Skip Links

How to secure Web applications from insecure mobile devices

IT Best Practices Alert By Brian Musthaler, Network World
February 22, 2011 01:49 PM ET
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

According to the RSA 2011 Cybercrime Trends Report, the number one trend this year will be mobile device malware and the associated exploitation of mobile smart devices to commit fraud. The explosive growth of mobile smart devices as general purpose “on the go” computers has made them an attractive target for cybercriminals to exploit. Unfortunately, it is not just consumers and their banks that must consider the risks of mobile device malware; the consumerization of IT has laid the bridge for the crossover of consumer technology into the enterprise.  

As with all cybercrimes, or crimes in general, it’s a matter of opportunity. With the explosion of smart devices used to conduct business today, cybercriminals currently have a window of opportunity to exploit a variety of mobile platforms. Unfortunately for the enterprises that conduct business through the cloud, they must now support more devices than ever before. In effect they are finding that they must extend their corporate firewalls and services to places they may not be prepared for.  This proliferation in use of mobile devices has the potential of opening up a backdoor for specifically engineered malware to make its way onto the corporate network.

Many times, the problem is that mobile devices are not managed by the enterprise, and as a result they do not have the same level of controls surrounding them as do computing resources inside the firewall and laptops that are used remotely.  Consequently, companies cannot assure that the communications from these devices to corporate web applications are properly protected; that the devices are properly configured; and that they include all the security software needed to protect themselves and ultimately corporate applications and data.

Trusteer, a company focused on guarding against infection of Web based applications for both financial and non-financial enterprises, believes that the best way to protect against Web-borne threats is to utilize a separate browser, apart from the default browser, solely for the mobile smart device. Trusteer’s recently released Secure Web Access product enables organizations to protect their Web applications, network and data from targeted attacks that exploit potentially insecure mobile devices. Secure Web Access is an extension of Trusteer’s Rapport Secure Web Browsing Technology for PCs and Macs, which secures both online banking transactions and other sensitive Web-facing transactions.  

Secure Web Access pairs software on the enterprise gateway with a lightweight standalone secure browser that any institution can use to force customers and employees to use in order to access corporate Web applications. The product enables secure access to corporate Web applications via the mobile device. This protects communications to prevent cybercriminals from gaining access to or seeing sensitive data, thus preventing security beaches and data theft via man-in-the-middle and man-in-the-browser attacks. Secure Web Access allows organizations to define and apply access control policies based on the security status of the device. Such policies might include actions like blocking access to all or only select resources.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News