by Gerald Trites
Yet another study has come out warning of the growing exposure that companies are assuming because of the cloud and the ubiquitous mobile devices being used to access cloud applications. This one was released this week by Forrester Consulting and Symantec. Late last year, Websense prepared a list of five predictions for security in 2011, the first one being "2011 is the year when smart phones will account for 50 per cent of mobile phones sold that year, compared to 40 per cent in 2010." The report went on to detail some of the security issues that would accompany this trend.
Also late in 2011, McAfee released a report warning of the dangers of mobile units, particularly those connecting to social networks as well as corporate systems.
Further to these studies, and serving to amplify the concerns, a study released in December by security software vendor AdaptiveMobile found "that malware specifically targeting mobile devices rose 33 percent in 2010, primarily as a result of new sophisticated phishing campaigns that targeted specific individuals or organizations."(source here)
The Symantec study points out, as most of the others have, that enterprises haven't yet figured out how to integrate their security processes with these new mobile upstarts. So users are being asked to remember multiple passwords. This does not work, however, because people can't remember their passwords and are forced to write them down or list them in a separate file. It's not unusual for a single person to have many dozens, perhaps hundreds of passwords they are supposed to remember for all the apps they use on the internet.
Single signon is a potential solution, but again, the necessary software has not yet been integrated with most enterprise systems, so while it may be an answer down the road, it isn't yet.
The Symantec study suggest another approach, which merits consideration. Symantec and other security software vendors say "the key to keeping up with both the hackers and the exponential growth in mobile- and cloud-based apps and devices starts with installing strong, two-factor authentication security apps that have become cheaper and much easier to install via the cloud.
By requiring anyone accessing enterprise data to use two-factor authentication gateways, essentially an application that asks for two simultaneous but independent forms of information to log onto an application, companies could prevent a majority of the serious data breaches that cost millions per incident to resolve and unnecessarily expose proprietary information." See the source here.
Enterprises need to move fast in this area. The issue has the potential of running out of control.