Seven years ago Steve Jobs stood up at Macworld, San Francisco, and announced the first iPhone in San Francisco and in doing so launched a revolution that is still having a monumental impact on the business and social world today.
Up to that time a mobile phone was…..well a phone to make calls and texts on. But such was the excitement caused by the iPhone and the subsequent generations of Android and Windows Smartphones, consumers and businesses have raced to get hold of the latest devices and in doing so it has changed the way we think of our mobile phones and mobile computing.
Adoption of smartphones has been incredible. By 2008, there were more smart, connected devices in existence than people on Earth. By 2020, it is estimated there will be 50 billion of these devices – about six per person.
It is difficult to remember the revolution the iPhone caused as todaywe do not think twice that our smartphones allow us to have a phone, a music player, and a powerful computer to check email and surf the web all in the palm of our hands.
In effect we have a powerful and easy to use computer in our pockets and we expect to use it all the time and wherever we go, at home, on holiday, or at work.
So of course the birth of the iPhone also changed the way we in business have to manage our networks and it has had a huge impact on the security of our companies. That impact has only been increased by the rapid move to laptops from desktops computers, and the fast adoption of tablet computers and the growing Bring Your Own Device (BYOD) revolution.
Unfortunately for many organizations employee-owned mobile devices that access corporate resources are usually outside of the control of the corporate IT function. As a result it can be difficult to identify even basic environmental data for these devices such as the number and type of devices being used, as well as operating systems and applications.
While smart phones, tablets and laptops are becoming our ‘go-to’ devices, creating a boon in productivity, BYOD is increasing security risk to the corporate network and corporate data.
Security of mobile devices is a question of three phases:
- Before – establishing control over how mobile devices are used and what data they can access or store
- During – Visibility and intelligence is vital if security professionals can hope to identify the threats and risky devices and monitor their activities on the corporate network
- After – when the inevitable happens and the network is compromised by a threat, this is the ability to retrospectively review how that threat entered the network; which systems it interacted with and what files and applications were run to ensure it can be cleaned up as quickly as possible.
One of the fundamental problems IT security professionals face when securing their network and digital assets is establishing Information Superiority – leveraging superior intelligence to identify what needs to be protected and the threats to consider when structuring defences. This becomes particularly challenging in the mobile enterprise. Mobile devices easily connect with third-party cloud services and computers whose security posture is potentially unknown and outside of the enterprise’s control. In addition, mobile malware is growing rapidly and further increases the risk.
Increased visibility and control will help businesses to protect against advanced threats that result from mobility and BYOD challenges. By taking advantage of Information Superiority to identify mobile devices connecting to the network, it is possible to determine whether a device is at risk and then take measures to protect it.
With increased visibility into the number and types of devices connecting to the network (iPhones/iPads, Blackberries, Android devices and more), as well as the applications they are running, Information Superiorityand control then allows us to inspect mobile protocols to identify vulnerabilities and stop potential attacks against these devices.
The iPhone has been responsible for a revolutionary way we access corporate networks and data. But we must continue to stay ahead of the threat and develop tools and techniques that provide Visibility and Control of the new threat these wonderful devices bring us.
Anthony Perridge, EMEA Channel Director at Sourcefire, now a part of Cisco