Mobile Security Needs Major Upgrade

By Cameron Sturdevant  |  Posted 2005-01-17 Print this article Print

Securing phones and PDAs is crucial, but it's still difficult to do.

The proliferation—nay, ubiquity—of mobile devices in the enterprise makes it imperative for IT managers to take an unmoving stance on the security of these devices. Whether sanctioned by IT or not, the diverse devices used by todays mobile work force must be made to withstand withering security requirements to protect the integrity of corporate data.

And the devices that IT managers think are the most vulnerable—or the most worthy of protecting—may not be the ones most at risk.

According to a poll conducted Dec. 1 during Ziff Davis Medias Security Virtual Tradeshow Web seminar, 87 percent of attendees were concerned primarily with protecting laptops from malicious code. Protecting mobile phones, PDAs and other devices barely registered on the poll. (The archived Web seminar can be found at

Given the millions of laptops in use and connected to the Internet, it makes sense that IT managers are most concerned about them. However, there are more mobile phones in use than computers.

And while the limited computing power and the closed design of cell phone handsets have so far made them undesirable targets of virus writers, this likely wont remain so for much longer.

Case in point: According to the analysis company Ovum, there are now 10 million phones running Symbians Symbian OS. A Symbian-based proof-of-concept virus that spreads via a Bluetooth connection was reported last June and has now appeared in the wild in Europe as the Skulls virus.

Even if viruses and worms werent an issue, mobile devices should be a significant concern for organizations that are subject to regulatory requirements, including those in the Health Insurance Portability and Accountability Act.

For one thing, mobile devices are often lost or stolen, potentially leaving corporate data vulnerable to unauthorized access.

In addition, mobile devices almost always communicate via a wireless connection, a medium that is still notoriously insecure.

And data security, including encryption/decryption, has not been widely implemented on most mobile devices because these applications tend to tax battery life, memory and processing power.

In short, mobile device makers have focused on utility, not security, leaving the devices vulnerable.

Several companies are just now beginning to provide protection for mobile devices, and IT administrators should immediately start evaluating these tools.

For example, F-Secures Mobile Anti-Virus for Series 60 protects a variety of Nokia and Siemens handsets that run the Symbian operating system.

The F-Secure application requires 850KB of free memory and takes up 520KB of space on the phones, but of greater concern is the processing and concomitant power drain of processing messages and attachments.

IT administrators should keep in mind that given the changeable nature of mobile devices, managing the licenses for security products will likely be more of a problem than managing the software itself. IT administrators will need to make sure that license management is at the top of the checklist for any security software for mobile devices.

Indeed, IT managers should learn a lesson from the sorry state of desktop management. For the most part, patch management, software distribution and configuration management tools have been added on and unintegrated, and this has proved to be a resource-intensive way to maintain PCs and network infrastructure devices such as routers. If the same thing happens with mobile devices, were in big trouble.

Labs Technical Director Cameron Sturdevant can be reached at

Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel