Skip Links

Securing 4G smartphones

Added data capacity, connection speeds will make 4G smartphones more vulnerable

By Brad Reed, Network World
June 21, 2010 01:50 PM ET

Network World - Because smartphones have typically had both limited storage and connection speeds, they traditionally haven't been as vulnerable  to some of the security threats that have long plagued PCs.

But with the advent of super-powered smartphones and 4G mobile networks, this might be changing. Today's high-end smartphones have storage capacities in the 32GB range and processing speeds that go 1GHz or higher. And once 4G technologies such as WiMAX and LTE become more widely available, smartphones will have average connection speeds of 3Gbps or higher, giving them speeds that approach the average U.S. wireline broadband speed.

Three things we'd like to see from the new Motorola Droid

But like all good things, this increase in speed and power comes with greater risks. Sanjay Beri, the vice president and general manager of Juniper's Access and Acceleration business unit, says that the money-stealing malware that appeared on Symbian-based phones last year is sadly a sign of things to come in the era of 4G.

"4G makes the situation more accelerated," he says. "And what will really accelerate the growth of mobile malware and spyware will be the volume of traffic that people will be able to use. Data usage will increase and there are going to be more places that will get infected."

This increased mobile data usage is only expected to intensify in the enterprise as more executives could try to use their favorite devices for both work and personal use. Mike Siegel, a senior director of product management at McAfee, says this will put a particular strain on IT departments' abilities to protect data across multiple operating systems and applications.
"We have senior executives now who are pushing on IT to support Android or iPhone," he says. "With iPhone and Android, you have a propagation of applications that have connections back to sensitive corporate data in the cloud. So these devices now are very much a data leakage vulnerability."

What is to be done?

So given this world of increased vulnerabilities over the mobile Internet, what is a savvy IT department to do? Let's start with securing data, which Siegel says shouldn't be all that different from securing data over today's 3G networks. The most obvious capability that any enterprise smartphone needs is remote wipe that will allow IT departments to delete all data on the device if it is lost. While BlackBerry devices and the iPhone both have remote wipe capabilities already installed, Android-based devices do not have any native remote wipe applications as of yet. In other words, any IT department looking to bring Android devices such as the HTC EVO 4G and the Motorola Droid onto its corporate network will have its work cut out for it, since it will have to install several pieces of software to make the phone enterprise-ready.

Next on the list are native encryption capabilities that will make it possible to send encrypted data over the Web and native application control capabilities that make it possible for IT departments to define what apps are and aren't allowed on company phones. And finally, Siegel says that it's important to manage all access to the network through compliance rules that are on par with network access control (NAC) technologies that grant users access to networks based not on their IP addresses, but on a combination of their identities, endpoints and behaviors.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News