The great myth about mobile security

It’s hard to remember life before the first capable smartphone. It’s similar to recalling an era before the Internet. June 29, 2007, marks the beginning of a mobile technology revolution when the first-generation Apple iPhone hit the market. Google and Microsoft soon followed suit with Android and Windows Phone operating systems, and the market exploded. Today, mobile devices are all pervasive and everything from checking emails, looking up train times, watching TV shows, finding directions, playing games and, yes, even making phone calls is second nature to most consumers.

It was this consumer-driven demand that directly influenced the enterprise, sparking a critical shift in IT policy that allowed employees and staff to use powerful, consumer-level smartphones and mobile devices for work-related purposes. And as we look around the workplace, there is no doubt that the trends of Bring Your Own Device (BYOD), Choose Your Own Device (CYOD) and Bring Your Own App (BYOA) are now firmly established.

Yet despite this growing reliance on mobility, IT decision-makers still incorrectly believe that traditional PCs are more secure than mobile devices. Entrust commissioned analyst firm Forrester to research this issue, and 71% of respondents surveyed somewhat or strongly agreed that the desktop/laptop is secure, compared to 43% who said that mobile devices are secure.

The overwhelming perception is that mobile devices are less secure. Even with sandboxed mobile applications, secure operating systems and savvy mobile users, the perception remains that mobile devices aren’t computers to be taken seriously. In fact, the complete opposite is true.

Whether used for secure physical and logical access, authenticators for digital identities, platforms for soft tokens or even as tools to verify desktop-based transactions to defeat malware, mobile devices, by default simply have a better security posture than today’s standard PC.

When properly managed and protected, mobile devices serve as a formidable platform for securing digital identities and online transactions. Performing malicious app-to-app process migration, native keyboard key-logging and Zeus-style memory-hooking — is not being found in mobile malware samples. Plus, specific mobile vulnerabilities usually have a short lifespan.

As for Android, malware usually targets specific hardware, firmware and OS versions, which greatly reduces the viability and lucrativeness of large-scale infections.

Today’s non-jailbroken mobile devices are more secure thanks to a multi-layered approach that’s core to the development of mobile operating systems. Applications installed on mobile devices are digitally signed and/or thoroughly vetted. And legitimate applications are also sand-boxed, meaning they can’t share or gain access to each other’s information — an important trait that helps defend against advanced mobile malware.

> See also: 80% of IT administrators fear exposure through mobile devices

Added to this, the strength of mobile platforms is further augmented by third-party security capabilities. Solutions that offer digital certificates, embed transparent one-time passcodes (OTPs) or provide application-specific PIN unlock options further bolster device security.

For many businesses, the true power of mobility isn’t yet being realised. However, employees’ adoption of smartphones and tablets as their preferred work devices of choice is changing an organisation’s IT landscape.

The security that you get out of the box from a mobile operating system already exceeds what you can buy with traditional desktop PC endpoint security. In a world where most users mix usage of PCs, smartphones and tablets, it’s a great opportunity to take advantage of the strength of the computers carried in our pockets.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...