Cover Story
of
Security is Taking Centerstage when it comes to enabling convergence and bringing in the much needed mobility element within an enterprise
villages in o expand in
nts do you expansion
investment nsion across e untapped d the kind we have e services to e improving est in better
ataka circle h does this nal kitty? a Circle is evenue and ataka circle tor towards siness right erational. It here is a lot d bring out roducts for DOCOMO nse and has e customers
the strong e registered innovative n Karnataka as actually stomers. To hed services rab A Song; op shop for ; Postpay e Rent Free ed CDMA ed with full s47; Newly galore and for Rest of ontinue to r customers and value
MOBILITY
Securing Mobility Space
I
ncreasingly powerful feature sets and rich functionality are driving the widespread use of mobile devices by banks, security and law enforcement agencies, government authorities and other security conscious organizations. Mobile workforces are taking advantage of mobile devices to remotely access confidential emails, spreadsheets, databases, customer data, order information, credit card data, medical history and patient information among other sensitive corporate data. Mobile devices are now the most vulnerable entry points for malware and other threats to the corporate network to which they are connected. Additionally, mobile devices are increasingly more dispersed geographically and at the MOBILITY
Mobility july2012.indd 15
forefront of operations in the field. So is sensitive corporate data safe in the mobile world? The potential security loopholes are increasing – as are the associated costs and liability! Will the next leak of sensitive information in your organization result from a stolen SD card? Or data transferred out of the device through USB or Bluetooth? Can you ensure that corporate email is being accessed only on authorized mobile devices protected by security policies and not just any device the end user can buy? Today’s CIOs are always asking questions like how to protect the end to end data. Protecting corporate data in transit over public Wi-Fi and cellular networks Encrypting data stored on device, making it available only to www.mobilityindia.com
authenticated users on your domain Disabling device communication modules and hardware features (e.g. camera, Bluetooth) Authenticating device users using Active Directory (Domain Security) credentials Authenticating mobile device hardware using certificates Enabling malware protection and intrusion detection Limiting end user’s access, preventing harmful Internet downloads and unauthorized software installation Proactively mitigating risk of data loss with efficient strategies for dealing with lost and stolen devices. According to the mobile market review for the first quarter of 2012 conducted by Cyber Media Research the shipment of smart-phones rose by 17.4% as compared to last year. With mobile security being a July 2012 | 15
7/29/2012 2:14:35 PM
Cover Story
new concept, hackers today leverage this to plan and launch intricate and complex attacks for financial gain. Commenting on the mobile security arena within the country, Ambarish Deshpande - Blue Coat, Managing Director - India Sales, says that, ‘With the growth of Bring Your Own Devices (BYOD), we see a move toward integration of corporate as well as personal information on a single device. This has important implications for organisations, as it increases their risk exposure for security, but also for data leakage of corporate information. Mobile Commerce is also seeing a steady rise due to increased smart-phone adoption making it a lucrative arena for hackers to siphon off money. Mobile phone and application technology is way ahead of the security adoption that is required to protect user data and block access to dynamic web threats that are increasingly mobile. Traditional defences like anti-virus and anti-spam endpoint solutions are not enough for mobile devices since these devices lack the processing power to support traditional antivirus. Organisations need to extend their control beyond the corporate infrastructure to include mobility, but the question is how to do this cost-effectively
and efficiently? The answer is in the Cloud,’ he explains. Expressing his opinion on mobile related security, Jagannath Patnaik, Director - Channel Sales, Kaspersky Lab - South Asia said that in today’s world of BYOD ( Bring your own device) for work as well as personal use we are living in highly mobile era. ‘Mobile devices like smartphones and tablets are on the rise, and they are used heavily for all types of activities. At the same time the level of protection on smartphones and tablets is noticeably poor. This is an alarming fact, because such devices sometimes store highly sensitive data like personal and work documents and e-mails, personal photos and even banking credentials are frequently stored on devices. With the increasing variety and number of malware threats that are targeting smartphones, it’s essential to have first line of defence i.e. Mobile security solution to protect your phone and the personal data you store on it. Mobile Security Solution should be easy to use and offer maximum protection against
"Mobile devices like smartphones and tablets are on the rise, and they are used heavily for all types of activities. At the same time the level of protection on smartphones and tablets is noticeably poor. This is an alarming fact, because such devices sometimes store highly sensitive data like personal and work documents and e-mails, personal photos and even banking credentials are frequently stored on devices." Jagannath Patnaik, Director - Channel Sales, Kaspersky Lab - South Asia 16 | July 2012
Mobility july2012.indd 16
www.mobilityindia.com
Internet threats and malwares. It should also offer protection in case of mobile.” He explained. With mobile users on the go, it is necessary to remotely manage mobile devices as they connect to various public networks (Wi-Fi ‘hot-spots’, cellular networks like GPRS, IDEN, EVDO, etc.) to access email, business information and data. Legacy solutions, designed for managing devices within the four walls, are not equipped to manage these remote devices while protecting the corporate network in an efficient, cost-effective and secure way. Deshpande from Blue Coat says that mobile security if explained generally would be everything from remote lock and wipe to threat protection for mobile devices. “According to Nemertes Research, the top mobile security measures deployed by companies are wipe and lock functionality (77.4%) and encryption (63%). These features include only device and data loss solutions. The whole aspect of securing web enabled applications and mass market malware has taken a back seat. With employees using personal devices at the workplace organizations need to step up their mobile security infrastructure by adding dynamic web security functionality, so that their mission critical data is safe and secure. A move towards more powerful, IP-based network infrastructure is leading to increased use of data-heavy mobile services, which need more sophisticated management. IT organizations need to find a middle ground, leveraging some of the R&D done in the PC/laptop arena while keeping the unique needs of the mobile device in mind to ensure that the mobile experience is not negatively affected in any way,’ he adds on. More and more sophisticated security threats are appearing as new devices provide richer targets. New threats to mobile devices, including malicious programs (viruses, worms and Trojan horses) continue to appear. Despite the fact that the current threat is not particularly high, we predict that the iPhone, Android, and mobile devices with WiFi and other broadband capabilities will undoubtedly be rich targets for malware and viruses in the coming years. Current mobile devices are built on the different operating system which MOBILITY
7/29/2012 2:14:42 PM
has created target diffe devices wh range of fu exposed to Comme trends in Kaspersky s that the em corporate p more diffic and ensur Infection o “trojanized about the p also includ intercepts a sites & spyw to spy on f he adds on Custom consumers virtual asse videos, wo access socia credentials and users a of such da second mo e-mail exch used for ac are tablets smart phon threats rela banking tr security on and signific are reckless “But th and most looking for with enhan protection l (antivirus), data wipe, privacy pro protecting quick to ad It is i today’s sce Minimizing firewall con existing sec devices fro the corpor encrypted incurring intensive V Gartner recently tha will surpass
MOBILITY
. It should of mobile.”
e go, it is ge mobile ious public ’, cellular VDO, etc.) nformation esigned for four walls, ese remote corporate fective and
t says that generally m remote tection for Nemertes e security panies are 7.4%) and res include utions. The eb enabled t malware employees workplace up their by adding onality, so is safe and e powerful, e is leading avy mobile phisticated s need to ging some ptop arena eds of the nsure that negatively on. ed security w devices threats to malicious and Trojan r. Despite eat is not t that the evices with abilities will or malware s. e built on em which
MOBILITY
Cover Story
has created an avenue for the hackers to target different platform. The new mobile devices which are in vogue have a huge range of functionality; they are inevitably exposed to a larger set of risks. Commenting on the mobile security trends in the country, Patnaik from Kaspersky says that, ‘It is becoming a trend that the employees use personal phone for corporate purpose which makes it further more difficult to enforce security policies and ensure data privacy and security. Infection on the smartphones are mostly “trojanized” apps that steal information about the phone or send SMS messages, also includes a banking Trojan that intercepts access tokens for banking web sites & spyware applications that are used to spy on family members or associates,’ he adds on. Customer perspective: Modern consumers live a full-scale digital life. Their virtual assets like personal photos and videos, work documents, passwords to access social networking and online banking credentials are of the utmost importance and users are very concerned about safety of such