This article can also be found in the Premium Editorial Download "Information Security magazine: Comprehensive information security programs vital for PCI compliance."
Download it now to read this article plus other related content.
Kenneth Johnston, CIO and vice president of information systems at Guaranty Bank, is not alone in his struggles to keep pace with workers on the move. Extending the bank’s existing email encryption capabilities to mobile devices resulted in a painful and time-consuming process for employees.
“Our mobile workers and clients would try to get around the authentication process and fail,” Johnston says. “Instead of adding protection, encrypted email actually added to our data leakage fears.”
Johnston turned to Proofpoint Mobile Encryption to help extend email encryption for bank employees and his bank’s commercial clients. Proofpoint provides a mobile application or Web-based access to its email encryption services.
Springfield, Missouri-based Guaranty Bank has a virtual deployment of Proofpoint’s Enterprise suite to guard against unauthorized access via inbound and outbound email. Johnston says the mobile application is a natural extension of the enterprise suite, giving users a familiar experience. Now workers and clients can quickly authenticate and open a message directly on their device.
As workers are doing more of their business on the road, security vendors are taking notice with new mobile device security tools like
Extending authentication and encryption on mobile devices has been slowly maturing, says Eric Ogren, founder and principal analyst of the Ogren Group. RSA supported SecurID on a Palm Treo back in the 1990s, he says. Other vendors, including Overland Park, Kan.-based PhoneFactor, are more recent entrants, providing phone-based, tokenless two-factor authentication systems. Ogren says products that extend security to smartphones and tablets will become a more attractive option for many enterprises dealing with an ever increasing mobile workforce.
“One of the biggest issues for companies is to get authentication to work on mobile devices, laptops, desktops and just about every device out there,” Ogren says. “Embedding the key in a device so end users can view encrypted email makes perfect sense.”
Other security vendors are joining the fray. San Francisco-based mobile security vendor Lookout sells mobile applications that work on Android, BlackBerry and Windows Mobile devices, which can detect mobile malware and analyze whether an application performs a privacy violation. Like other mobile device platforms, Lookout performs a secure backup, can locate missing devices and perform remote wipe capabilities. The major security vendors, including Symantec, McAfee, and Trend Micro provide similar capabilities.
Mattias Tornyi, vice president and director of IT at Los Angeles-based Wedbush Securities, says his firm has long focused on the perimeter to ward off attacks. . But he acknowledges that the perimeter is no longer black and white; SSL VPN capabilities are a must-have.. Many of the brokerage firm’s employees are out in the field and while many are turning to their BlackBerry devices, which are easier for the company to manage securely using the BlackBerry server, a growing number are turning to Apple iPhones and Android devices. The goal is to be able to securely push out account info on the iPad and iPhone, he says.
“We’re only now dealing with the concept of anytime, anywhere access,” Tornyi says. “We’re securing all that with one time tokens and we also have high performance firewalls and [intrusion prevention systems] that we’re using. It’s going to be a slow process.”
Robert Westervelt is the news director of SearchSecurity.com. Send comments on this article to firstname.lastname@example.org
This was first published in May 2011