In-Depth
Mobile IT: A Look Back, A Look Ahead
Mobile devices became targets just as more workers were connecting to corporate assets using their personal devices. What's ahead for mobile IT in 2012?
By Patrick Bedwell, Vice President of Product Marketing, Fortinet
A visitor from another planet in 2011 would likely have returned to his home world with the misperception that everyone living on Earth is born with a mobile device in his or her hand. We as a culture are so enamored with our smartphones and tablets that the release of a new device or OS can dominate the news cycle for weeks.
Mobile devices will continue to dominate the news cycle in 2012, but for a very different reason -- there will likely be successful, widespread attacks to mobile devices that will compromise personal data and corporate networks alike.
2011 Trend #1: The emergence of BYOD as a legitimate IT strategy
"Bring Your Own Device" is now a standard component of many IT departments' policies rather than being shunned. Enterprises have embraced the idea of allowing users to gain access to corporate resources via their own mobile devices. Allowing employees to access corporate resources with the same innovative technology they use in their personal lives increases productivity. Limited purchasing support for the devices also reduces costs, as many users supply the devices themselves.
2011 Trend #2: The year Android became the target of choice
In 2011, a wide range of threats targeted mobile devices, in particular Android operating systems. Criminals are targeting this OS for several reasons. First, as the most popular platform for downloading applications, it will be a target solely due to its popularity. Second, as Android is an open source operating system, it is easier to create malicious applications than a closed operating system such as iOS. Finally, Google does not control who can post apps on the Android Marketplace as tightly as Apple controls its App Store, which makes it easier to post malicious apps.
2011 Trend #3: The rise of mobile device management tools
The logical consequence of the rise in mobile devices accessing corporate resources and threats targeting those mobile devices is the rise of mobile device management (MDM) applications. Although there have been apps on the market for years, 2011 saw the rapid growth in a number of vendors including Lookout and Mobile Iron as management of mobile devices became mainstream.
As described above, enabling remote access/control by the corporate IT organization provides some measure of control over the "Wild West" of mobile devices in the corporate environment. MDM provides "over the air" management of mobile devices, including security policy enforcement, asset tracking, provisioning, remote lock and wipe, and backup/restore.
2012 Predictions
In 2012, enterprises will place a greater focus on mobility and security in the workplace. Here are my top 3 predictions:
2012 Prediction #1: Mobile ransomware goes mainstream
The mobile botnet DroidKungFu and its variants target the Android platform with a feature set that is equivalent to many mature botnets that have been targeting PC users for years. By the end of 2012, we will see the first instances of mobile ransomware (an infection that holds a device "hostage" until a "ransom" payment is delivered). Ransomware developers will start making a tidy profit from those who are willing to pay a few dollars (or more) to restore access to their phones rather than wipe the phone and deal with reinstalling all applications.
2012 Prediction #2: "Over the air" update attack will become commonplace
This technique starts with the posting of a legitimate application on an app marketplace site and is followed by an attacker pushing out an update that converts the legitimate app into malware. This technique "hides in plain sight" as the malware asks the user to approve changes in permissions during the installation of the update.
2012 Prediction #3: Mobile devices will be the source of a significant number of data breaches
In 2011, mobile devices were identified as the source of data breaches in only a handful of events. In 2012, because attackers will be targeting these devices and because the devices will have much greater access to corporate resources due to BYOD policies, these devices will become sources for data loss.
Patrick Bedwell is vice president of product marketing at Fortinet, a company that specializes in network security appliances and unified threat management. He is responsible for responsible for creating and executing the go-to-market strategy for Fortinet's network security products. You can contact the author at pbedwell@fortinet.com