Mobile security from the cloud

April 2014 Information Security

As smartphones and tablets have become increasingly sophisticated, the amount and types of data stored on them have increased. Confidential data once stored inside the firewall now resides on mobile devices, but many small and medium businesses have not taken sufficient action to address the risks this presents.

SMB IT staff may believe that only large enterprises are at risk. But according to one report, 40% of attacks have been directed at SMBs, while only 28% have been directed toward large enterprises. The diversity of device types complicates data protection. Traditional security solutions require a different product for each type of device, each with its own management facility and each with its own command set, increasing IT management complexity and resource requirements.

Security challenges

The rapid adoption of smartphones and tablets has attracted the attention of hackers and other intruders, increasing the risk of data loss for SMBs as well as large enterprises.

The US Department of Homeland Security reported a 400% increase in attacks on Android devices between mid-2010 and June 2012. Apple’s iOS devices are targeted less frequently, since apps are available only from Apple’s App Store, but some malicious apps have slipped through Apple’s tests as well.

The reason for these attacks is simple: Mobile devices increasingly contain valuable information. Sales staff with customer and price lists, field service technicians with detailed product information, and health care workers with patient information are all potential targets.

Data resident on mobile devices is not the only target. Users typically store passwords and PINs on their devices to avoid having to enter them for each access point. An attacker who captures a VPN password, for instance, can easily gain access to server-based data that is considered safe inside the corporate firewall.

Attackers can profit from a successful attack and cause financial loss for a business even when the compromised device contains nothing confidential and no valuable passwords. For example, malware can charge Premium SMS messages to a corporate phone number lifted from a phone’s contact list. It’s not hard to miss a series of $5 to $10 charges scattered through a long cell service log, but these charges can add up.

The bring-your-own-device trend, with employees using their own devices for work purposes, further adds to the challenge of protecting corporate data. One problem is that conventional anti-malware products are designed for a single device type, but it’s inevitable that staff members won’t all choose the same type of device. The result: IT staff must learn how to maintain and monitor multiple device types while using multiple security products.

User-installed apps represent another major business risk. It’s virtually impossible to prevent employees from choosing and installing apps on their personal devices. Attackers create apps that offer a free game or another attractive feature but contain code that compromises device security. Malware is not the only danger. Data loss due to lost or stolen devices is also a major problem. A 2012 survey conducted by Research Now found that among businesses with up to 50 employees, roughly a quarter had dealt with device loss or theft.

SMBs slow to implement mobile security

Despite the widely publicised losses resulting from targeted attacks, many SMBs have not taken action to address mobile device security. Research Now found that fewer than half of the enterprises surveyed had implemented a security solution. Several factors have impeded adoption of appropriate mobile security measures.

First, IT staff may be unaware that employees are transferring confidential information to privately owned devices. Second, with SMB IT staff already supporting in-house desktop systems, mobile laptops and servers, they may believe that implementing a mobile device solution that protects the variety of devices in employees’ hands would be too time-consuming, complex and expensive.

Traditional security requires a different product for each type of device: one for Windows-based desktops and laptops, another for conventional servers and yet another for virtualised servers. Each requires its own management console with its own set of commands. Now add in mobile products with two more management facilities, one for Android and one for Apple iOS devices. It’s no wonder that IT staff already struggling to deal with on-premises systems are not eager to add mobile devices to their workload.

Traditional mobile security solutions have an additional drawback. They require that staff have hands-on access to install software updates and make policy changes. Scheduling updates for a time when a device will be available in-house adds more complication. At any given time, some devices have been updated while others haven’t. The task becomes even more complex and time consuming when the staff must support a mix of device types, each protected by a different security product.

While overburdened IT staff at many SMBs have avoided implementing mobile device security, it’s clear that doing so is no longer feasible. The risks are too great. However, with the right security solution, SMBs can implement improved security defences while streamlining IT management challenges.

Cloud-based security solutions simplify management

Reducing IT staff time and effort requires a security solution that supports both Android and Apple iOS mobile devices as well as current in-house systems. Increasingly, SMBs are looking to cloud-based solutions as a way to support all of these systems with reduced management effort and simultaneously provide better protection than traditional products.

Managing via the cloud simplifies labour-intensive tasks. A single management console manages both on-premises and mobile devices, and there is just one set of management commands to learn. Instead of configuring devices one by one, IT staff members enter a single set of commands to a cloud-resident management server.

Updates are delivered to all devices simultaneously, so policy changes become effective for all connected devices immediately. Any devices that are out of range of cell service or Wi-Fi – or are shut off – automatically receive the updates upon their next connection to the Internet.

Cloud management offers these benefits:

* Eliminates the need to invest in a management server and management software.

* A single management facility supports all devices.

* Updates are made using a standard Web browser.

* Cloud resources are scalable and redundant.

* Eliminates the need to upgrade an in-house management server when the device population increases or to delay required policy changes because the management server is down.

