Mobility without compromising security: Best practices for securing enterprise mobile devices

 - 
05/26/2011

by Hongwen Zhang, president and CEO of Wedge Networks

The continued growth of mobile device use within the enterprise has created an abundance of management and control issues for IT and security departments alike. The need to protect information that is accessed and/or stored on these devices has become a priority as today’s next-generation mobile devices are fast becoming as sophisticated as computers; yet the security for these devices is lacking, due to the intrinsic constraints imposed by battery life, portability, and economics of connectivity. For example, a mobile laptop could become infected while in a WiFi or 3G mobile network, before its anti-virus software signature is updated.

Industry analysts are reporting that half of the devices connected to corporate networks will be mobile by 2015 and in recent years malware targeting mobile phones specifically has grown exponentially. According to a 2011 report, Google had to remove more than 50 malware-infested applications for Android devices from its marketplace.

The abundance of business applications on mobile devices increases the risk of data loss and malicious attacks. Poorly designed applications are also exposing private and corporate identity information and additionally, because many of these devices belong to employees, enterprise data and applications have a tendency to become integrated, thereby exposing content.

In many instances, employees download applications, as opposed to IT provisioning devices and accessible platforms and applications, which opens the door to malicious attacks both on and from mobile devices.

One example, the Zeus Botnet, uses SMS messages to break into users’ bank accounts. The thief hijacks both user name and password from the infected phone, and uses the information to access the victim’s bank account. Another Android mobile operating system attack, allowed users’ private information to be transferred to a remote site. Not to mention, “jail broken” iPhones and iPads immediately lose 70 percent of their security features.

There are some steps that enterprise organizations can take to address the vulnerabilities associated with mobile computing, including the following:

1. Protect Web and Social Media Data – Implement full content scanning and inspection across all network protocols. Include protection against third-party services or applications and Web-based services such as Gmail, Facebook and YouTube.

2. Secure Endpoints-before it’s too late: Eliminate malicious attacks before they reach mobile devices. Protect all endpoints including mobile devices, to ensure that network traffic is free of malware, spam and unacceptable URLs. Firewalls, and traditional intrusion detection systems (IDSs) provide only limited protection, and often slow down the enterprise network. Look into emerging technologies that provide accurate, high-performance threat detection, complete visibility of what is transmitted through the network and the ability to stop the transmission of malware in real-time.

3. Ensure Security, Anytime, Anywhere – Employees roaming outside of an enterprise’s protection perimeters can have their traffic routed through malware scanners to ensure the safe usage of mobile data and applications. Consistent enforcement of IT security policies and optimization of Web resources provides all staff with safe mobile usage across distributed enterprises while reducing time required for IT departments to spend on management and control issues.

4. Get Real-Time Visibility – There are great benefits when network traffic can be looked at across all layers including the application layer, enabling visibility into the actual intent of the traffic. If this reconstruction and comprehension can be done in real-time, real-time security policies can then be applied to the traffic. This kind of deep content inspection can provide visibility, comprehension, manageability and real-time action for the information.

Conclusion
Knowing that all of the necessary security protections are in place provides organizations with the guarantee that mission critical data on mobile devices will remain safe, and systems protected against the spread of malware.

Dr. Hongwen Zhang is president and CEO of Wedge Networks, an innovative provider of remediation-based Deep Content Inspection for high-performance, network-based Web security. He holds a PhD in Computer Science from the University of Calgary. With more than two decades of high tech leadership experience, Zhang is a co-inventor and holder of several patents in the area of computing and networking.