Feeds

Smarter security for smartphones

Getting that balance with ease of use

Security for virtualized datacentres

Balancing ease of use with security

Balancing ease of use with security is difficult. Networks expert Steve Cassidy – who specialises in keeping lawyers connected and protected - says: “All the networks I've seen that think it's big and clever to extend a VPN to a smartphone, end up with very low customer satisfaction levels, because the people doing the implementation turn out to have other, overlapping stupidities that kill off the VPN altogether.”

It’s essential that your handsets have the same level of password security as laptops with passwords needing to be refreshed, auto-lock and power-on passwords, memory encryption for removable memory, limits on application installation, and automatic email forwarding. You additionally want control over data deletion.

It should be easy to wipe a lost phone remotely or wipe itself if the password is entered incorrectly too many times. You’ll also want simple data restoration, not only for when the phone is found or replaced but so that it isn’t too much of a nuisance when one of your staffers gets drunk with his mates and they think it would be a bit of fun to enter the wrong password ten times while he’s at the bar.

The migration of web security with SSL to the handset has helped a little - there was a time when the mobile world saw WTLS as the future and the translation between mobile and web standards meant all data was held in plain text on machines at the mobile network operator.

Microsoft initially made its link to the enterprise a major USP (unique selling point). RIM took this crown with lower bandwidth requirements, significantly better security and superior mail handling. Security so good that it’s caused governments concern. All data is held on BlackBerry’s servers so you need to trust someone but many spooks and law enforcement agencies do.

Apple isn’t in the same league, particularly in regard to signalling efficiency, which has led to some concern behind closed doors in the operator community. Still that doesn’t stop gadget fans wanting them. As Shaun Collins of CCS Insight has been quoted as saying: “Operators never planned for the day when teenage girls wanted BlackBerries and CEOs wanted iPhones”.

For the particularly data paranoid there are some end to end device software solutions. While cracking the GSM encryption and mobile viruses are more the stuff of headlines than of real life if you are really paranoid you can go for heavy duty solutions. For voice encryption there is Cellcrypt.

This is a smartphone VoIP solution. Voice data is securely encrypted. Since there has never been any hint that 3G security has been compromised you’d probably be most worried about legal intercept to go for this expensive solution.

A solution that is more in line with most IT requirements is CryptoExpress which ensures than no information is kept outside of your network in a non-encoded form.

But there might be an opposite benefit of using a unique, personal device, Steve Cassidy again: “I actually think there is an opposite trend that may well develop, where people need to rely on physical authentication, a bit like posh banks and those credit-card sized RSA key generators. Smartphones that surface their IMEI (or an analogous identifier) could well end up *enhancing* security”.

There is however a difference between being secure to all intents and purposes and knowing that you are absolutely secure. Many professions need to know and it’s those that will pioneer security for the rest of us.

New hybrid storage solutions

More from The Register

next story
Apple iPhone 6: Missing sapphire glass screen FAIL explained
They just cannae do it in time, says analyst
Slap my Imp up: Bullfrog's Dungeon Keeper
Monsters need to earn a living too
Oh noes, fanbois! iPhone 6 Plus shipments 'DELAYED' in the UK
Is EMBIGGENED Apple mobile REALLY that popular?
Apple's big bang: iPhone 6, ANOTHER iPhone 6 Plus and WATCH OUT
Let's >sigh< see what Cupertino has been up to for the past year
The Apple Watch and CROTCH RUBBING. How are they related?
Plus: 'NostrilTime' wristjob vid action
Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch
Sizes, prices and all – but not for the wrist-o-puter
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.