The Smartphone: a real bug in your bed - The need for smartphone security
The rise of the smartphone over the past few years has been a technology success story. An almost perfect storm of advancing materials science, chip set development, software innovation and social networking has fuelled the progress in handset design and capability beyond that which could only be imagined a couple of decades ago.
Having such tremendous computing power alongside user’s private data and contacts makes a tempting target for criminals.
Data is more mobile
Very few businesses want their data to be less mobile, aside from those that have just gone through a major data loss incident and are hurriedly trying to bolt the doors after the data has gone.
In fact many businesses seem to pride themselves on the mobility of their data, on the basis that their employees will be accessing work-related data at all times of the day or night and will therefore be more productive. Whether employees are actually more productive is another discussion, but certainly the drive to mobilise data has resulted in the endpoint of most organisation’s network being in the handbag or pocket of their employees.
One exciting part of data mobilisation is the tidal wave of smartphones being used by businesses to access their data. But what are the particular security issues and opportunities that these smartphones present?
Of course data is more mobile than ever before. Few people pause to consider why we should automatically assume that all data should be made mobile. Very few computer security types are successful in stopping this demand, certainly outside a handful of top secret establishments. One of the first questions many a new employee will ask is how they can connect their smartphone to the data they use. After all, the success of web sites such as salesforce.com is based on the fact that, like all cloud computing solutions, the data can be made available from anywhere. A young in age workforce knows nothing other than mobile computing.
Most businesses accept mobile computing and, during this inevitable embrace, need to decide how to best protect their data.
After all, the smartphone is where it is happening.
The smartphone is dead, long live the phone.
Try to go into a phone shop and buy a phone that doesn’t, at least, have some “smart” features and you will have a problem. Some organisations that try and equip their workforce with phones that don’t have a camera for security reasons have a problem. Some manufacturers have woken up to this and are now producing basic phones, especially for the older generation that may need improved handset accessibility. Consider that the biggest growing group of Facebook users are the 35 year old plus, all of who will want to access their accounts long into the future. Even if the Facebook site isn’t around, a successor will be as social networking appears to be deeply entrenched into so many people’s lives.
Smartphone hardware marches on relentlessly. Handsets are certainly getting more powerful: for example in 2010 LG announced the Optimus 2X with a dual core 1GHz processor. Research has shown that 2011 is the year when smartphone shipments will overtake PC shipments, and both PCs and smartphones lay neck and neck at around 400 million units each, per year. The amazing growth in these fantastically powerful devices presents us as security experts with a significant challenge.
Smartphone security concerns
On top of all their other concerns most Chief Information Security Officers (CISO) are now having to worry about a number of smartphone security issues:
- Are my smartphones going to be infected with malware?
- Is my smartphone-based data secure?
- Will my mobile voice traffic be secure?
- Can my smartphones be remotely managed?
There is no longer a discussion about whether these devices should be allowed, now the conversation is how they can be accommodated safely and securely. Ultimately, the CISO is worried about risk to the business and, in particular, how this new smartphone risk can be managed whilst at the same time the business productivity of users improved.
This series of articles will explore these security issues in more depth.