Gartner: Security risks rise as smart phones get smarter

Growing use of handhelds in business apps increases potential for attacks, analyst says

By Jeremy Kirk

September 29, 2008 12:00 PM ET

Comments

Top Stories

IDG News Service - As wireless devices become more numerous within businesses, their convenience will be counterbalanced by an increasing potential for security problems, according to a Gartner Inc. analyst who spoke at the consulting firm's IT Security Summit in London today.

New trends in the wireless industry are making it easier for hackers to launch attacks targeting handhelds, Gartner analyst John Girard said. A few years ago, there wasn't much standardization across smart phones and other wireless devices, he noted. Differing operating systems and implementations of mobile Java — even varying configurations among devices with the same operating system — made it hard to write malicious code that ran on a wide array of devices, Girard said.

But that's changing, he added, saying that the process of writing malware that can run on a variety of handheld devices has been simplified. "The more your phone gets like a PC," Girard said, "the more it can host malicious code."

Many of the security threats that traditionally have plagued PCs, such as phishing attacks, will increasingly move to mobile platforms, Girard predicted. That could cause problems, he said, when companies begin installing business applications on mobile phones, which will house data that is potentially valuable to attackers. "We're very quickly moving to the point where people really can do business on smart phones," Girard said.

Gartner forecasts that wireless identity theft and phishing attempts targeting mobile devices will become more and more prevalent next year. Girard said that before buying large quantities of handhelds for their workers, companies need to be sure that the devices meet a minimum set of security specifications, based on what kind of data the devices will handle and the regulations that businesses need to comply with under data protection laws.

Having the mobile hardware and software arrive in a secure state is a lot easier for IT managers than trying to fix devices after they've been deployed in the field, he added.

Girard laid out a few key security pointers: Data should be encrypted on handhelds, proper identity and access controls should be implemented, and intrusion-prevention systems should be used to ensure that rogue devices don't access sensitive information, he said.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

handhelds

Additional Resources

WHITE PAPER

EFD vs. HDD - What You Need to Know

Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.

WHITE PAPER

Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009

The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.

WHITE PAPER

Eight Criteria for Server Load Balancing

Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.