Smartphones, security and the enterprise

Smartphones are among the most important technological developments of our time. Since the advent of the first smartphones in the 1990s, these once cumbersome devices have become immensely powerful and sophisticated tools – not just individual communications devices, but whole computing platforms, capable of running a vast array of personal and business applications.

Today’s smartphones rival and even exceed yesterday’s high-end laptops in their feature sets and capabilities. Powerful processors and extensive storage capabilities make them ideally suited to many kinds of computing tasks. And increasingly, they are designed to be extremely easy to use, with advanced user interfaces and high-quality displays making them viable alternatives to bigger, heavier laptops.

Such functionality and design has made them extremely popular with users, especially in the last 18 months. In 2010, analyst firm Gartner reported that smartphone sales rose 72 per cent since 2009, accounting for nearly 19 per cent of all mobile phone sales.

Widely available at comparatively low cost, these devices have captured the imagination of consumer and business users alike at an extraordinary rate.

The User Revolution

According to Nielsen, there is a big rise in smartphone ownership with 43 per cent of Australians who surf the Web now do so with a smartphone. The study also shows a total of 71 per cent of Australians using the Web-accessed video or audio content online, with 35 per cent claiming to do so on a weekly basis. In addition, 73 per cent of online Australians use social media – the country’s most common online activity.

Such ubiquity is driving many changes in user behaviour, not least in the enterprise, where users are discovering that they are more than adequate replacements for their bulky, energy-inefficient corporate laptops.

Many key business applications such as email are routinely available on smartphones, with some devices, such as RIM® Blackberry, designed primarily as a business email tool. New kinds of mobile devices, such as tablets, have bigger screens and are more suitable for reading and generating large volumes of document- or spreadsheet-based content.

Somewhat inevitably, then, business users now view their smartphones and tablets not just as adjuncts to their other computing tools, but as primary devices in their own right – devices that are easier to carry around, use less power and which also fulfill a variety of other consumer-focused functions, such gaming and personal banking.

The research, conducted online by Nielsen to produce Telstra’s inaugural Smartphone Index, prompted the company to predict that more than half of the country’s mobile phone users would own a smart device such as an Apple iPhone or an HTC Desire within 12 months.

The index also found most people used their smartphones to access email (61 per cent weekly), followed by social networking sites (51 per cent), news and weather information (49 per cent) and maps and other directions (35 per cent).

Increasingly, it is the users themselves rather than their IT departments who are dictating which smartphones are right for their business needs.

Trends like these create significant challenges for IT managers. Security risks, in particular, are a major concern to IT departments accustomed to having full control over access to and usage of business users’ laptops.

Smartphones are much easier to lose than bigger devices, creating an instant risk to data integrity. They are often much harder to secure, simply because they have more access points; as well as Wi-Fi and Ethernet capabilities, they are also routinely equipped with 3G/4G and Bluetooth® radios, USB ports, SIM card sockets and cameras.

In addition, smartphones are equipped with a widely varying array of operating systems, each with its own operational models and security issues and often available in several different versions across device manufacturers.

Risk/Reward: A Complex Equation

Perhaps the biggest threat is from users themselves, who are increasingly using their smartphones with scant regard for IT policies; for example, playing games or checking personal webmail while connected to corporate networks. Increasingly, smartphone usage is placing great pressure on corporate network resources, too, especially when users consume high-bandwidth content such as video.

To add to the already overburdened IT managers, users can often install untested third-party applications (which may present serious security risks in their own right) from app stores without IT having any way to prevent them doing so.

According to one study by IDC, people downloaded 10.9 billion mobile apps in 2010 (a figure it thinks will increase to nearly 76.9 billion by 2014), each a potential threat to corporate security.

Unsurprisingly, malware authors are already exploiting weaknesses in the open app store model, attracted by the increasingly fertile ground for mischief that it represents.

On one hand, smartphones are simply too powerful and useful for businesses to ignore, empowering users in completely new ways and enabling them to work far more flexibly and productively. On the other hand, they are also difficult to deploy securely and they add to substantial existing pressure on technology budgets and resources.

Getting this balance between reward and risk right is a familiar problem for IT managers. Security must be seen to be enabling the business, rather than holding it back from the rewards many of these new devices offer.

However, smartphones present them with new challenges. In order for organisations to obtain maximum benefit from the smartphone, they need to think about how much access they can give to the workforce. That in turn means making some important decisions about where and how the different smartphone platforms really need securing.

Richard Ting is vice president, Asia Pacific for SonicWALL. SonicWALL, Inc., the leader in network security, focuses on developing solutions that remove the cost and complexity out of managing a secure network environment. SonicWALL provides end-to-end solutions including firewalls, SSL VPNs, e-mail security and continuous data protection that collectively ensure robust, secure network protection. For more information, visit the company web site at https://www.sonicwall.com/.