The recent survey into corporate mobile security from Decipher shows just how much company-sensitive data is accessible via company mobile devices. Although it is encouraging to see businesses arm their employees with the tools to make the best use of their time away from the office, they also need to be careful that, in doing so, they also fulfil their duty to care and protect their employees along with their internal and customer data, writes Jay Seaton, chief marketing officer at Airwide Solutions.
Experts have long discussed the potential threats to mobile devices, but many people assume the PC security model of software downloads and firewalls is the answer. With the variety of handsets available, this really isn't an effective option. Adding to the complexity is the range of communication methods that can be carried out on a smart phone - email, SMS, MMS, web and Wap access - and along with these come a whole host of mobile security threats, such as mobile spam, viruses and phishing.
Banning smart phones from work is not a viable option either, because employees will continue to use whatever communications device they have to make their lives easier, regardless of the security risk it poses to their employer.
Handset-based solutions are also limited because they protect only 1% of mobile users. Also, with mobile devices constantly being upgraded and replaced with higher-specification devices, security software that is added is often quickly outdated.
The answer lies with the mobile operators, because mobile security solutions that are deployed on a network level are both controllable and easily upgraded. Currently, many network operators voluntarily police potential fraudsters but, as messaging services continue to grow and become more complex, networks need a comprehensive range of features, such as anti-spam and virus-filtering software, Equipment Identity Register (EIR) systems and blacklisting, anti-spoofing and anti-flooding technology.
Using a variety of mobile security technologies, including anti-spam and anti-spoof and next-generation gateways, operators can detect abnormal patterns in messaging traffic, confirm legitimate senders, filter content and block suspicious messages. Filtering content also helps the fight against the spread of viruses and trojans. Blacklisting enables users to block certain phone numbers and incoming messages coming from these phones, while EIR systems have proved very useful in preventing handset fraud.
By providing corporate organisations with a combination of virus filters, subscriber controls and individual profiles, operators can help equip enterprises with the tools they need to protect their data and reputation.
This was first published in July 2008