobile security begins with acquiring the ability to manage the numerous and diverse devices you’ve deployed throughout your enterprise. Management and security are fundamentally intertwined. You cannot secure something you cannot manage.
For efficiency’s sake, you need to implement a mobile management solution that enables you to proactively monitor and manage your organization’s mobile devices (including all Windows Mobile, Symbian and Blackberry devices) remotely from a centralized console.
More specifically, you need to be able to manage any device or group of devices, whether continually or occasionally connected, over any wireless connection. Your management solution should provide a comprehensive range of capabilities including:
- Corporate security policy enforcement
- Configuration management and enforcement
- Password management and enforcement
- Over-the-air data encryption
- Push functionality for automated application and data updates and software patch distribution
- Inventory and asset control
- Device lockdown and wipe
These capabilities are essential and represent a good functional foundation for your frontline security strategy. However, additional capabilities are necessary to provide the protection you need from the continuously evolving and looming threat of mobile malware.
ANTIVIRUS & FIREWALLS
Sean Ryan, a research analyst at IDC, recently said, “Enterprises should consider mobile antivirus and firewall protection for all enterprise supported mobile operating systems as part of a holistic mobility security offering that puts IT in control of all mobile devices and information.”
I agree completely, except to say that enterprises need to do more than consider this additional protection – they need to implement it as quickly as possible.
Furthermore, enterprises should implement this protection in a way that is seamlessly integrated with their existing centralized mobile management and enterprise-wide security solutions. The most effective and reliable way to accomplish this is to select a comprehensive and proven solution from a single, strategic mobile solution vendor. There’s enough complexity in most enterprises already. This is an area in which you can keep things both effective and simple.
In assessing mobile antivirus and firewall offerings, look for the following:
- Antivirus Protection that secures mobile devices by automatically updating virus definitions on the mobile device through push technology and continuously scans for malicious content received via SMS, MMS, Bluetooth, Wi-Fi, infrared or desktop sync both on-demand and on-access. When harmful content is detected, the software should alert the user and offer the option to delete the content or save it.
- Firewall Protection that protects users from current and future threats by providing the ability to block specific IP addresses. It should offer a bi-directional IP-based packet filtering option to protect the mobile device from accessing harmful or questionable content.
The firewall should be configurable to enable administrators to block or accept traffic from a specific IP address or a range of IP addresses, providing control over all data traffic on all devices. For security audit purposes, the firewall should have an activity log that keeps track of any changes to the firewall security level and information about any packets that are filtered.
While we may all wish for it, it should be clear by now that threats to and attacks on our enterprises are not going to stop. As technology evolves and we implement new technologies, there will always be those with malicious intent and sophisticated computing skills who will seek to wreak havoc on our IT systems.
The mobile devices we’ve deployed are increasing productivity, streamlining business processes, improving customer relationships, and enabling us to seize new business opportunities wherever and whenever they present themselves. Unfortunately, they are also creating new opportunities for the purveyors of malice and mischief.
We must recognize this reality and move rapidly to implement comprehensive mobile management and security solutions and continuously enhance them to protect our organizations from harm. In light of this ominous reality, it’s reassuring to know that there is a proven, comprehensive and fully integrated mobile management and security solution that is available today to protect your organization from these new and evolving threats.
Jordan, a 10-year mobile technology professional, is a senior product manager at Sybase iAnywhere where he focuses on mobile security.