The Mobile Device Security & Management

Threats to mobile security are getting varied and stronger. Managing mobile security may be a huge challenge for innumerable reasons. 

While enterprises are working on improving security practices, awareness needs to grow at the individual level as well. For the latest on mobile technology, Implementation of a secure OS architecture has already begun with iPhones and the latest Samsung Galaxy smartphones deploying the feature. The iPhone and the Samsung Galaxy smartphones have 2 OSs: one OS is known as the application OS and the other is a smaller and more secure OS. The application OS is where smartphone users download and run their apps, while the second OS is used to handle keychain and cryptographic functions as well as other high-security tasks. According to a white paper on Apple’s secure mobile OS, “The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor.

So, the secure OS communicates with the application OS over a shared, and probably unencrypted, memory area and one mailbox.

Certain devices like the bit ID sensor, communicates with the secure OS over an encrypted channel. Samsung Galaxy smartphones use the TrustZone-based Integrity measurement architecture (TIMA) to verify the humanoid OS’ integrity. Since a large number of financial transactions happen over mobile devices, the twin OS system could be extraordinarily handy. For example, in the case of a credit card transaction, the secure OS will handle and pass the MasterCard data in an encrypted format, the application OS cannot even decode it. Encryption and authentication are implemented in smartphones to some degree already, but these steps are not enough.

One such concept is containers. Simply put, containers are third-party applications that isolate and secure a particular portion of a smartphone’s storage, like a high-security zone.

Containers are available on all popular mobile OSs: Android, Windows, iOS, and BlackBerry.

Another type of encrypting mobile devices is to introduce compulsory encryption. Google is doing that with Android Marshmallow, and all devices that run Marshmallow are required to make use of full-disk encryption out of the box. Although earlier Android versions allowed one to enable encryption, i.e. since Android 3.0, the option had 2 limitations: one, it was an optional task (only Nexus devices were shipped with encryption already enabled) so users did not usually enable it, and enabling encryption was a bit too technical for many typical users.

Implementing Network Security and Secure Browsing

From the mobile device user’s point of view, there are a number of ways to browse securely:

Do not modify the default browser settings in Android, iOS or Windows devices because the default settings are already providing good security for Android.

Do not log into unencrypted public wireless networks. People with bad intentions can also log into that. Sometimes, hackers can set up an open network and set a trap for unsuspecting users.

Try to use wireless networks that are secured. For such networks need a password or other authentication to allow access for users.

Whenever you access a website where you are going to share personal or confidential information, such as Bank account details, make sure that the URL begins with HTTPS. This means that all data transmitted through this website is encrypted.

While securing your browsing is required, it is at best the second step to securing mobile devices. The foundation is always network security. Mobile device security should begin with a multi-layered approach like as the VPN, IPS, firewall and application control. Next-generation firewalls and unified threat management helps IT, administrators, to monitor the flow of data and the behavior of users while devices connected to the network.

Implementing Remote Wipe

The remote wipe is the practice of wiping out your data from a mobile device via a remote location. This is done to be certain that confidential information doesn't fall into unauthorized hands. Normally, remote wipe is used in the following situations like:

• The device is lost or stolen.

• The device is with an employee who is no longer with the organization.

• If the device contains malware which can access confidential data.

Fiberlink Communications, a mobile device management company, remotely wiped 51,000 devices in 2013 and 81,000 devices in the first half of 2014.

However, since mobile device owners do not want anyone or anything else to access their personal devices, remote wiping may face a limitation. Owners are also rather lethargic when it comes to security.

To overcome these problems, enterprises could create containers in your mobile devices which will contain only confidential data. Remote wiping is going to be exercised solely on the instrumentality and not on information outside the instrumentality. Employees got to feel assured that remote wiping isn't reaching to have an effect on their personal information. Enterprises will track the usage of the mobile device. If the device is not being used for a long time, chances are that it has been lost or stolen.

Conclusion

While the remote wiping and secure browsing are good practices to follow, the most critical practices for ensuring mobile security is network security, OS architecture security and app management. These are the foundation pillars based on which a mobile device can be judged as secure or relatively insecure. Over time, these practices must be enhanced as the usage of mobile devices for financial and enterprise transactions grow exponentially.