The Emerging Technology for Mobile Security6 May, 2013 By: Dr. Satwant Kaur
As always, imageSource Magazine looks to Dr. Satwant Kaur, First Lady of Emerging Technologies, to share cutting edge technology advances, concepts, and opportunities with our readers. This month she addresses the emerging technology called Mobile Security.
[imageSource]: For the sake of our audience please tell us why should Enterprises worry so much about Mobile Security?
[SATWANT] Mobile Security needs to become an immediate concern for enterprises due to the far reaching effects if the enterprise mobile devices are compromised. A security attack on a mobile device can turn it into a zombie device and used it to do various nefarious activities, such as:
• A zombie mobile device can be controlled to send spam to any other mobile device
• A zombie mobile device under attack could call emergency services and cause disruption in those critical services
• A zombie mobile device will give anyone access to information on mobile device such as bank accounts etc and enable stealing of identity of owner
• A zombie machine can be controlled to run bad applications and consume all of battery and render the device unusable and unavailable
[imageSource] How did this problem with Mobile Security come into being?
[SATWANT] Enterprises are allowing employee BYOD (Bring Your Own Devices) to workplace and that has improved productivity in a big way. But things to consider are:
• Employee activities such as browsing websites and running web-based applications creates security vulnerabilities
• Employees installing unauthorized applications can bring virus and malware to the corporate environment
• Employees “jail break” phones to use the phone with different carriers and different app stores. Jail breaking compromises the device’s mobile security
• There is Threat to sensitive data on Mobile Device such as contacts, credit card numbers, authentication information, calendar, call logs, information in emails, etc when the mobile device security is breached.
• Enterprises now face issues with it regulatory environment and have to pay fines or face sanctions due to data loss.
Hence it is important that enterprises put the right mobile security solutions in place.
[imageSource] What is the solution? What can enterprise do to protect themselves in such vulnerable environments?
[SATWANT] Mobile devices in the workplace are constantly accessing internet with their cloud-based apps and communications with social media sites, thus risking sensitive enterprise data theft. There are other reasons for security failure on mobile devices, such as:
• Lack of adequate password protection
• Un-encrypted data
• Lack of up to-date device updates
Enterprises need REAL TIME mobile security solutions that cover all dimensions of mobile vulnerabilities, such as:
• Mobile device management (MDM) Software enables Enterprise IT to manage thousands of devices from multiple manufacturers. Enterprises need MDM to protect company data even the mobile devices don’t belong to the enterprise. Example, MDM software can track software updates and distribute them automatically to users; MDM software can clean up device remotely when it falls in wrong hands; MDM also provides various features such as encryption, password enforcement, jailbreak detection, remote lock and wipe and selective wipe to secure and manage mobile devices.
• Data Loss Prevention (DLP) by enforcing a password
• Mobile Antivirus software provides continuous protection against viruses and malware that can attack mobile devices.
• Protection against mobile malware and malicious apps.
• Mobile Apps controls for mobile devices. Mobile app controls allow enterprise users to push and pull corporate apps to and from devices.
• Protection against web threats, phishing attacks, and spoofing
• Enforce enterprise policies on password complexity
• Remotely Locate and erase devices when they are reported to be lost or stolen.
• Install security features like ability to take a picture of the person who has the stolen phone with the front-facing camera and sends it to the owner
• Demonstrate regulatory compliance by producing automated compliance reports to demonstrate to regulators.
• Enable Two-factor authentication (2FA) to conduct business online such as chase bank does since it is a safer alternative.
• Utilize Mobile Security Software that can prevent malware, security intrusions, ensuring the log in is attempted by a human and not a bad piece of code, and user authentication.
• Antivirus mobile software should be installed on mobile devices since they can detect malicious executable files of known attacks by signature detection software
• Firewalls on Mobile Devices can prevent intrusion attempt by any malicious applications by watching the network traffic around the mobile device for suspicious communication.
• Biometric Identification reduces threat of security breach by identifying a person by means of her morphology such as eye or face or finger print.
• Utilize Spam Filters that can detect spam on SMS, MMS, emails, etc on mobile devices relaying these messages.
• Enforce Encryption of data both stored (at rest) and transmitted (in motion). That means the keys for encryption algorithms are exchanged using a secure channel.
These are major ways by which enterprise can protect itself.
[imageSource] Thanks for such wonderful guidance into the solutions? Do you see any challenges ahead for Enterprises?
[SATWANT] It is imperative that Enterprises put security controls and processes to secure themselves. However this leads to the challenge of increasing IT costs since mobile devices are updated and changed so frequently far more than laptops and desktops did. The other challenge is that Mobile Devices like their tethered predecessor computers, need security measures such as antivirus and firewall. However, the technical resources offered by even the most powerful mobile devices are very limited; such as ability to multi task, so the solutions are not as easy to always implement. But all that said and done, the benefits of the new age of Mobile Devices bring bright futures ahead for Enrprises as well as Employees.
Dr. Satwant Kaur is hailed as the “First Lady of Emerging Technologies” in Silicon Valley, Media, and the industry worldwide. Hundreds of TV and Radio Shows have broadcast her interviews. She has been interviewed by Askimo TV, and IEEE TV. Her live Radio Show with Computers2Know, “First Lady of Emerging Technologies” earned thousands of live audience. Her interviews were broadcast on hundreds of CBS sites and she has appeared on Huffington Post.
Dr. Satwant Kaur has more than 20 years of proven success in the emerging technology arena. She is a senior information technology executive, innovator and author. Dr. Satwant Kaur currently serves as the Master Solutions Architect for Hewlett-Packard Company. Her professional positions have included: Strategist at the Office for the CTO at EMC ; Platform Strategist in Intel Architecture Group at Intel; Director of Development at Symantec; Chief Architect (Allstate) at Computer Associates (CA Technologies); Chief Technology Architect at Quest Software (part of DELL) ; Chief Technology Officer for TIBCO and Management Consultant.
She was also University Faculty Member at Idaho State University and University Faculty Member at Indian Institute of Technology, Delhi (IIT). In addition to keynote speaking events such as IEEE, "Weekly segment by Dr. Satwant Kaur, the First Lady of Emerging Technologies" on “Computers 2 Know” Media Show (Hall Of Fame), Dr. Kaur has been featured on front cover of “Mobile Development and Design”, “imageSource Magazine”, “Fierce Smart Grid”, “Government Security News”, and is a guest on several media shows as well as a published author. She received her doctorate in Mobile IP technologies from Oakland University in Oakland, Michigan. She also holds a Bachelor of Technology degree in Electrical Engineering with distinction from the Indian Institute of Technology in New Delhi, India.
Dr. Satwant Kaur, First Lady of Emerging Technologies, expresses her own personal views and opinions in all communications including all electronic, broadcast, and print media formats. Dr. Satwant Kaur is not endorsed by any third-party affiliation, organization, or employer and all opinions are solely of Dr. Kaur's, and do not reflect the opinions and/or views of any third-party affiliation, organization, or employer. For further information, Dr. Satwant Kaur may be contacted at her email or website listed above.