Mobile security from the cloud

April 2014 Information Security

As smartphones and tablets have become increasingly sophisticated, the amount and types of data stored on them have increased. Confidential data once stored inside the firewall now resides on mobile devices, but many small and medium businesses have not taken sufficient action to address the risks this presents.

SMB IT staff may believe that only large enterprises are at risk. But according to one report, 40% of attacks have been directed at SMBs, while only 28% have been directed toward large enterprises. The diversity of device types complicates data protection. Traditional security solutions require a different product for each type of device, each with its own management facility and each with its own command set, increasing IT management complexity and resource requirements.

Security challenges

The rapid adoption of smartphones and tablets has attracted the attention of hackers and other intruders, increasing the risk of data loss for SMBs as well as large enterprises.

The US Department of Homeland Security reported a 400% increase in attacks on Android devices between mid-2010 and June 2012. Apple’s iOS devices are targeted less frequently, since apps are available only from Apple’s App Store, but some malicious apps have slipped through Apple’s tests as well.

The reason for these attacks is simple: Mobile devices increasingly contain valuable information. Sales staff with customer and price lists, field service technicians with detailed product information, and health care workers with patient information are all potential targets.

Data resident on mobile devices is not the only target. Users typically store passwords and PINs on their devices to avoid having to enter them for each access point. An attacker who captures a VPN password, for instance, can easily gain access to server-based data that is considered safe inside the corporate firewall.

Attackers can profit from a successful attack and cause financial loss for a business even when the compromised device contains nothing confidential and no valuable passwords. For example, malware can charge Premium SMS messages to a corporate phone number lifted from a phone’s contact list. It’s not hard to miss a series of $5 to $10 charges scattered through a long cell service log, but these charges can add up.

The bring-your-own-device trend, with employees using their own devices for work purposes, further adds to the challenge of protecting corporate data. One problem is that conventional anti-malware products are designed for a single device type, but it’s inevitable that staff members won’t all choose the same type of device. The result: IT staff must learn how to maintain and monitor multiple device types while using multiple security products.

User-installed apps represent another major business risk. It’s virtually impossible to prevent employees from choosing and installing apps on their personal devices. Attackers create apps that offer a free game or another attractive feature but contain code that compromises device security. Malware is not the only danger. Data loss due to lost or stolen devices is also a major problem. A 2012 survey conducted by Research Now found that among businesses with up to 50 employees, roughly a quarter had dealt with device loss or theft.

SMBs slow to implement mobile security

Despite the widely publicised losses resulting from targeted attacks, many SMBs have not taken action to address mobile device security. Research Now found that fewer than half of the enterprises surveyed had implemented a security solution. Several factors have impeded adoption of appropriate mobile security measures.

First, IT staff may be unaware that employees are transferring confidential information to privately owned devices. Second, with SMB IT staff already supporting in-house desktop systems, mobile laptops and servers, they may believe that implementing a mobile device solution that protects the variety of devices in employees’ hands would be too time-consuming, complex and expensive.

Traditional security requires a different product for each type of device: one for Windows-based desktops and laptops, another for conventional servers and yet another for virtualised servers. Each requires its own management console with its own set of commands. Now add in mobile products with two more management facilities, one for Android and one for Apple iOS devices. It’s no wonder that IT staff already struggling to deal with on-premises systems are not eager to add mobile devices to their workload.

Traditional mobile security solutions have an additional drawback. They require that staff have hands-on access to install software updates and make policy changes. Scheduling updates for a time when a device will be available in-house adds more complication. At any given time, some devices have been updated while others haven’t. The task becomes even more complex and time consuming when the staff must support a mix of device types, each protected by a different security product.

While overburdened IT staff at many SMBs have avoided implementing mobile device security, it’s clear that doing so is no longer feasible. The risks are too great. However, with the right security solution, SMBs can implement improved security defences while streamlining IT management challenges.

Cloud-based security solutions simplify management

Reducing IT staff time and effort requires a security solution that supports both Android and Apple iOS mobile devices as well as current in-house systems. Increasingly, SMBs are looking to cloud-based solutions as a way to support all of these systems with reduced management effort and simultaneously provide better protection than traditional products.

Managing via the cloud simplifies labour-intensive tasks. A single management console manages both on-premises and mobile devices, and there is just one set of management commands to learn. Instead of configuring devices one by one, IT staff members enter a single set of commands to a cloud-resident management server.

Updates are delivered to all devices simultaneously, so policy changes become effective for all connected devices immediately. Any devices that are out of range of cell service or Wi-Fi – or are shut off – automatically receive the updates upon their next connection to the Internet.

Cloud management offers these benefits:

* Eliminates the need to invest in a management server and management software.

* A single management facility supports all devices.

* Updates are made using a standard Web browser.

* Cloud resources are scalable and redundant.

* Eliminates the need to upgrade an in-house management server when the device population increases or to delay required policy changes because the management server is down.

