Security pros unsure about smartphones
An expert says that security always plays catch-up when it comes to new tech, and smartphones are no exception.
IT security professionals are unsure about making smartphones secure for the workplace, with a survey saying that nine out of 10 believe the devices pose a significant threat to the enterprise.
The research polled nearly 2,000 certified security professionals belonging to the ISC2 group. John Colley, ISC2 managing director, told IT PRO that this result was exactly as he had expected, as it was a normal security reaction to any new technology.
"Their first reaction is that 'we mustn't use it because it isn't secure'," he said. "We saw that with wireless networks, we saw security managers banning USB sticks, Facebook - all kinds of stuff."
Colley said that there was always a time lag between having new technology available and security pros and vendors finding ways to effectively secure them.
When it came with mobile phone security, IT security had to deal with significant developments such as companies like Apple, BlackBerry and soon Microsoft encouraging users to download applications to their phone.
"The Apple model now is that anyone can write an application and stick it in the Apple store where people can download it," he said. "What's allowed effectively is that unknown software is downloaded onto a phone."
"Once you start using the iPhone for business such as accessing email, you've actually been downloading software that you don't know what is doing in the background," he warned.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Colley said that businesses couldn't go down the path of banning the devices, as usually the people who liked them were in the more senior and well-paid positions.
He said that businesses needed to solve the problem in other ways. "The first line of defence is awareness and education, telling people to be careful of what apps you download and run a list of those you are happy with."
"Explain to people that they need to be careful about what information they keep on the phone."
Colley said long-term businesses needed to put pressure on the device makers to make the security model better.
He said: "For security it's always a case of catch-up, as the new functionality is always more interesting than the security around it."