Feeds

Smarter security for smartphones

Getting that balance with ease of use

Mobile application security vulnerability report

Balancing ease of use with security

Balancing ease of use with security is difficult. Networks expert Steve Cassidy – who specialises in keeping lawyers connected and protected - says: “All the networks I've seen that think it's big and clever to extend a VPN to a smartphone, end up with very low customer satisfaction levels, because the people doing the implementation turn out to have other, overlapping stupidities that kill off the VPN altogether.”

It’s essential that your handsets have the same level of password security as laptops with passwords needing to be refreshed, auto-lock and power-on passwords, memory encryption for removable memory, limits on application installation, and automatic email forwarding. You additionally want control over data deletion.

It should be easy to wipe a lost phone remotely or wipe itself if the password is entered incorrectly too many times. You’ll also want simple data restoration, not only for when the phone is found or replaced but so that it isn’t too much of a nuisance when one of your staffers gets drunk with his mates and they think it would be a bit of fun to enter the wrong password ten times while he’s at the bar.

The migration of web security with SSL to the handset has helped a little - there was a time when the mobile world saw WTLS as the future and the translation between mobile and web standards meant all data was held in plain text on machines at the mobile network operator.

Microsoft initially made its link to the enterprise a major USP (unique selling point). RIM took this crown with lower bandwidth requirements, significantly better security and superior mail handling. Security so good that it’s caused governments concern. All data is held on BlackBerry’s servers so you need to trust someone but many spooks and law enforcement agencies do.

Apple isn’t in the same league, particularly in regard to signalling efficiency, which has led to some concern behind closed doors in the operator community. Still that doesn’t stop gadget fans wanting them. As Shaun Collins of CCS Insight has been quoted as saying: “Operators never planned for the day when teenage girls wanted BlackBerries and CEOs wanted iPhones”.

For the particularly data paranoid there are some end to end device software solutions. While cracking the GSM encryption and mobile viruses are more the stuff of headlines than of real life if you are really paranoid you can go for heavy duty solutions. For voice encryption there is Cellcrypt.

This is a smartphone VoIP solution. Voice data is securely encrypted. Since there has never been any hint that 3G security has been compromised you’d probably be most worried about legal intercept to go for this expensive solution.

A solution that is more in line with most IT requirements is CryptoExpress which ensures than no information is kept outside of your network in a non-encoded form.

But there might be an opposite benefit of using a unique, personal device, Steve Cassidy again: “I actually think there is an opposite trend that may well develop, where people need to rely on physical authentication, a bit like posh banks and those credit-card sized RSA key generators. Smartphones that surface their IMEI (or an analogous identifier) could well end up *enhancing* security”.

There is however a difference between being secure to all intents and purposes and knowing that you are absolutely secure. Many professions need to know and it’s those that will pioneer security for the rest of us.

Boost IT visibility and business value

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Apple gets patent for WRIST-PUTER: iTime for a smartwatch
It does everything a smartwatch should do ... but Apple owns it
For Lenovo US, 8-inch Windows tablets are DEAD – long live 8-inch Windows tablets
Reports it's killing off smaller slabs are greatly exaggerated
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Microsoft unsheathes cheap Android-killer: Behold, the Lumia 530
Say it with us: I'm King of the Landfill-ill-ill-ill
Seventh-gen SPARC silicon will accelerate Oracle databases
Uncle Larry's mutually-optimised stack to become clearer in August
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.