data. Social networking is the second most popular online activity after e-mail exchange and most popular devices used for accessing social networking sites are tablets or Mobile devices. Most of the smart phone users are aware about the threats related to social networks, online banking transactions yet the level of security on the mobile devices is very low and significant share of smartphone users are reckless in terms of security. “But this trend is slowly changing and most of the smartphone users are looking for the complete security solution with enhanced capabilities like anti-theft protection like protection against malwares (antivirus), Anti-theft features like - remote data wipe, device lock, GPS localisation, privacy protection which helps them in protecting their private data,” Patnaik is quick to add on. It is interesting to note that in today’s scenario, the security goals are: Minimizing modification of corporate firewall configuration and integrating with existing security technologies. Preventing devices from having unlimited access to the corporate network. Ensuring secure, encrypted communication without incurring the overhead of resourceintensive VPN clients. Gartner – an advisory firm – has stated recently that mobile payment transactions will surpass USD171.5 billion in 2012. This MOBILITY
Mobility july2012.indd 17
Some of the challenges in a mobility driven security world • • • • • • • • • • • • •
Protecting the corporate network and firewall Managing and Limiting access to sensitive corporate data User Authentication Securing stored data on device and storage media Securing over-the-air communication to protect data in transit Secure and Encrypted File Transfers Virus and malware protection Intrusion Detection Disabling Communication Modules and Hardware Features Device Lockdown and Controlled Web Browsing Securing lost or stolen devices Remote Control functionality for Instant Device Take-over Managing Security for Remote Out-of-Contact devices
would represent a 61.9 percent increase from 2011, which was USD105.9 billion. Mobile commerce is also taking off in India due to the proliferation of smart phones among young people here. Recently, eBay revealed that among 4,500 users that it surveyed here, 68% of those stated that made online purchases using smart phones. This is a reflection that mobile commerce is on an upward swing in India. Some of the security features that one can consider before participating in mobile commerce is securing the web browser by an inactivity lock out. This technology logs out the user automatically when an internet connection over a mobile device is lost. Security Offering from Industry Blue Coat offers Cloud Service which is the most appropriate solution for the BYOD era. Blue Coat’s Cloud Service uniquely integrates with our appliance – ProxySG to create a seamless, Unified Web Security defence for enterprises. ‘Proxy SG is our flagship security product. It is a web gateway appliance that provides full visibility, control and security of employee internet activity with a rich feature set. Blue Coat’s Next Generation Web Filtering identifies and orp-actively blocks malware, spyware, and phishing attacks, regardless of the type or content, while delivering fast and accurate granular URL filtering. The main aspect of Blue Coat’s Security that sets apart from the competition is the proactive Negative Day Defence which is capable of securing users against attacks before they occur. This Negative Day Defence blocks the source www.mobilityindia.com
location of the malware so that users are protected before attacks attempt to infect their device,’ Deshpande from Blue Coat explains. Talking about Kasperky offering on mobile security, Patnaik says that, ‘Today the industry is looking for complete mobile security solution with enhanced capabilities like anti-theft protection like protection against malwares (antivirus), Anti-theft features like - remote data wipe, device lock, GPS localisation, privacy protection which help in protecting business critical information and private data. The data transfer and operation must have at least 256 bit encryption. There must always be OTP instead of regular password. We have Kaspersky Mobile Security solution that provides world-class protection. Kaspersky Mobile Security employs traditional methods of anti-malware protection, combined with heuristics and cloud technologies,’ he adds on. It is true that today’s fast emerging mobile devices without malware safeguards are a vulnerable entry point into the corporate network for viruses and malicious applications. And conventional anti-virus solutions designed for PCs are not suited for mobile devices due to the reliance on a sizable database of virus definitions stored on the device that needs to be constantly updated, causing excessive network traffic. On top if all this, the frequent scanning of memory, necessary to detect viruses, adversely affects the performance of the device’s low power processor and battery life. In such scenario, getting proper security help from vendors such as Kaspersky or Bluecoat is highly recommended. July 2012 | 17
7/29/2012 2:14:42 PM