Catching up with mobile security threats

Development of enterprise mobile apps has been moving more slowly than development of consumer-facing apps, according to Gartner. One main reason is IT leaders' concerns about the security of mobile devices, which are often employees' personal devices, and are vulnerable to being lost, hacked or stolen. While there are plenty of established tools and practices for keeping Web visitors from straying (or hacking) into sensitive corporate data, managing security across a diverse set of mobile devices remains a challenge, IT experts say.

Vendors are moving to address CIOs' concerns, however. For example, endpoint management platform providers such as Symantec and McAfee now provide centralized patch management, antivirus and antispam tools for mobile devices. Meanwhile, Nemertes, in its report "Communications and Computing Benchmark: 2011/12," found that nearly 60 percent of the 240 end user companies interviewed are deploying or plan to deploy a mobile device management platform. Companies using such a platform were more likely to say their mobile app initiatives were successful, notes Nemertes vice president Irwin Lazar.

Leading mobile data management vendors such as Good Technologies, Air Watch, Mobile Iron and Sybase provide data-leak protection for Android and Apple devices. For example, business data and apps can be isolated from users' personal apps and activities in a secure virtual container, and IT can remotely wipe a device that is lost or stolen.

A feature that Lazar calls an "Angry Bird filter" blocks employees from downloading dirty or time-wasting apps onto their devices. VMware's Mobile Virtualization Platform, due out in the next few months, enables end users to run native applications within a secured container on Android devices.

Apple is also moving to provide more business-caliber solutions for iOS devices, Nemertes' Lazar says. For example, it has added support for Microsoft ActiveSync, so IT groups can remotely manage and wipe iOS devices, and has provided app security controls that can be used by mobile data management platforms.

Google's Android, and the Android Market, are more open to developers than iOS and the App Store, and thus are more vulnerable to hackers. Earlier this year, some 55 malware-infected apps masquerading as legitimate titles were discovered in Google's app store. The vendor can, and does, remove suspect apps from customer's phones. However, app developers and, no doubt, business users and CIOs have problems with this somewhat high-handed approach-not to mention the fact that the app could already have infected an enterprise before it's removed.

Read more about consumer it in CIO's Consumer IT Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags iossecuritysmartphonesIT OrganizationmobileIT Organization | Consumer ITsybaseAppleGartnermcafeesymantec

More about AppleGartnerGoogleMcAfee AustraliaMicrosoftSybase AustraliaSymantecVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Elisabeth Horwitt

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place