You're in for a nasty surprise if you think mobile broadband devices will be free of the security problems that long have plagued PCs, said a panel of security experts at this week's Mobile Internet World conference.
The panel, which discussed how companies could protect their data in the era of iPhones and open source Android platforms, generally agreed that most handsets that provide high-speed Internet access are vulnerable to the same kinds of security problems that PCs experienced before the advent of firewalls,VPNs and other security systems. The reason that many of these devices lack stringent security measures, they said, is that companies don't want to invest heavily in security protocols for mobile devices that they aren't certain will be profitable. Rather, said the panel, the companies would prefer to get their handsets to market first and tackle security at a later date.
"Security is not at the economic root of what's driving companies to get their products out fast," said Jeffrey Bardin, the director of risk management at EMC. "We always start looking at security after the fact. Who's going to spend time upfront to make it secure if you're not sure it's even going to sell?"
Panelist Todd Thiemann, the director for device security marketing for Trend Micro, said there are several weak links in mobile Internet security, but he said the weakest by far are the individual users who might not know the dangers of sending sensitive corporate data over unsecured mobile connections. "Most people are used to their cell phone being bulletproof and not causing issues," he said.
The panelists suggested several steps corporations could take to limit the risks of data loss through mobile devices, including educating users about how to send sensitive data properly over a wireless connection, having policies on what employees can and cannot send through their wireless devices, ensuring that all data is encrypted and sent through corporate infrastructure, and having a "kill switch" that completely wipes a mobile device if it gets lost or stolen.
However, Bardin said that responsibility for securing mobile broadband devices shouldn't lie just with customers, but also with carriers and manufacturers. In particular, he said that manufactures and software developers would have to figure out a way to build strong security features onto mobile devices that aren't too big a strain on battery power.
"When I install antivirus software on my mobile device, it slows to a crawl," Bardin said. "The battery life gets cut in half, and I'm not able to use it all the time."
Sean Moshir, CEO of CellTrust, shared Bardin's view that carriers, software designers and manufacturers would have to collaborate to build more security into mobile phones, but added that educating users was at the "top of his list" of recommendations for improving mobile data security.
"Educating the consumer is a long-term task," Moshir said. "Carriers are going to do their best to secure their handsets, but I wouldn't rely on them, especially if their call quality and their number of calls dropped are any indication of whether they know what they're doing."
In the end, the panelists predicted that companies eventually would treat mobile Internet devices in the same way they treat PCs, although they could be in for a lot of painful experiences if they don't start working on mobile data security soon.
"We're generally slow on the uptake," said Bardin. "A lot of the time, we don't see some of the benefits to investing early in security until something happens."