Mobile Security: The Problem With Bring Your Own Device, From Kumulos (Backend as a Service)
February 11, 2013 / Rob
So the BlackBerry 10 is now out in the wild and has been seeing respectable but not astonishing sales, (despite the company’s best efforts to make it seem otherwise). Despite being a solid phone, the new device has many hurdles to jump before it can see sales figures that will change BlackBerry’s recent downward spiral.
One of the major hurdles is the BYOD or Bring Your Own Device mobile culture that has strongly permeated corporate culture in recent years. In fact it’s one of the often cited reasons for the initial fall of popularity in the BlackBerry, as they made fantastic work phones from the tech department’s point of view, but they weren’t the sexy objects of tech lust like the iPhone or the high tier Androids.
Whereas it used to be that companies gave their employees a work phone that was locked down with various security measures and the employee would have to have a separate personal phone, now due the multitasking ability and expense of smartphones, companies are opting to let employees bring their own phones, which is causing all kinds of security woes.
On Android especially, security is lagging behind the current threats, leaving the potential for infected devices wide open and ready to be exploited by cybercriminals looking for ways into a company’s private data.
“Right now the most widespread threats are SMS trojans, advertising modules and exploits designed to gain root access to the smartphone. However, at the start of 2012 we also saw the emergence of the first mobile botnet, a clear indication that cybercriminals are paying more attention to mobile devices,” said David Emm, a security researcher at Kaspersky Lab, “Then there is the risk of data loss from lost or stolen devices that contain sensitive business information or from conducting confidential transactions on insecure networks, for example public Wi-Fi hotspots.”
So without even realising it is happening, an employee doing some work at a cafe after hours on their smartphone could in fact be handing a cybercriminal all the data they need for repenetrating the company network or indeed, just handing off corporate secrets that could be sold on to the highest bidder. In this world of high end corporate espionage where getting your rival’s secrets could mean the difference between being kicked out of the competitive running and managing to keep your edge and billions of dollars lost or gained, it’s little surprise that companies are being targeted through their weakest point, the smartphones.
There was also recently confirmed the first instance of a mobile botnet, which is a clear indication of the new importance of mobile devices in modern cybercrime.
There are of course anti-virus and anti-malware programs out there to stop these kinds of attacks, but the technology is still lagging behind the malware and people are often loathe to install security apps on their phones due to them being a drain on both the computing and battery power. But it may just need to be that every smartphone should be protected these days.
Apple have until very recently denied that they have any kind of security problem as they are more rarely targeted than Android, but the popularity of the iPhone is its undoing here as there are more and more instances of malware for the iOS devices.
And no matter what smartphone employees own, there’s always the issue of human carelessness to contend with.
For example, many phones have GPS in this day and age, but merely tagging that you were at a certain location with a certain person on Facebook could spell disaster for a company trying to, say, keep meetings with potential business partners secret, or also be disastrous for the employee if it’s found that they have been spilling corporate secrets.
And the problem of security for apps is also a major concern due to many malicious apps existing on the market places and also for things like storage of user databases and other sensitive information. This is where we at Kumulos feel that Mobile Backend as a Service can be a great boon to app developers because they get a secure server as part of the package to store user data and their APIs on, negating much of the worry involved in creating and upkeeping their own Mobile Backend.
This, of course, coupled with the other benefits of a Mobile Backend as a Service like Kumulos’ such as custom code and tech support for your Backend and app make it a worthwhile choice for app developers looking to stop worrying about the nitty gritty details and just to be able to concentrate on their app. So why not talk to us at Kumulos today and see how we can help you make a better, stronger, more secure app for your customers?