The Great Myth About Mobile Security
Mark Reeves, SVP International for Entrust, examines the so called ‘facts’ behind the myth that mobile devices are less secure than desktop PCs.
It is hard to remember life before the first capable smartphone. It is similar to recalling an era before the internet. June 29, 2007, marked the beginning of a mobile technology revolution when the first-generation Apple iPhone hit the market. Google and Microsoft soon followed suit with Android and Windows Phone operating systems, and the market exploded.
Today, mobile devices are all pervasive and everything from checking emails, looking up train times, watching TV shows, finding directions, playing games and, yes, even making phone calls is second nature to most consumers.
It was this consumer-driven demand that directly influenced the enterprise, sparking a critical shift in IT policy that allowed employees and staff to use powerful, consumer-level smartphones and mobile devices for work-related purposes. And as we look around the workplace, there is no doubt that the trends of Bring Your Own Device (BYOD), Choose Your Own Device (CYOD) and Bring Your Own App (BYOA) are now firmly established.
Yet despite this growing reliance on mobility, IT decision-makers still incorrectly believe that traditional PCs are more secure than mobile devices. Entrust commissioned analyst firm Forrester to research this issue, and 71 per cent of respondents surveyed somewhat or strongly agreed that the desktop/laptop is secure, compared to 43 per cent who said that mobile devices are secure.
The overwhelming perception is that mobile devices are less secure. Even with sand-boxed mobile applications, secure operating systems and savvy mobile users, the perception remains that mobile devices are not computers to be taken seriously. In fact, the complete opposite is true.
Whether used for secure physical and logical access, authenticators for digital identities, platforms for soft tokens or even as tools to verify desktop-based transactions to defeat malware, mobile devices, by default, simply have a better security posture than today’s standard PC.
When properly managed and protected, mobile devices serve as a formidable platform for securing digital identities and online transactions. Here’s why:
- Not an easy target:
Desktop malware – performing malicious app-to-app process migration, native keyboard key-logging and Zeus-style memory-hooking – is not being found in mobile malware samples. Plus, specific mobile vulnerabilities usually have a short lifespan.
- Smaller attack surface:
As for Android, malware usually targets specific hardware, firmware and OS versions, which greatly reduces the viability and lucrativeness of large-scale infections.
- Designed with security in mind:
Today’s non-jail-broken mobile devices are more secure thanks to a multi-layered approach that’s core to the development of mobile operating systems. Applications installed on mobile devices are digitally signed and / or thoroughly vetted.
- A safe ‘sandbox’:
Legitimate applications are also sand-boxed, meaning they can’t share or gain access to each other’s information, an important trait that helps defend against advanced mobile malware.
- Proven mobile security:
The strength of mobile platforms is further augmented by third-party security capabilities. Solutions that offer digital certificates, embed transparent one-time pass codes (OTPs) or provide application-specific PIN unlock options further bolster device security.
For many businesses, the true power of mobility isn’t yet being realised. However, employees’ adoption of smartphones and tablets as their preferred work devices of choice is changing many an organisation’s IT landscape.
The security that you get out of the box from a mobile operating system already exceeds what you can buy with traditional desktop PC endpoint security. In a world where most users mix usage of PCs, smartphones and tablets, it’s a great opportunity to take advantage of the strength of the computers carried in our pockets.