Uncertainty about how to secure mobile phones in the face of increasing threats is slowing enterprise adoption of mobile applications, experts exhibiting at the 3GSM World Congress in Barcelona last month said.
Over two-thirds of mobile operators in Europe that took part in a survey said that they detected more than 100 incidents involving mobile viruses or mobile spyware in 2006, according to a study conducted by Informa Ltd. for security software developer McAfee Inc. The number of European operators reporting more than 1,000 such incidents more than doubled in 2006 compared to the previous year, the report said.
IT administrators, uncertain how to protect their users from such attacks, are unwilling to enable mobile access to applications for workers.
“Enterprise security professionals haven’t really worked this out yet,” said Lorcan Burke, CEO of AdaptiveMobile Ltd. Companies such as banks, with strict security requirements, simply block access to any service, including Internet access, that could open doors to security issues, he said.
At the recent RSA Conference in San Francisco, some of the most crowded events were those tackling mobile security issues, said Simeon Coney, vice president of marketing for AdaptiveMobile. That was an indication that IT administrators are trying to find out how serious mobile security problems are and how to address them, he said.
Mobile services can be secured in the application, the network or in hardware or software on the device. Among operators responding to the McAfee study, most found that virus protection was most important at application and device levels, although more of them had deployed network-level security systems than the other options. Over 200 respondents from the operator community took part in the study.
AdaptiveMobile makes network-level security products for operators, including a system for filtering viruses in e-mail, SMS (Short Message Service), MMS (Multimedia Messaging Service) and WAP (Wireless Application Protocol) traffic. Beyond viruses, AdaptiveMobile can also control content, so it can stop phishing and other fraudulent attacks, or limit the types of content end users can access.
If an operator has deployed AdaptiveMobile’s platform, an IT administrator in a company can set and manage such controls down to the level of individual users.