Mobile Device Security I: Threats Real, Time to Act Now

Today's hot new technologies are wireless, smart and multifunctional.

Mobile devices with the latest features catch our attention all the time. And with manufacturers and carriers fighting to gain market share, consumers and businesses alike are benefiting from the advances, convenience, and functionality of these new gadgets.

A recent survey conducted by Bluefire Security revealed that a majority of mobile device users rely on their smartphones and PDAs for:


  • surfing the web (65 percent),
  • sending corporate and Internet-based e-mail (50 percent),
  • using text and picture messaging (60 percent)
  • & voice communications. (85 percent)
  • You should consider some points before rushing out to buy the latest and greatest PDA or smartphone. Because today’s handhelds perform many of the same functions as a notebook computer, they pose similar vulnerabilities to themselves, to data and to networks. Securing and protecting these devices and ultimately the enterprise is an absolute must.


    Industry Trends

    But first, let's understand what is happening in the mobile industry. Several recent moves in the mobile industry point in one direction, e-mail.

    Microsoft has launched a new version of the Windows Mobile operating system (Windows Mobile 5.0) with BlackBerry-like push e-mail added to the equation, while Palm, Inc. recently announced that the next edition of its very popular Treo smartphone (the Treo 700w, due early next year) will run that very same Windows platform and not the Palm OS. Palm isn't abandoning the Palm platform, its simply (and smartly) expanding its options.

    Motorola has introduced the "Moto Q," an email-centric device modeled after the design of the well-received Motorola RAZR phone, that will be available in early 2006. Cingular Wireless, in conjunction with Hewlett-Packard, has released the new iPAQ hw6500 series Mobile Messenger. And Nokia is getting deeper into the e-mail game with a new series of devices including the Nokia E61, available with no fewer than five e-mail clients on board.

    All of this industry activity means, among other things, that mobile e-mail is the "killer app" and it is here to stay. The e-mail a space looks so good everybody is now gunning for the messaging market position that was once owned almost exclusively by Research In Motion and its Blackberry devices.

    Notwithstanding any challenges RIM faces in its ongoing patent dispute with NTP, there are even bigger challenges from global handset and service providers seeking to take a big piece of the mobile e-mail market that RIM pioneered.

    Providing secure e-mail and network access will be one differentiator other vendors will offer to meet market demands and gain competitive advantage.

    Survey Says
    According to Bluefire's survey, when asked to indicate which items on their devices require security protection, survey respondents selected corporate e-mail access (e.g. Outlook) 89 percent, corporate network access (e.g. database, CRM) 80 percent, and the "my documents" folder (Excel, Word, etc) 61 percent, as the top three.

    Clearly, users want and are getting more sophisticated functions from an appetizing menu of devices and operating systems. But the expansive and seemingly ever-increasing array of device and operating platforms certainly does not make the job of security any easier.

    Along with the progress and increased functionality, there are also threats and bumps in the road. Once users realize they can download files, share pictures, add games, or connect to the web, Pandora's box is open and their devices—indeed, perhaps their corporate networks—are just as open to the outside world and all of the vulnerabilities. Bluefire's recent survey revealed that concern about the integrity of data residing on mobile devices and networks has reached a critical point: some 80 percent of respondents said that their purchase and use of devices would increase if they could guarantee security.

    Where does one begin to understand and address the security of mobile devices, and the networks on which they run? Stay tuned.

    Over the next few months, I will tackle in this space some of the key questions concerning mobile device and network security we encounter in our work for clients, in our discussions with partners, and in our dialogue and surveys of individual users:


  • What are the security implications of the consolidation of operating systems - and the proliferation of mobile devices?
  • What are the most serious threats to the security of my mobile devices and networks?
  • Are there some immediate and cost-effective measures my organization can take to better protect data on mobile devices?
  • How should I handle the issue of employee-owned devices used for work purposes?
  • What are the costs and benefits of managed security service offerings vs. owning and controlling the security software myself?

    There really is no time to wait. The time for action is now. It is my hope that information in this space will help you and your organizations make smart decisions about your smart devices. I look forward to bringing you honest analysis, direct answers, and useful advice, and I welcome your feedback, questions or comments.

  • TAGS:

    Microsoft, wireless, HP, carriers, handhelds