Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

IBM: Mobile phone, cloud security issues can impact IT

IBM says IT staff need to pay extra attention to use of mobile devices and cloud infrastructure on business networks because both technologies are still young, and security can be sketchy.

IBM says IT staff need to pay extra attention to use of mobile devices and cloud infrastructure on business networks because both technologies are still young, and security can be sketchy.

Businesses should know that jailbreakers who figure out how to gain root access to mobile phones are causing trouble. While some phone owners want this type of access so the phones can support applications manufacturers didn't intend them to, attackers benefit from jailbreaking toolkits. Attackers can modify the code into a tool to gain unauthorized root access, according to a new report from IBM's security watchers, "IBM X-Force 2010 Trend and Risk Report."

OTHER CONCERNS: Social networking security threats taken too lightly

"We aren't seeing a lot of widespread attack activity targeting these vulnerabilities today," the report says, "because mobile devices likely do not represent the same kind of financial opportunity that desktop machines do for the sort of individuals who create large Internet botnets."

Even so, individual phones may contain enough valuable information to warrant a targeted attack. "Malicious software on the devices can be used to spy on users, access sensitive information on the phones, and reach back into corporate networks. Therefore, enterprises should take the risk of targeted malware on phones seriously," the report says.

IBM X-Force recommends a bare minimum of security measures including a firewall, anti-malware, strong passwords, lock-out and data removal after multiple failed logins, use of gateways between devices and the enterprise network, and configuring Bluetooth so devices link only to other safe devices.

Businesses should also consider encryption of sensitive data as it sits on mobile devices. Not all data need be encrypted, but valuable corporate data should, the report says.

A powerful potential source of smartphone malware is legitimate application stores. Without the resources to fully vet all submitted apps, these stores may sell applications that are actually malware. "It is likely that malicious behaviors in what appear to be trustworthy applications may provide an easy vector," the report says.

Corporations seeking to secure smartphones could benefit from technology that allows encapsulating all business-related data and applications separate from personal data and applications within the same phone. Users prefer to carry just one device, and encapsulating business content would support personal use while protecting business data, IBM says.

The report also targets cloud services and notes that cloud security is the greatest hindrance to adopting them, but businesses are increasingly adopting them anyway for at least some of their data and applications. Security need not be foolproof if the risks associated with using the cloud are acceptable. "The question for organizations is not whether the cloud as a whole is secure, but whether the organization is comfortable placing their workload on the cloud," IBM X-Force says.

Customers naturally need to trust the security offered by cloud providers, but equally understandably the providers are reluctant to give away a blueprint for attackers by revealing what measures are in place. Customers need to trust the providers, but there is no foolproof way to do so, IBM X-Force says.

It is feasible that cloud providers could offer better security than customers could provide themselves due to a lack of resources and expertise. And security services provided from the cloud could help protect corporate networks better than they do themselves, the report says.

At least in the short term, customers need to work out what tolerance they have for risk associated with cloud services and act appropriately, the report says.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Apple, Google, IBM, IBM Australia, LAN, X-Force
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: encryption, IBM, mobile security, security
Latest Blog Posts
Whitepapers
  • A Technical Overview of the Oracle Exadata Database Machine and Exadata Storage Server
    Businesses today increasingly need to leverage a unified database platform to enable the deployment and consolidation of all applications onto one common infrastructure. Whether OLTP, DW or mixed workload a common infrastructure delivers the efficiencies and reusability the datacenter needs – and provides the reality of grid computing in-house. Read on.
    Learn more »
  • Control your Print Environment
    In your ongoing quest to maximize productivity and drive down costs, you might be surprised by the savings and greater competitive advantage you can achieve with a fully optimised and well-managed printing and imaging environment. In fact, studies have shown that managing your fleet holistically can save you upwards of 30% on your printing costs. And the savings increase exponentially when the scope of work includes automating your paper intensive workflows. Read more.
    Learn more »
  • Agile: Transforming small-team thinking into big business results
    Agile is fast becoming the development method of choice for many Australian businesses. This whitepaper discusses key trends and best practices for scaling agile within complex organisations.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments