Emerging Threats in the Mobile Environment: Part Four

Technology is progressing toward networks that are more open and handsets are shifting from limited capabilities to advanced handheld computers. As a result security-savvy enterprises must begin taking the necessary steps to help protect the integrity of their critical mobile data.

To help enterprises prepare for the new world of mobile threats, technologists and researchers will need to join forces with customers. This joint work will develop new security solutions, policies and best practice approaches for the years ahead.

What’s emerged is a multi-layered, end-to-end protection strategy to help strengthen mobile security. This is changing  from user authentication, data storage and transport to a solution that trying to thwarts attacks at the network level before they do damage.

Endpoint Device Control

To move their products into an enterprise-ready state, many smartphone suppliers are incorporating limited security features into the operating system. This includes  full device encryption, localized user authentication, and policy enforcement via remote control.

Of course, these measures are not enough – they are not foolproof. Hackers have found ways to get inside the operating system to set up mechanisms within the firmware. This access allows them to gain administrative control over the device for malicious activities that put the enterprise at risk.

In the evolved mobile security architecture, IT requires management tools for control over the integrity of the device, data that can be accessed and stored on smartphones, as well as the applications that can be downloaded.

With the power to set and enforce these policy controls remotely on an enterprise fleet of devices, IT can worry less about hackers that ‘jailbreak’ a device. This jailbreaking is often done to download and run unauthorized applications. In addition to that employees can inadvertently download harmful content. Further, these measures will circumvent current individually owned and corporate owned smartphone challenges by using a cloud-based centralized deployment platform for security updates and patches. This cloud-based solution will help ensure smartphone devices have the latest updates for the utmost protection.

Moving Authentication to the Network

In a traditional desktop environment, user authentication takes place at the endpoint. While this provides security measures that help protect data, the always-on mobile network allows for more stringent strong authentication methods that combine localized policy control and cloud-based biometrics.

However, adequate biometric authentication isn’t possible at the endpoint where smartphones have limited capabilities. As a very resource-intensive process, it would sap precious battery time and eat up CPU cycles – resources that should be devoted to making employees more productive away from the office.

In the mobile security architecture of the future, biometric authentication will take place on the network, not the handset, freeing the smartphone from a resource-heavy task and users from a long sign-in process that disrupts the workflow. By verifying user identity based on unique traits via a fingerprint swipe or voice recognition tool, biometric technology will provide faster and stronger authentication, while making the user experience simpler and seamless.

Evolving authentication to the network will also solve another issue that jeopardizes security: weak user passwords. By making them easy to remember, users also make them easy for unauthorized users to guess. Network-based authentication gives IT the ability to use complex technology behind the scenes to enforce stricter access control to enterprise assets and data, without overwhelming the smartphone user.

As a result of all this, authentication will become easier and faster for users, and harder for anyone trying to break into the smartphone. This could be a win/win for both the organization and the user: IT will have more control over enterprise access and users will have a more seamless experience through a combination of single sign-on and biometric authentication.

Securing the Mobile Enterprise (continued)… Multi-Layered Security Strategy

In the next entry, we will continue focus on the evolved multi-layered security strategy by exploring the final two verticals responsible for protecting the mobile perimeters sensitive information as it is accessed, stored and transported across the enterprise …

  • Centralizing Network Traffic
  • The Network as a Risk Manager

Make sure you take a look at Part 1 “Securing the Mobile Enterprise,”, Part 2 “Attack of the Mobile Botnets” and Part 3 “How to Protect Your Company’s Devices From an Influx of Mobile SMS or MMS Security Threats” of the series.

The Networking Exchange Blog Team About NEB Team