Mobility Security Challenges To Watch Out For

By Author: Susan Smith
Total Articles: 132
Comment this article

The advances in mobile technology in the past few years have been happening at a breakneck speed. 2012 saw the fastest growth ever in the same. With these advancements, two other trends emerge – firstly, the adoption of smart devices is at an all time high; secondly, the security risks associated with mobility are growing. With cloud becoming the choice of data storage, handheld devices are leveraged to provide easy access to the same. This is a high potential risk, because since the access is ‘easy’, it can be misused. There is another side to the same story. Because more and more devices are connected to the cloud, the potential for spreading malware, viruses, or hackware is also high. Add to the mix the uninformed users and BYOD, and you find the challenge of protecting corporate data to be increasingly complex.

There are three main concerns when it comes to mobile security.

1. Data protection - With BYOD, the ability to manage and track corporate data has become more difficult. While devices can be easily replaced, the data residing on them is a bigger concern. Data location and segregation ...
... are key challenges when trying to ensure compliance with cloud and mobility included in the equation. Some MDM solutions address the issue. The solution is containerization of corporate data within the device. The corporate apps and data reside in a separate section of the device, and this section can be remotely managed, and wiped if required by the IT admins. Some applications like Microsoft Exchange have inbuilt features for controlling the access, while other apps need some extraneous work to enable containerization. Mobile device virtualization is another technique used for compartmentalization of corporate apps and data.

Another issue is inadvertent (or maybe intended) data breaches by employees. What if the user copies a sensitive file to box.com? What if he / she mails it using a personal account on the device? How will the IT know? The usage of such apps needs to be controlled.

2. Malware and hackware – mobile commerce, NFC and QR cards all allow the mobile phone to be used for financial transactions. While some apps store the payment information, some allow the device itself to be used as a credit card. This makes the mobiles a lucrative target for hackers who wish to make financial profit. The unaware users may install an app that can expose their device to the malicious intent developer. While fishing for financial information, what if the hacker gains access to your corporate data too? Or worse, what if the attack was intended for enterprise data in the first place? Anti-malware software needs to be pushed to the mobile device via the MDM solution in order to scan any such application that is loaded on the device.

3. Bluetooth – A great technology for connecting two dissimilar devices, Bluetooth is extensively misused by people with wrong intentions. So much so, that there are terms coined for the misuse of Bluetooth - Bluejacking, Bluesnarfing and Bluebugging. The first term refers to hijacking, or taking control of a device through a Bluetooth connection. Since most people leave their BT status as ‘on’ and ‘discoverable’, hackers find it easy to do their work. Even when ‘hidden’, devices can be hijacked through a brute force attack.

Once under outside control, data can be copied off the device (Bluesnarfing). Another high risk situation is that the controller can use the microphone and camera of the phone to listen to and see the surrounding people (Bluebugging). Better BT security and employee awareness are important to avoid untoward events.

The author is associated with one of the top app development solutions provider, iPhone app development Dallas and iPad applications development