Tuesday, 22 November 2011

Smartphones in the enterprise: A false sense of security

Security has been about evolution. First came the PC, big and clunky it taught us about the importance of keeping the good guys in and the bad guys out. Then came the era of laptops and, well, losing them which showed – at the expense of some very red faces - the importance of ensuring secure remote access. And now comes the new generation; the smartphone. Surely by now we’ve learnt our lessons from the past and are well prepared for the next iteration of security challenges that the move to mobility will bring with it?

Well, not quite. In many ways, it feels like Groundhog Day, with the same mistakes being played out. The 2011 Get Safe Online campaign kicked off with a warning aimed at educating consumers about the security scams out there targeting their smartphone. But with more and more smartphones being deployed in the corporate environment, arguably it is businesses that have the most to lose.

Smartphones have become the bedrock of any remote access strategy. Easy to use and intuitive they enable staff to access email, download and work on attachments as well as access corporate weband cloud-based applications such as Salesforcewhilst on the move. But it is this very ease of use that lulls people into a false sense of security. Would you like it to remember your password for next time? Yes please. Would you like to enable automatic log on? Yes please. All these quirks designed to make our lives easier, only hasten the speed with which a hacker - or even someone that has found your lost device - can get into sensitive files or the corporate network and do damage.

For example, most mobile devices from tablet PCs to smartphones are set up to automatically search for and log onto the nearest WiFi hotspot. And who says no to free WiFi? But with some cheap equipment from a high street electrical store a hacker can set up a ‘fake’ WiFi spot and snaffle all the passwords they need to break into the corporate network using someone else’s identity in a matter of seconds. And as the lines between personal and professional use of smartphones start to blur, it is becoming even harder to mitigate the risks.

Most IT departments and security chiefs know that if their company rolls out iPhones, staff will download applications from the App Store. Until last week they were probably quite relaxed about this as Apple has a ‘quality control’ process in place before apps can be sold and downloaded. But the discovery of a rogue app has shown that Apple’s processes are foolproof. What looked like a harmless appwas actually designed to unleash chaos. And what of Android? Predicted by Ovum to gobble up a 25 per cent share of the enterprise market in next five years. Yet its Market Place has no rules or any way of governing what applications are uploaded onto its Market Place and made available to an unsuspecting public.

These are just two examples of how thecommercially valuable information sitting on smartphones is vulnerable to attack from different angles. Like it or not, if your organisation has smartphones you’ve also got some serious security blind spots. It’s hard to think that one small device could have big security consequences, but it does.In many ways it is like embarking on security education all over again. The trend towards bring your own device (BYOD) is further muddying the water, but businesses should make no mistake - it is their responsibility to secure their data.

Right now, companies can’t validate if people accessing the network are who they say they are. Instead they rely on static passwords to authenticate the person rather than one time use passwords which are unique and can’t be stolen. Traditional approaches to passwords are the weakest link in any security policy; companies shouldn’t continue to make the same mistake in the mobile world.


Mobile Recharge said...

International Topup

Payless2Call allows you, the customers in USA & Canada, to add minutes to mobile phones around the world in real-time. The only thing you need to know is the international phone number you are adding balance to. Preset Dollar amount can be sent with very low fee.
Simple Mobile Sim

Copyright 2009 Jason Hart. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan