Mobile security has been a topic of discussion for many years. Skeptics have always said “mobile security is a solution looking for a problem.” True, few mobile security disasters have occurred on the scale of a Code-Red or Blaster, however, mobile data usage has matured to a point where people need to be prepared.
First, what exactly is mobile security and what does that mean? Mobile security encompasses areas such as on-device security solutions, mobile device management, carrier network security, enterprise network security, NAC and policy management; but this is not all the areas involved which is why mobile security is such a complicated topic.
Throughout 2007, people continued to become increasingly mobile. For the first time in a calendar year, approximately 1 billion mobile devices were shipped globally. Notable 2007 developments included the release of Apple Inc.’s iPhone, the maturation and standardization of open source software platforms and the announcement of more user-friendly mobile platforms such as Google Inc.’s Android. Millions of people gave up their ordinary cellphone in favor of smartphones. And for the first time, the general public viewed the mobile handset as an information and communication device rather than a voice communication device. One thing that did not change is the fact that the majority of mobile devices brought into and used in a corporate setting are consumers’ personal devices.
Mobile applications and services increasingly have the look and feel of traditional PC applications. This has spurred on lifestyle and usage changes including a dramatic increase in m-commerce, mobile marketing, mobile gaming and mobile banking. Unfortunately, in making applications more user friendly, users also will become more relaxed in their approach to mobile applications and more susceptible to vulnerabilities. Standardization of mobile platforms and use of open source operating systems will make it easier for cyber-criminals to migrate their hijinx to the mobile environment. This fact has important implications for enterprises, mobile handset manufactures and operators, and the consumer.
Enterprises
Enterprises are worried about the same threats they have been facing with PC malware for years. These include loss of intellectual property, loss of client/customer data and associated non-compliance, denial-of-service attacks and extortion. Risk factors specific for mobile devices and deployments include carelessness of employees due to a perceived lower risk, loss of devices and connections through unsecured wireless access points. Almost every corporate worker has a mobile device. Mobile handsets now connect to networks in a variety of ways and are not limited to a cellular-only connection. With a variety of radios (Bluetooth, Wi-Fi, CDMA or GSM), USB cables, and using memory (microSD) cards, enterprise network administrators need to worry about multiple threats.
Handset manufacturers and operators
Handset manufacturers’ and service providers’ main risk with mobile security is brand damage should one of their phones be affected by mobile malware. Some manufacturers are embedding anti-malware into their handsets. Others are promoting the installation of aftermarket solutions on their smartphones.
Consumers
Consumers buying mobile anti-malware solutions have so far been only early adopters and the truly paranoid. With personalization of the cellphone uniquely tied to one’s identity, loss or theft could be devastating.
Does all of this mean 2008 will be the year of mobile security? According to Paul Miller of Symantec, instead of the year of mobile security, we may be in a period of high awareness and continued adoption. Frost & Sullivan’s research supports this and estimates the market for mobile anti-malware products at $61.4 million in 2007, growing to $2.171 billon in 2014. This represents a CAGR of 66.4% with much of the growth attributed to smartphone anti-malware products.
“Companies know the importance of putting your protection where your data is,” says Miller. “With the value of e-mail on smartphones well established, this translated to a huge increase in initial deployments of mobile anti-virus and data protection for large organizations in ’07. [2008] should see wider coverage in large companies and down-stream deployments in the SMB and even consumer markets. With today’s smartphones finally connecting to e-mail and the Internet, the channel is now open for good data and unfortunately bad. Companies and consumers alike learned their lesson in the early PC / Internet days: A protected endpoint makes for a happier end-user.”
With the increase of mobile marketing, mobile gaming, mobile banking and other mobile applications, the exposure of the general population to security risks is going to increase. As mobile devices become more capable and allow the access to traditional Web services, those devices and the data stored on them become vulnerable to the same security risks as enterprise desktops. However, unlike the desktop environment where users are accustomed to anti-malware programs, mobile users are not used to installing protection on their devices.
As a consultant for Frost & Sullivan’s Telecommunications and IT Practice, James Brehm’s primary responsibilities are to increase client value by evaluating, recommending, and creating innovative growth strategies for Frost & Sullivan’s high-tech clientele. The scope of his work deals with all aspects of the IP value chain; from delivery infrastructure and communication management to end user content/applications. Robert Ayoub is an Industry Manger with the Frost & Sullivan North America Information and Communication Technologies Practice. He focuses on monitoring and analyzing emerging trends, technologies and market behavior in the Network Security Markets Worldwide.
