Researchers at the AT&T Security Research Center in New York City work to ensure security is an enabler, not a limitation, of mobile technology.  This state-of-the-art lab is dedicated to investigating, prototyping, and testing of new mobile security strategies and technologies.  Our team is currently looking into emerging areas of mobile threats including social networks and SMS attacks.

Today, we’re proud to share with you the story behind AT&T Mobile Security – a new set of security capabilities for mobile enterprise customers – with origins right here in our mobile security lab.

The enterprise meets smartphones

AT&T has long been a pioneer in developing new cyber security technology, combining the insight and expertise of AT&T Labs and our cyber security organization. Several years ago when the smartphone evolution began to take off, we saw the writing on the wall: use of mobile devices in enterprises and government agencies would not only increase, but dramatically change the security landscape.  Organizations would be faced with new security risks associated with mobile connectivity including data leakage, consumer privacy, Distributed Denial of Service (DDoS) attacks, and botnets.

Because smartphones are primarily designed for consumers, we needed to rethink how security would work in a wireless environment.  Unlike laptops and desktops, installing security software on devices wasn’t entirely practical – or effective.  With employee-owned devices entering the workforce, IT could not ensure employees configured personal settings appropriately to block spam or maintain the latest anti-malware software.

Consumer-driven strategy

Fortunately, the mobile device industry was still new enough that we could work on helping to prevent security problems rather than simply responding to them – as the industry did with PCs.  Our goal was to develop security solutions that would effectively help protect the mobile users (consumers and enterprise users) and the enterprise with state-of-the-art security features.

Trouble was, there were already multiple devices, multiple OS platforms, and multiple vendors in the marketplace – and businesses needed a way, an efficient and effective way, to better protect their entire ecosystem.  So we started considering the advantages of mobile security in the cloud where the fundamental infrastructure allows us to customize security layers for specific assets, and restrict access to enterprise data only to authorized users.

We had multiple teams within the cyber security organization and AT&T Research digging deep into the mobility threat landscape. At the same time, our networking teams were dedicating serious effort into hardening our own mobility network to combat emerging security threats.

Enterprise solution

Today, employee-owned devices are so commonplace in the workplace that it makes securing access of sensitive business data more complex.  So we borrowed the multi-layered model developed for our internal use to provide new capabilities for our enterprise customers via AT&T Mobile Security.  These capabilities include protection on the device as well as cloud-based security controls so that businesses can guard against attacks targeting devices and lurking in the network. To get a sense of just how critical a multi-layered approach to mobile security is, take a look at this infographic:

Mobile-Security_Infographic

What is your business doing to protect against mobile security threats? Do you have a BYOD-friendly workplace? Share your thoughts and concerns in the comments below!