Moving target

31 Dec 2008

The issue of mobile security is becoming ever more prevalent in the workplace today as more and more employees use mobile devices to access corporate information and communicate with colleagues and customers remotely. Due to this, mobile security threats such as data leakage from lost devices and attacks from messaging-borne malware are becoming more apparent.

Although the mobile phone is not a new arena for corporate security threats, it is still hugely overshadowed by the more traditional PC-based threats. However, with record numbers of spam hitting employees’ mobiles on an hourly basis, it’s time to shift some of the focus in security from the online world to the realm of mobile communication. Indeed, McAfee’s Mobile Security Report 2008 identified that some 72pc of mobile users were concerned about the security of mobile services.

Decipher Inc has also investigated this area and recently published the results of an interesting survey, where 70pc of respondents said they access what they consider to be ‘sensitive data’ on their smart phone in order to work outside the office. Some 85pc of respondents also said that enterprises should deploy protection on any mobile device accessing data or systems.

This survey showed just how much company-sensitive data is accessible via company mobile devices. Although it’s encouraging to see businesses arm their employees with the tools to make the best use of their time away from the office, they also need to be careful that in doing so they also fulfil their duty of care to protect their employees, along with their internal and customer data.

So what is the answer? Many people assume that the PC security model of software downloads and firewalls provides the best solution. However, handset-based solutions are limited as they only protect a very small percentage of mobile users. Also, with mobile devices constantly being upgraded and replaced with higher specification devices, security software that is added is often quickly outdated. Banning smart phones from work isn’t a viable option either as employees will continue to use whatever communications device they have to make their lives easier, regardless of the security risk it poses to their employer.

The real answer lies with the mobile operators providing appropriate and tailored solutions that ensure an enterprise’s high-risk data is secure.

Mobile operators have mobile security solutions which are deployed on a network level and are both controllable and easily upgraded. Many network operators currently police potential fraudsters on a voluntary basis, but as messaging services continue to grow and become more complex, networks need a comprehensive range of features such as anti-spam and virus- filtering software, equipment identity register

(EIR) systems and blacklisting, anti-spoofing and anti-flooding technology.

Using a variety of mobile security technologies, including anti-spam and anti-spoof, as well as next-generation gateways, operators can detect abnormal patterns in messaging traffic, confirm legitimate senders, filter content and block suspicious messages. Filtering content also helps the fight against the spread of viruses and trojans. Blacklisting permits users to block certain phone numbers and incoming messages coming from these phones, while EIR systems have proved to be a very useful tool in handset fraud prevention.

Operators can also provide subscribers with the means to enforce corporate usage policies (ensuring mobile data compliance to existing LAN acceptable use policies) and extend this capability from internet access to embrace messaging and safeguard users from spam, phishing and virus attacks, while also protecting their own network.

By providing corporate organisations with a combination of virus filters, subscriber controls and individual profiles, operators can help equip enterprises with the tools they need to protect their data and reputation.

By Brenda Suarez, director of corporate communications, Airwide Solutions