3GSM: Businesses Are Unsure of Mobile Security

Uncertainty about how to secure mobile phones in the face of increasing threats is slowing enterprise adoption of mobile applications, experts exhibiting at the 3GSM World Congress in Barcelona this week said.

More than two-thirds of mobile operators in Europe that took part in a survey said they detected more than 100 incidents involving mobile viruses or mobile spyware in 2006, according to a study conducted by Informa for security software developer McAfee. The number of European operators reporting more than 1,000 such incidents more than doubled in 2006 compared to the previous year, the report said.

IT administrators, uncertain how to protect their users from such attacks, are unwilling to enable mobile access to applications for workers.

“Enterprise security professionals haven’t really worked this out yet,” said Lorcan Burke, CEO of AdaptiveMobile. Companies such as banks, with strict security requirements, simply block access to any service, including the Internet, that could open doors to security problems, he said.

At the recent RSA Conference in San Francisco, some of the most crowded events were those tackling mobile security issues, said Simeon Coney, vice president of marketing for AdaptiveMobile. That was an indication that IT administrators are trying to find out how serious mobile security problems are and how to address them, he said.

Mobile services can be secured in the application, the network, or in hardware or software on the device. Among operators responding to the McAfee study, most found that virus protection was most important at application and device levels, although more of them had deployed network-level security systems than the other options. More than 200 respondents from the operator community took part in the study.

AdaptiveMobile makes network-level security products for operators, including a system for filtering viruses in e-mail, short-message service, multimedia messaging service and wireless application protocol traffic. Beyond viruses, AdaptiveMobile can control content, so it can stop phishing and other fraudulent attacks, or limit the types of content end users can access.

If an operator has deployed AdaptiveMobile’s platform, an IT administrator in a company can set and manage such controls down to the level of individual users.

For the mass market, AdaptiveMobile’s product allows operators to notify users by text message if their phone becomes infected with a virus and offer a download, either for free or for a fee, to disinfect the device. Without such software, operators will replace a user’s device or ask the user to send it off for disinfection, both costly propositions.

A network-based security mechanism offers some advantages over antivirus software that sits on the handset, Burke said. Handset software doesn’t prevent phishing and other nonviral scams. In addition, antivirus software isn’t compatible with all phones, making it logistically difficult for the software developers to tweak their products for each version of every phone and make sure to sell the proper software to end users.

Burke calls antivirus software on the handset “the minimum acceptable response. It’s a tick in the box to make people feel comfortable.”

Some developers also sell security mechanisms that sit in the phone’s hardware. Such solutions are ideal for organizations with very strict security requirements, such as governments, Burke said. One downside to the hardware-based solutions is that they take about two years to make it into a handset, he noted.

-Nancy Gohring, IDG News Service (Dublin Bureau)

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.