The Evolving Security Paradigm in An Increasingly Mobile World

The impending threat

Rapid adoption of mobile technology will soon make security concerns in the wireless environment at least equal to those in the wired world. While these risks may persuade IT departments to think twice about deploying the latest mobile technologies, the headwind favoring delivery of broader access to applications and emerging cloud-based services underlines the fact that mobile devices are now an essential business productivity tool. However, with the explosive increase in memory and computing capability and the sensitive transactions going through them, mobile devices make for very attractive targets. The Bring Your Own Device (BYOD) trend will further complicate the security scenario as IT managers are increasingly tasked with ensuring a consistent experience that encompasses both productivity and protection, regardless of the device and operating system.

Unfortunately, many companies simply don't realize the potential of emerging threats. Some are adopting a reactive approach; content with the traditional process of “detect and patch.” Despite the widespread information on the increasing number and sophistication of these threats, many businesses continue to treat mobile devices as static devices causing them to overlook significant vulnerability. Protection against cyber-attacks at the network level is critical for businesses to continue reaping the benefits of mobile broadband.

Mobile technology today is taking communications and security to a whole new level. Consumers are increasingly looking to bring their smartphones, tablets and other devices that have transformed their personal lives to work. This means people can work anywhere at any time, creating new efficiencies for businesses —but also new challenges for protecting enterprise data.

What is needed is a cultural shift to view smartphones and other mobile devices as dynamic entry points to the enterprise network as well as a mindset change to adopt a more flexible approach to mobility security strategies across organizations. Businesses that do not treat mobile devices as the computing and Internet devices can become easy targets. On the other hand, forward-thinking companies who recognize the risks are acting now to stay ahead of anticipated mobile security threats.

Nature of threats

The volume, severity and sophistication of emerging mobile threats warrant a prominent place on the security agenda. A major source of vulnerability is that today, security management is literally in the hands of users. Users can simply open an email or SMS or download an application and unknowingly expose the entire network to cascading attacks from botnets, worms, etc with the potential to compromise user privacy and escalate malicious activity. The number and type of threats are increasing due, in large part, to the number of apps and diverse functionality available once those apps are downloaded on a user's devices.

Botnets are responsible for many of the cyber threats that we see today, including spamming, phishing, data theft, etc. Bots can infect unprotected devices through email, compromised websites or applications which the user may download on a device without realizing the potential risk involved. A bot's primary mission is to disrupt or deny access to networks and computing resources, causing significant distress to employees, partners or customers. Using unprotected devices as entry points, the bots hide within applications and execute on hacker demand. Essentially, devices that become part of a botnet can be under the complete control of the botmaster. Without adequate security features to help protect against these bots, the risk is significant and can potentially lead to the theft of confidential information such as serial numbers, login IDs, financial data, intellectual property.

Responding to threats

How can smart companies address such threats? Boosting security features on smartphone devices to help ward off attacks is useful. But this 'endpoint' security approach is an inadequate response for business needs. As employees begin to use their smartphones to access enterprise applications, as well as content and applications stored in virtual environments, security features must move from the device to the network.

By moving security into the network, IT departments can worry less about weak passwords or ignored alerts. They don't need to rely on employees to configure personal settings to block spam or to keep up with the latest anti-virus update to ensure the network is protected. Instead, they can manage mobile security from the network via one centralized location, providing remote workers with secure access to a company's system. The real value of cloud-based security solutions is that all IP, Wi-Fi and RF traffic flows into the gateway. Managing security at the network level enables mobile broadband providers to help businesses protect their users and proprietary networks. Service providers are in a unique position to monitor threats from a network perspective and managing security from the cloud makes the task easier on a business's IT department. For instance, if a bot begins its attack on a smartphone, network administrators will be able to shut down the threat before it can spread and disrupt business activities.

The tipping point is near

As adversaries continue to find innovative ways to attack, the security industry will need to find equally innovative ways of protecting enterprises it serves. There's no quick fix, but the industry is waking up to the issue. AT&T, for example, has created a specialized research team within AT&T Labs that is dedicated to investigating security challenges specific to wireless devices and developing protective solutions. The future is mobile and organizations that understand this and prepare now will be well poised to handle the changing nature of security threats. Lessons learned from previous generations of security threats have positioned us to be better prepared for future wireless threats, enabling companies to fully embrace the enormous potential of mobile technology.