- PROJECT HELP
- WHITE PAPERS
With use of smartphones and tablets on the rise and sales of traditional PCs on the decline, attacks on mobile devices are maturing, says IT research and advisory firm Gartner Inc.
By 2017, the focus of endpoint breaches will shift to tablets and smartphones. And, according to Gartner, 75 percent of mobile security breaches will be the result of mobile application misconfiguration and misuse.
Common examples of misuse are “jailbreaking” on iOS devices and “rooting” on Android devices. These procedures allow users to access certain device resources that are normally unavailable — and remove app-specific protections and the safe "sandbox" provided by the operating system, putting data at risk.
Jailbreaking and rooting can also allow malware to be downloaded to the device, enabling malicious exploits that include extraction of enterprise data. These mobile devices also become prone to brute force attacks on passcodes.
According to Dionisio Zumerle, principal research analyst at Gartner, a classic example of misconfiguration is improper use of personal cloud services through apps residing on smartphones and tablets. “When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices," he said.
The best defense for an enterprise is to keep mobile devices fixed in a safe configuration by means of a mobile device management policy, supplemented by app shielding and "containers" that protect important data.
Gartner recommends that IT security leaders follow an MDM/enterprise mobility management baseline for Android and Apple devices as follows:
IT security leaders also need to use network access control methods to deny enterprise connections for devices that exhibit potentially suspicious activity.
"We also recommend that they favor mobile app reputation services and establish external malware control on content before it is delivered to the mobile device," said Zumerle.
Mobile security trends will be discussed at the Gartner IT Infrastructure & Operations Management Summit 2014, June 9–11 in Orlando, Fla.