On April 8, 2014, the world woke up to a new scare called the Heartbleed bug. The bug is a severe flaw in a software library used by millions of websites to encrypt sensitive communications. This simply means that the bug can scrape a server’s memory, where sensitive user data is stored, including private data such as user names, passwords, and credit card numbers. It is an extremely serious vulnerability, affecting some 500,000 websites, according to Netcraft, an Internet research firm.
The critical flaw can have widespread implications if not acted upon well in time and it could be much worse than you thought. There have been ample concerns raised across websites and news reports about the potential threats of the desktop browser users. However, there has been little attention paid to the vast mass of smartphone users who access applications that may share some of the same servers as the desktop users or connect to their own group of servers, which may also be compromised. It all began with the Y2K scare, then it was the Melissa Virus, and now the Heartbleed bug resurfaces three years after its creation in 2011. With our growing dependence on the Internet and technology, the threat of virus and malware will only increase going forward.
In reality, nobody using a smartphone or Internet is off the hook. Mobile security can be compromised due to design flaws, vulnerabilities, protocol failures in any mobile applications, virus, spyware, malware and other threats. The safe and secure use of technology is a genuine concern for enterprises all across, and this is one of the topmost concerns of today’s CIOs. The year 2013 witnessed an unprecedented growth of high-level cyber-attacks and malicious data invasion around the world and in India. India has seen an exponential rise in attacks against government organizations.
The 9th Annual Worldwide Infrastructure Security Report (WISR) report by Arbor Networks highlights that cyber-attacks have increased from 19 percent in 2012 to 43 percent in 2013, which means there has been more than a 100 percent jump. In the wake of frequent security breaches and data theft, enterprises globally are under tremendous pressure to provide an end-to-end secure framework. The BYOD (Bring Your Own Device) trend is adding to the woes of the modern day CIOs. Devices nowadays are extremely powerful and a small instance like misplacing or losing a mobile device can translate into a major security breach. According to Gartner, through 2014, employee-owned devices will be compromised by malware at more than double the rate of corporate-owned devices, which further compounds the BYOD dilemma. Moving data across different devices and network is rapidly increasing security risks to the corporate network and opens sensitive corporate or personal data to leaks and attacks.
There is a need to look at the complete lifecycle of mobile security architecture from design through to implementing products and technologies and managing the architecture over time. A key element of security is encryption technology, which is critical to protecting the confidentiality and integrity of a digital transaction between two endpoints, such as a mobile device and a corporate server located behind a firewall. Providing an integrated approach to mobile security, in which data is encrypted while at rest (stored on a digital device) or in transit, is the best protection against the loss of data or a security breach that could impact the profitability, competitiveness, or reputation of an organization. Smartphone users who are not protected by an enterprise mobile management (EMM) solution are at far more risk than employees who are enrolled in an EMM solution at work.
A robust EMM solution should cover all aspects of security and productivity, namely Mobile Device Management (MDM), Mobile Email Management, Mobile Application Management, and Mobile Security Management leveraging the backend infrastructure. A reliable mobile security solution is also constantly evolving and is able to scale up taking into account the changing behaviour of mobile users, as well as new technologies and new threats. In summary, if enterprises be it any industry or vertical, adopt a considered and thorough approach to technologies, policies and governance, they can deliver a secure mobile environment that yields considerable business and working benefits.
The fact that the number and utility of mobile devices will only increase means that the boundaries of the modern organization are being stretched to include hundreds or even thousands of mobile end points possessing access to the most precious assets. Security in this environment cannot be an afterthought. It must be built in at every layer of the organization — hardware, software, and network infrastructure — to ensure end-to-end protection. The threat landscape will keep evolving with time, but with an all-pervasive security solution deployment, we can at least mitigate the risk of data and credential loss.