Cloud-based solutions provide superior device security

Traditional mobile device protection software executes inside each device, monitoring incoming e-mail and Web pages as they are received and comparing their contents against a previously downloaded threat signature file. Inspecting and analysing incoming data requires a large device-resident application and consumes processor resources.

Dealing with today’s wide variety of threats requires a significant amount of memory for the application itself and for the threat signature database. Additionally, with traditional products, each database download consumes network bandwidth, processor time and cell service monthly quota. As a result, devices typically update, at most, every few hours.

With their need for periodic updates, traditional security products leave devices vulnerable. According to testing company AV-TEST, 55 000 new malicious programs are detected each day. Attackers understand that defences against any new attack type will be created quickly, so any new method is most valuable during the first day it’s used. To take maximum advantage, they attack multiple sites as quickly as possible. Devices protected by traditional products remain open to the new attack in the hours until their next update.

In contrast, cloud-based solutions greatly increase mobile protection. Here’s how: First, they offload data inspection to powerful cloud processors that scan the Internet 24x7, searching for malicious websites and device apps. Suspicious websites and apps are evaluated using processors with far more compute power than those found on mobile devices.

When a new website or app is discovered, cloud processors examine it in detail. They check Web pages for embedded malware and execute apps in a protected environment to determine what privileges they would request from a mobile device operating system and whether they would perform other actions that would compromise a device.

Webroot SecureAnywhere Mobile Protection

Webroot’s SecureAnywhere Mobile Protection greatly eases the load on IT management staff by supporting both Android and Apple iOS mobile software environments. SecureAnywhere Mobile Protection is part of Webroot’s Secure Anywhere Business platform, which also delivers endpoint protection for laptops, desktops, servers and virtualised environments.

Uniform policies govern all devices. When a change is made, it applies to all devices without the need to wait until a mobile device is brought in-house, and there’s no need to configure devices one by one. Connected devices are updated immediately over the air, while those without Internet access are updated as soon as they are connected.

SecureAnywhere Endpoint Protection supports Microsoft Windows desktops, laptops and Windows servers, plus virtualised servers supported by VMware, Citrix and Microsoft software. Both SecureAnywhere Mobile Protection and SecureAnywhere Endpoint Protection are managed from the same portal, further reducing management load and complexity. There’s no need for a traditional management application and no capital cost to acquire an in-house management server. Management is done using a standard Web browser to access a cloud-based security service. Staff members do not even have to switch from their favourite browser: SecureAnywhere Mobile Protection supports all popular browsers, including Internet Explorer, Firefox, Chrome, Safari and Opera.

Devices can be managed from anywhere, so an IT staffer with the proper login credentials can connect from home or anywhere to make needed changes. The staffer can make changes to any device or to all devices. If an issue arises that affects all devices, the staffer can make a global policy change.

A single login to the cloud-resident management server is all that’s required. There’s no need to connect through the firewall to an on-premises management server to update on-premises systems and then connect to another facility to modify mobile devices. One connection and one set of commands is all that is needed.

Management is further simplified by a set of default and preconfigured policy templates. Cloud-based management constantly monitors all devices, generating alerts, notifications, and real-time ad hoc and scheduled logs. The network monitor tracks and logs all applications that access the network. Alerts can be sent via e-mail or SMS as well as to the management console.

For more information on Webroot’s SecureAnywhere Mobile Protection contact Dean Barkhuizen, Carrera Systems, +27 (0)82 462 6634, [email protected], www.carrera.co.za

This paper has been shortened. The original is at www.webroot.com/shared/pdf/WebrootMobileSecurity.pdf





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Identity is a cyber issue
Access Control & Identity Management Information Security
Identity and access management telemetry has emerged as the most common source of early threat detection, responsible for seven of the top 10 indicators of compromise leading to security investigations.

Read more...
Identity and authentication
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security Security Services & Risk Management
Identity authentication is a crucial aspect of both physical security and cybersecurity. SMART Security Solutions obtained insights into the topic and the latest developments from three companies.

Read more...
From QR code to compromise
Information Security News & Events
A new attack vector involves threat actors using fraudulent QR codes emailed in PDF attachments to bypass companies' phishing security measures by requiring users to scan the code with their mobile phones.

Read more...
Organisations fear AI-driven cyberattacks, but lack key defences
Kaspersky Information Security News & Events Training & Education
A recent Kaspersky study reveals that businesses are increasingly worried about the growing use of artificial intelligence in cyberattacks, with 56% of surveyed companies in South Africa reporting a rise in cyber incidents over the past year.

Read more...
Vodacom Business unveils new cybersecurity report
Information Security IoT & Automation
Cybersecurity as an Imperative for Growth offers insights into the state of cybersecurity in South Africa, the importance of security frameworks in digital resilience and the latest attack methods adopted by cyberattackers.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
Cybersecurity needs 4,7 million professionals
Information Security
Despite all the efforts organisations worldwide put into preventing cyberattacks, global cybercrime has snowballed to $9,2 trillion in 2024 and is expected to grow by another 70% to $15,6 trillion by the end of a decade.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...