Widespread adoption of smartphone technology in the enterprise – from iPhone and Android to BlackBerry and Windows Mobile – will soon make security issues in the wireless environment equal to those in the wired world.
As employees begin to use smartphones to access more than just email, cyber criminals will respond with innovative ways to exploit the shift and expand security threats – making smartphones a key business enabler and a critical business risk.
In this series of posts, I’ll discuss emerging threats to the mobile environment, their potential impacts and what I believe is a revolutionary new architecture to help protect the mobile perimeter and mitigate enterprise risk. In this first post, I focus on what’s at risk and steps to secure the mobile enterprise.
Reducing Risk in the Mobile Environment
Much like traditional network security threats, attacks that originate in the mobile environment can be lethal. But it goes beyond stolen or corrupted data, service disruptions and regulatory issues. Companies must be concerned with mobile security risks that threaten the confidence of their customers and shareholders. In this regard, there are three areas where I believe a security breach would be of the utmost concern. Below I’ve provided a list of these three areas and given descriptions of how they might be compromised by a security breach:
Intellectual property
- The ease with which hackers might access or manipulate competitive data
- The increased possibility of internal and external leaks of proprietary information
Corporate governance
- The possibility that a smartphone security breach might lead to scandal (Such as the interception of highly sensitive corporate data or the capture of inappropriate emails, texts or photos that reside on the smartphone of an executive)
- A security breach that results in, or uncovers, a lapse in regulatory compliance
- A security breach that diminishes stakeholder trust in an organization
Brand protection
- Security breaches often garner an organization and its brand unwanted and negative publicity
- Breaches can also lead to costly litigation
- Security breaches almost always result in an overall loss of customer confidence in the organization
As smartphone adoption increases in the enterprise, technologists and researchers expect criminals to step-up their efforts with new delivery mechanisms for attacks, ushering in a new phase of mobile security risks. While they may be in their infancy today, the volume, severity and sophistication of such threats should earn them a prominent place on every enterprise’s security agenda.
Evolving the Enterprise for Consumer Driven Mobile Perimeters
Smartphones put enterprise security into the hands of users—literally. While smartphones allow employees to focus on personal productivity, a smartphone’s inherent security risks means that employees who use them must also focus on protecting the company. All an employee has to do is use his or her smartphone to open an infected email or download an infected application and unknowingly make the enterprise vulnerable to spam, bots, worms and other threats.
It’s enough to make IT organizations think twice about deploying new mobile technologies that could benefit the business. Yet, the pressure is on to deliver broader access to applications and emerging application services, such as social networks, application stores and web-enabled content. The challenge for IT will be extending the enterprise perimeter to expand mobile services, while minimizing exposure to added risks.
In response, companies must boost existing security features on smartphone devices to help ward off attacks. But the answer isn’t just security features at the endpoint. As employees begin to use their smartphones to access enterprise applications, as well as content and applications stored in the cloud or other virtual environments, deploying security measures at the device level may not be enough.
To more safely bring smartphones into the enterprise fold, evolved security architectures must move the focus from device-only to the network in order to provide end-to-end protection of the new mobile perimeter.
Securing the Mobile Enterprise (continued)… Mobility Threats
In the next entry, I’ll focus on understanding the new enterprise mobility risks and the primary threat vectors keeping researchers up at night: