Monday, February 23, 2009

Mobile Security Update: Configuration Management Becomes a Greater Issue for Smartphones; 81% of Manufacturers Worried about Mobile Payments, & More!

Mobile Security Update: Configuration Management Becomes a Greater Issue for Smartphones; 81% of Manufacturers Worried about Mobile Payments, & More!

In the current issue of Information Security Magazine, analyst Eric Orgen opines on the lack of smartphone security in businesses.

Orgen observes that most recent quarterly reports from Apple and Research in Motion trumpet 4.3 million iPhones and 6.7 million Blackberrys respectively. That's a lot of mobile communications and connectivity in a hurry, and much of it involves sensitive business and personal information.

Here are some brief excerpts from his column with a link to the full text --

Smartphones are ubiquitous in corporate life, supplying email and browser access to data whenever and wherever information junkies need a fix. But so far IT has been slow to address the security arising as result of the smartphone phenomenon. ...
IT should be putting smartphone security policies in place to protect the sensitive data, access to corporate applications, and software configurations.:
Disclosure laws, such as CA 1386, apply private information that is stored as "computerized data." ... never allow consumer data to be delivered to a smartphone, clear caches and temporary buffers after a VPN session, or encrypt all data that the smartphone receives.
All connectivity to business applications and networks should require a password and SSL VPN for secure communications. ...
Configuration management will become a greater issue for smartphones as business software becomes more prevalent and malicious code starts targeting these devices. ...
Eric Ogren, Smartphone security lacking at many businesses, Information Security Magazine, 2-19-09

In a related story, McAfee has released another interesting study -- this one is on security issues related to mobile devices.

Here are some excerpts from the press release, with a link to the full report --

Key findings from the McAfee Mobile Security Report 2009 include:
Half of all global manufacturers reported mobile malware infections, voice and spam attacks, third party application problems or incidents that caused network capacity issues
Almost half (48%) of manufacturers agreed that the cost related to patching and fixing affected devices had significantly impacted their business
Concern over the security of mobile device functions is high; 81% of manufacturers are worried about mobile payments; 69% are not convinced by the safety of installing applications and 66% are concerned about devices' WiFi and Bluetooth connectivity
Three quarters (75%) agree that carriers and manufacturers should carry the cost of security and only 12% think that users should be involved with handling security measures
Widespread Increase of Incidents
Despite manufacturers' attempts to lock down security, evidence shows that security issues are growing in diversity and sophistication. Overall, there has been a dramatic upswing in the number of incidents across all the major threat categories ...
Impact on Cost and Future Functionality
... Almost half (48%) of manufacturers highlighted that patching and fixing devices is an expensive business, 36% stated that security incidents have had a negative impact on their brand or public relations and almost a third again (32%) said that security problems have prompted a significant loss in credibility or user satisfaction.
McAfee, Inc. Research Reveals Impact of Security Issues on Mobile Device Manufacturers, 2-16-09

To download the full report, click here.