Cloud-based solutions provide superior device security

Traditional mobile device protection software executes inside each device, monitoring incoming e-mail and Web pages as they are received and comparing their contents against a previously downloaded threat signature file. Inspecting and analysing incoming data requires a large device-resident application and consumes processor resources.

Dealing with today’s wide variety of threats requires a significant amount of memory for the application itself and for the threat signature database. Additionally, with traditional products, each database download consumes network bandwidth, processor time and cell service monthly quota. As a result, devices typically update, at most, every few hours.

With their need for periodic updates, traditional security products leave devices vulnerable. According to testing company AV-TEST, 55 000 new malicious programs are detected each day. Attackers understand that defences against any new attack type will be created quickly, so any new method is most valuable during the first day it’s used. To take maximum advantage, they attack multiple sites as quickly as possible. Devices protected by traditional products remain open to the new attack in the hours until their next update.

In contrast, cloud-based solutions greatly increase mobile protection. Here’s how: First, they offload data inspection to powerful cloud processors that scan the Internet 24x7, searching for malicious websites and device apps. Suspicious websites and apps are evaluated using processors with far more compute power than those found on mobile devices.

When a new website or app is discovered, cloud processors examine it in detail. They check Web pages for embedded malware and execute apps in a protected environment to determine what privileges they would request from a mobile device operating system and whether they would perform other actions that would compromise a device.

Webroot SecureAnywhere Mobile Protection

Webroot’s SecureAnywhere Mobile Protection greatly eases the load on IT management staff by supporting both Android and Apple iOS mobile software environments. SecureAnywhere Mobile Protection is part of Webroot’s Secure Anywhere Business platform, which also delivers endpoint protection for laptops, desktops, servers and virtualised environments.

Uniform policies govern all devices. When a change is made, it applies to all devices without the need to wait until a mobile device is brought in-house, and there’s no need to configure devices one by one. Connected devices are updated immediately over the air, while those without Internet access are updated as soon as they are connected.

SecureAnywhere Endpoint Protection supports Microsoft Windows desktops, laptops and Windows servers, plus virtualised servers supported by VMware, Citrix and Microsoft software. Both SecureAnywhere Mobile Protection and SecureAnywhere Endpoint Protection are managed from the same portal, further reducing management load and complexity. There’s no need for a traditional management application and no capital cost to acquire an in-house management server. Management is done using a standard Web browser to access a cloud-based security service. Staff members do not even have to switch from their favourite browser: SecureAnywhere Mobile Protection supports all popular browsers, including Internet Explorer, Firefox, Chrome, Safari and Opera.

Devices can be managed from anywhere, so an IT staffer with the proper login credentials can connect from home or anywhere to make needed changes. The staffer can make changes to any device or to all devices. If an issue arises that affects all devices, the staffer can make a global policy change.

A single login to the cloud-resident management server is all that’s required. There’s no need to connect through the firewall to an on-premises management server to update on-premises systems and then connect to another facility to modify mobile devices. One connection and one set of commands is all that is needed.

Management is further simplified by a set of default and preconfigured policy templates. Cloud-based management constantly monitors all devices, generating alerts, notifications, and real-time ad hoc and scheduled logs. The network monitor tracks and logs all applications that access the network. Alerts can be sent via e-mail or SMS as well as to the management console.

For more information on Webroot’s SecureAnywhere Mobile Protection contact Dean Barkhuizen, Carrera Systems, +27 (0)82 462 6634, [email protected], www.carrera.co.za

This paper has been shortened. The original is at www.webroot.com/shared/pdf/WebrootMobileSecurity.pdf





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
Get proactive with cybersecurity
Information Security
The ability to respond effectively to a cybersecurity breach is critical, but the missing piece of the puzzle is a thorough, proactive evaluation to ascertain weaknesses and identify any hidden threats.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
How to securely manage your digital footprint
Information Security Training & Education
Managing your online presence is critical to safeguarding your privacy and security. It is imperative to take a proactive approach, including using robust cybersecurity best practices.

Read more...
The state of code security in 2024
Information Security
The 2024 State of Code Security survey reveals that organisations have continued to shore up application security defences over the last year, according to OpenText Premier Partner iOCO Application Management.

Read more...
What is the level of safety and integrity of the software supply chain?
Information Security IoT & Automation
Organisations are embracing AppSec practices and focusing on their software security posture. However, they highlight that insufficient funding and security resources, plus a disconnect between developers and security teams, remain major roadblocks.

Read more...
Cybercriminals target financial service providers to get at sensitive client data
Information Security
According to Ryan van de Coolwijk, Product Head for cyber at iTOO Special Risks, hackers target financial service providers because they hold sensitive client information that unauthorised individuals could use for fraudulent activities.

Read more...
Fortinet establishes new point-of-presence in South Africa
News & Events Information Security
Fortinet has announced the launch of a new dedicated point-of-presence (POP) in Isando, Johannesburg, to expand the reach and availability of Fortinet Unified SASE for customers across South Africa and southern African countries.

Read more...