From Android to the iPhone, Security Vendors Target Mobile Devices

From McAfee to Websense to Kaspersky Lab, security vendors are looking to secure the growing number of mobile devices in the enterprise.

According to researchers at IDC, smartphone vendors shipped more than 100 million devices during the fourth quarter of 2010, almost double the number delivered during the same period in 2009. For enterprises, this means there is no shortage of new devices for them to manage and secure.

But where enterprises see potential IT headaches, security vendors see opportunity. The growing focus on protecting mobile devices has led recently to a number of announcements spanning mobile-management and anti-malware solutions from companies such as McAfee, Kaspersky Lab and others.

"Enterprises are struggling with the consumerization of IT," said Amit Sinha, CTO of Zscaler.

"With the proliferation of mobile devices like iPads and iPhones within the enterprise, IT administrators can no longer ignore these devices as outside their scope of responsibility," he added.

Zscaler announced Zscaler Mobile last week at the RSA Conference in San Francisco, adding its name to the list of security companies making plays in the mobile space. Also last week, Websense unveiled Mobile DLP, a data loss prevention offering for mobile devices that identifies corporate mail communications and quarantines confidential e-mail on the Exchange Server for access only on authorized machines.

This week, McAfee and Kaspersky Lab made their own announcements about security. McAfee said it is bundling its WaveSecure and VirusScan Mobile technologies as a single license for partners, combining technology such as wipe and restore with anti-malware capabilities. The company also revealed plans to include McAfee Enterprise Mobility Management with every device loaded with WaveSecure, VirusScan Mobile or McAfee's mobile suite to ensure the device is "business ready."

Kaspersky Lab also threw its hat into the ring, and added support in Kaspersky Mobile Security 9 for BlackBerry and Google Android devices. In that release, Kaspersky also included GPS tracking technology to locate lost or stolen phones, the ability to remotely lock down the device and block any communication to or from the device, and mobile-content filtering. In addition, users can leverage SIM Watch. If a thief tries to replace a device's SIM card, SIM Watch will e-mail the rightful owner the device's new number.

"The Android market is booming, and has nowhere to go but up...our own CEO recently made some pretty bold projections about Android market share in the coming years," said Peter Beardmore, director of product marketing for Kaspersky Lab. "BlackBerry is another widely used platform, but one that had been mostly confined to within corporate networks, and thus [is] under corporate security umbrellas. With BlackBerry making significant strides among general consumers, it makes sense to add these anti-theft and data-security features."

According to Kaspersky, there are probably more than 2,000 pieces of mobile malware in the wild today. Still, some say the case for serious investments in anti-malware technology for smartphones is not ready to be made to enterprises.

"The biggest risk around smartphones is physical loss of the device-encrypting the data on the phone, requiring a password, time out timer, remote kill, etc.-...[are all] much more important than anti-malware on smartphones," said Gartner analyst John Pescatore.

Meanwhile, for BlackBerry, Apple iOS, and Windows Phone 7 mobile OS platforms, a gatekeeper reviews and inspects third-party applications, thereby reducing the need for anti-malware, Chris Hazelton, an analyst with the 451 Group, told eWEEK.

"For Android and HP's webOS, developers can distribute mobile applications through Websites," he said. "This opens the door to app spoofing-where hackers repackage recognized apps with malware....We expect significant growth in Android use in the enterprise over the next 12 months-both tablets and smartphones-so there could be a significant number of breaches through Android if companies are only managing Android devices using Exchange and not a full-blown MDM [mobile data management] offering that provides visibility into the applications installed on an Android device."