Feeds

Smarter security for smartphones

Getting that balance with ease of use

Choosing a cloud hosting partner with confidence

Balancing ease of use with security

Balancing ease of use with security is difficult. Networks expert Steve Cassidy – who specialises in keeping lawyers connected and protected - says: “All the networks I've seen that think it's big and clever to extend a VPN to a smartphone, end up with very low customer satisfaction levels, because the people doing the implementation turn out to have other, overlapping stupidities that kill off the VPN altogether.”

It’s essential that your handsets have the same level of password security as laptops with passwords needing to be refreshed, auto-lock and power-on passwords, memory encryption for removable memory, limits on application installation, and automatic email forwarding. You additionally want control over data deletion.

It should be easy to wipe a lost phone remotely or wipe itself if the password is entered incorrectly too many times. You’ll also want simple data restoration, not only for when the phone is found or replaced but so that it isn’t too much of a nuisance when one of your staffers gets drunk with his mates and they think it would be a bit of fun to enter the wrong password ten times while he’s at the bar.

The migration of web security with SSL to the handset has helped a little - there was a time when the mobile world saw WTLS as the future and the translation between mobile and web standards meant all data was held in plain text on machines at the mobile network operator.

Microsoft initially made its link to the enterprise a major USP (unique selling point). RIM took this crown with lower bandwidth requirements, significantly better security and superior mail handling. Security so good that it’s caused governments concern. All data is held on BlackBerry’s servers so you need to trust someone but many spooks and law enforcement agencies do.

Apple isn’t in the same league, particularly in regard to signalling efficiency, which has led to some concern behind closed doors in the operator community. Still that doesn’t stop gadget fans wanting them. As Shaun Collins of CCS Insight has been quoted as saying: “Operators never planned for the day when teenage girls wanted BlackBerries and CEOs wanted iPhones”.

For the particularly data paranoid there are some end to end device software solutions. While cracking the GSM encryption and mobile viruses are more the stuff of headlines than of real life if you are really paranoid you can go for heavy duty solutions. For voice encryption there is Cellcrypt.

This is a smartphone VoIP solution. Voice data is securely encrypted. Since there has never been any hint that 3G security has been compromised you’d probably be most worried about legal intercept to go for this expensive solution.

A solution that is more in line with most IT requirements is CryptoExpress which ensures than no information is kept outside of your network in a non-encoded form.

But there might be an opposite benefit of using a unique, personal device, Steve Cassidy again: “I actually think there is an opposite trend that may well develop, where people need to rely on physical authentication, a bit like posh banks and those credit-card sized RSA key generators. Smartphones that surface their IMEI (or an analogous identifier) could well end up *enhancing* security”.

There is however a difference between being secure to all intents and purposes and knowing that you are absolutely secure. Many professions need to know and it’s those that will pioneer security for the rest of us.

Intelligent flash storage arrays

More from The Register

next story
Chipmaker FTDI bricking counterfeit kit
USB-serial imitators whacked by driver update
Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
The Fourth Amendment... and it IS better
Don't wait for that big iPad, order a NEXUS 9 instead, industry little bird says
Google said to debut next big slab, Android L ahead of Apple event
Microsoft to enter the STRUGGLE of the HUMAN WRIST
It's not just a thumb war, it's total digit war
A drone of one's own: Reg buyers' guide for UAV fanciers
Hardware: Check. Software: Huh? Licence: Licence...?
The Apple launch AS IT HAPPENED: Totally SERIOUS coverage, not for haters
Fandroids, Windows Phone fringe-oids – you wouldn't understand
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.