THE PANOPLY OF MOBILE SECURITY
threats now facing enterprises has not been lost
on security vendors now beginning to offer products that address data loss hazards on a broad
range of technology platforms.
San Diego-based data loss prevention provider
Websense launched Websense Mobile DLP, a
technology aimed at protecting data over a variety
of mobile platforms, including Google’s Android
and Apple’s iOS. The mobile suite quarantines corporate mail communications on mobile devices,
and has other reporting and remediation capabilities. The suite also is part of the Websense TRITON architecture, which combines Web, e-mail
and data security in a unified platform.
John Yun, senior product marketing manager
at Websense, says holistic solutions are needed
to protect against dynamic, blended threats now
emerging. “Data loss prevention is becoming a
very broad area,” he says. “You have to take a
step back and look at this from an organizational
perspective.”
To be sure, mobile devices are not the con-
duit for malware into the enterprise. Malware
writers have focused more attention on social
networking tools as an enabler for data theft.
“You no longer have to go to the dark corners of
the Internet to find bad stuff,” Yun says.
In addition to letting malware in, enterprises
have to be equally vigilant against social media’s
potential to enable people to externalize sensitive data, says James Cella, president of SiteQuest Technologies, Salt Lake City.
The company recently partnered with Sun-gard’s Protegent business unit to craft a tool
for monitoring employees’ social networking
activity. Cella says athe product is intended to
provide greater visibility into the potential
compliance risks that social media presents,
noting the speed at which the technology is
advancing presents problems for risk managers. “Facebook moves quickly,” he says.
“They constantly roll out new functionality, so
you have to be agile. What Facebook is today
is nothing like it was six months ago, let alone
a year ago.”
prise Server (BES) system, which features fine-grained security layers, and enables administrators to
define hundreds of configuration settings toward an
approach closer to the Android model. Brady says
RIM’s 2010 acquisition of QNX, the maker of micro-kernel-based operating systems, was an indication of
their move toward a more app-centric OS.
No matter what choice in platform or architecture
a carrier makes, Murray says, information technologists will have to constantly adapt in order to keep pace
with the bad guys. “I’m sure there are some very interesting surprises in store for us,” he says.
THE HUMAN FACTOR
Despite the threat of malware, Kapadia does not think
enterprises should shy away from mobile platforms.
“From a software perspective, these OSs have major
industry backing, and will be similarly secure to lap-
top and desktop OSs,” he says. “You can always be
paranoid about implementation vulnerabilities, but
then you would have to stop using your laptop as
well. So the question should now turn to whether
there are major differences in mobile phones at a
conceptual level.”
In that sense, the most qualitatively different aspect
of mobile operating systems is their very mobility. While
few employees tend to leave desktop computers behind
at bars and restaurants, mobile devices are easy to lose.
Kapadia says encryption does offer a degree of protec-
tion from physical loss of a mobile device, but is less
effective against malware. “Encryption may not help
you against malware because once it is on your system,
it is essentially behaving as you, and the system doesn’t
know if it’s you or the malware asking for the data.”
Thus, old-fashioned risk management and loss con-
trol measures are every bit important as technology de-
fenses. Kapadia notes that some of the infamous hacking
incidents in memory came about as the result of a hu-
man unknowingly divulging passwords or information.
“People think of systems as just being computers,” he
says. “But in the end, humans are part of the system and
hackers can exploit human weaknesses to get in. Attack-
ers always take the path of least resistance.”
Ultimately, it’s up to risk managers to weigh the ben-
efits versus the risk of mobile technologies, he says. “In
the security community, the joke is that if you want a
perfectly secure system, just turn it off. But the reality is
we have to do business, and life has to move on.”
As VP of Internet services for San Francisco-based
Esurance Insurance Services Inc., Marjorie Hutchings
knows well the role people play in stopping malware
attacks and data leakage.
For more about mobile trends, search “Insurers Slow on
the Mobile Uptake” at www.insurancenetworking.com.
