IBM: Mobile phone, cloud security issues can impact IT

IBM says IT staff need to pay extra attention to use of mobile devices and cloud infrastructure on business networks because both technologies are still young, and security can be sketchy.

IBM says IT staff need to pay extra attention to use of mobile devices and cloud infrastructure on business networks because both technologies are still young, and security can be sketchy.

Businesses should know that jailbreakers who figure out how to gain root access to mobile phones are causing trouble. While some phone owners want this type of access so the phones can support applications manufacturers didn't intend them to, attackers benefit from jailbreaking toolkits. Attackers can modify the code into a tool to gain unauthorized root access, according to a new report from IBM's security watchers, "IBM X-Force 2010 Trend and Risk Report."

OTHER CONCERNS: Social networking security threats taken too lightly

"We aren't seeing a lot of widespread attack activity targeting these vulnerabilities today," the report says, "because mobile devices likely do not represent the same kind of financial opportunity that desktop machines do for the sort of individuals who create large Internet botnets."

Even so, individual phones may contain enough valuable information to warrant a targeted attack. "Malicious software on the devices can be used to spy on users, access sensitive information on the phones, and reach back into corporate networks. Therefore, enterprises should take the risk of targeted malware on phones seriously," the report says.

IBM X-Force recommends a bare minimum of security measures including a firewall, anti-malware, strong passwords, lock-out and data removal after multiple failed logins, use of gateways between devices and the enterprise network, and configuring Bluetooth so devices link only to other safe devices.

Businesses should also consider encryption of sensitive data as it sits on mobile devices. Not all data need be encrypted, but valuable corporate data should, the report says.

A powerful potential source of smartphone malware is legitimate application stores. Without the resources to fully vet all submitted apps, these stores may sell applications that are actually malware. "It is likely that malicious behaviors in what appear to be trustworthy applications may provide an easy vector," the report says.

Corporations seeking to secure smartphones could benefit from technology that allows encapsulating all business-related data and applications separate from personal data and applications within the same phone. Users prefer to carry just one device, and encapsulating business content would support personal use while protecting business data, IBM says.

The report also targets cloud services and notes that cloud security is the greatest hindrance to adopting them, but businesses are increasingly adopting them anyway for at least some of their data and applications. Security need not be foolproof if the risks associated with using the cloud are acceptable. "The question for organizations is not whether the cloud as a whole is secure, but whether the organization is comfortable placing their workload on the cloud," IBM X-Force says.

Customers naturally need to trust the security offered by cloud providers, but equally understandably the providers are reluctant to give away a blueprint for attackers by revealing what measures are in place. Customers need to trust the providers, but there is no foolproof way to do so, IBM X-Force says.

It is feasible that cloud providers could offer better security than customers could provide themselves due to a lack of resources and expertise. And security services provided from the cloud could help protect corporate networks better than they do themselves, the report says.

At least in the short term, customers need to work out what tolerance they have for risk associated with cloud services and act appropriately, the report says.

Read more about wide area network in Network World's Wide Area Network section.

Tags securityIBMmobile securityencryption

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest News Articles

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?