Analysts pitch web services and virtualisation for mobile security

Enterprises looking to guard against malware infections should develop a solid set of mobile security policies and practices based on virtualisation and web-based platforms, according to analysts.

Researchers with Gartner said that firms should adopt a solid set of mobile device management (MDM) best practices based on limiting employee use of jailbroken hardware and carefully managing application access and policies.

According to analysts, businesses are being put at a higher risk for malware infections and data breaches by allowing employees to jailbreak their devices, removing restrictions on software installation. While the process allows for the use of third-party software and unauthorised applications, it also removes vital security controls and makes the devices more likely to be infected.

The analysts said that unlike the spread of PC malware, mobile attacks are often smaller in scale and more isolated, preying on reckless user behaviour and at times relying on the physical theft or loss of hardware. Because the mobile security space is driven by a different user approach, analysts argue that firms should also formulate new security plans for the mobile space.

In addition to limiting jailbreak procedures, analysts also recommend that administrators enforce data security policies that protect and isolate important data and limit access to carefully managed 'container' systems. The researchers also recommend that administrators rely on web-based security platforms and services to help limit the exposure of mobile devices and allow for remote wiping of lost and stolen devices.

“At the present time, the biggest risk when using mobile devices will continue to be potential exposure after device loss, and data leakage caused by users, rather than attacks caused by malware,” Gartner said in its report.

“Risk management is all about addressing the most likely risks first, and periodic reports of individual malicious executables have not changed the equation for managing the risks of mobile device use.”