Catching Up With Mobile Security Threats

Development of enterprise mobile apps has been moving more slowly than development of consumer-facing apps, according to Gartner. One main reason is IT leaders’ concerns about the security of mobile devices, which are often employees’ personal devices, and are vulnerable to being lost, hacked or stolen. While there are plenty of established tools and practices for keeping Web visitors from straying (or hacking) into sensitive corporate data, managing security across a diverse set of mobile devices remains a challenge, IT experts say.

Vendors are moving to address CIOs’ concerns, however. For example, endpoint management platform providers such as Symantec and McAfee now provide centralized patch management, antivirus and antispam tools for mobile devices. Meanwhile, Nemertes, in its report “Communications and Computing Benchmark: 2011/12,” found that nearly 60 percent of the 240 end user companies interviewed are deploying or plan to deploy a mobile device management platform. Companies using such a platform were more likely to say their mobile app initiatives were successful, notes Nemertes vice president Irwin Lazar.

Leading mobile data management vendors such as Good Technologies, Air Watch, Mobile Iron and Sybase provide data-leak protection for Android and Apple devices. For example, business data and apps can be isolated from users’ personal apps and activities in a secure virtual container, and IT can remotely wipe a device that is lost or stolen.

A feature that Lazar calls an “Angry Bird filter” blocks employees from downloading dirty or time-wasting apps onto their devices. VMware’s Mobile Virtualization Platform, due out in the next few months, enables end users to run native applications within a secured container on Android devices.

Apple is also moving to provide more business-caliber solutions for iOS devices, Nemertes’ Lazar says. For example, it has added support for Microsoft ActiveSync, so IT groups can remotely manage and wipe iOS devices, and has provided app security controls that can be used by mobile data management platforms.

Google’s Android, and the Android Market, are more open to developers than iOS and the App Store, and thus are more vulnerable to hackers. Earlier this year, some 55 malware-infected apps masquerading as legitimate titles were discovered in Google’s app store. The vendor can, and does, remove suspect apps from customer’s phones. However, app developers and, no doubt, business users and CIOs have problems with this somewhat high-handed approach—not to mention the fact that the app could already have infected an enterprise before it’s removed.