The Great Myth About Mobile Security

Mobile Security Myth

It’s hard to remember life before the first capable smartphone. It’s similar to recalling an era before the Internet. June 29, 2007, marks the beginning of a mobile technology revolution when the first-generation Apple iPhone hit the market. Google and Microsoft soon followed suit with Android and Windows Phone operating systems, and the market exploded.

Today, mobile devices are all pervasive and everything from checking emails, looking up train times, watching TV shows, finding directions, playing games and, yes, even making phone calls is second nature to most consumers.

It was this consumer-driven demand that directly influenced the enterprise, sparking a critical shift in IT policy that allowed employees and staff to use powerful, consumer-level smartphones and mobile devices for work-related purposes. And as we look around the workplace, there is no doubt that the trends of Bring Your Own Device (BYOD), Choose Your Own Device (CYOD) and Bring Your Own App (BYOA) are now firmly established.

Yet despite this growing reliance on mobility, IT decision-makers still incorrectly believe that traditional PCs are more secure than mobile devices. Entrust commissioned analyst firm Forrester to research this issue, and 71 percent of respondents surveyed somewhat or strongly agreed that the desktop/laptop is secure, compared to 43 percent who said that mobile devices are secure.

The overwhelming perception is that mobile devices are less secure. Even with sandboxed mobile applications, secure operating systems and savvy mobile users, the perception remains that mobile devices aren’t computers to be taken seriously. In fact, the complete opposite is true. Whether used for secure physical and logical access, authenticators for digital identities, platforms for soft tokens or even as tools to verify desktop-based transactions to defeat malware, mobile devices, by default simply have a better security posture than today’s standard PC.

When properly managed and protected, mobile devices serve as a formidable platform for securing digital identities and online transactions. Here’s why:

  • Not an easy target: Desktop malware – performing malicious app-to-app process migration, native keyboard keylogging and Zeus-style memory-hooking – is not found in mobile malware samples. Plus, specific mobile vulnerabilities usually have a short lifespan.
  • Smaller attack surface: As for Android, malware usually targets specific hardware, firmware and OS versions, which reduces the viability and lucrativeness of infections.
  • Designed with security in mind: Today’s non-jailbroken devices are more secure thanks to a multi-layered approach that’s core to the development of mobile operating systems. Applications installed on mobile devices are digitally signed and/or vetted.
  • A safe sandbox: Legitimate applications are also sand-boxed, meaning they can’t share or gain access to each other’s information – an important trait that helps defend against advanced mobile malware.
  • Proven mobile security: The strength of mobile platforms is further augmented by third-party security capabilities. Solutions that offer digital certificates, embed transparent one-time passcodes (OTPs) or provide application-specific PIN unlock options further bolster device security.

For many businesses, the true power of mobility isn’t yet being realised. However, employees’ adoption of smartphones and tablets as their preferred work devices of choice is changing an organisation’s IT landscape. The security that you get out of the box from a mobile operating system already exceeds what you can buy with traditional desktop PC. In a world where most users mix usage of PCs, smartphones and tablets, it’s a great opportunity to take advantage of the strength of the computers carried in our pockets.

Mark Reeves

Mark Reeves has over 20 years' experience managing International growth in the technology sector, having enjoyed much success in high growth organisations. Mark joined Entrust as SVP International Sales in September 2011, with a charter of growing the business in International markets.