Quality of service is no longer the most important factor in assessing mobile network operators. Users of smartphones and other mobile devices are placing more importance on their cell phone carrier’s ability to keep their data safe and respond to security incidents, according to a new survey.
Everybody is challenged with mobility growth, the device invasion and how to secure them and securely bring them onto the network.
Amanda Chesley, manager of managed mobility solutions, Verizon
Carriers are held responsible for a variety of smartphone security issues, from SMS text phishing and unsolicited spam and text messages, to malware and rogue applications, according to the survey of more than 2,000 U.S. smartphone users. Mobile network operators are among the most trusted service providers, with only banks more trusted. The survey was conducted by U.K.-based market research consultancy Loudhouse and was commissioned by Dublin-based mobile security vendor AdaptiveMobile.
“The carrier is usually the one that provides your access, the service and the handset,” said Gareth Maclachlan, founder and chief operating officer of AdaptiveMobile. “The research that we’ve conducted shows consumers turn to the carriers to protect them from the various threats they’re seeing in the mobile space today.”
The survey found service quality is no longer the most important aspect of the carrier relationship with smartphone users. Nearly 70% of those surveyed said keeping personal details safe and secure was the biggest factor in building and maintaining trust in a carrier. Security issues erode trust and can potentially prompt users to change carriers, with 90% of those surveyed indicating they would change or consider changing their carrier if unexpected charges were on their bill related to security problems.
Carriers are responding to their own internal data that confirms the trend, Maclachlan said. New capabilities are being rolled out that can immediately notify device users when something is wrong, block nefarious traffic to avoid unsolicited charges and protect users from losing their personal data.
“If we can block a piece of malware from effectively carrying out its intended purpose, we can still leave the device freely available for legitimate use for the subscriber,” Maclachlan said. “The user is made aware that something is wrong and the carrier can provide them with the process to actually clean up their device.”
Enterprises turn to mobile carrier security services
This trend isn’t limited to the consumer world, however. With employees bringing their personal smartphones to work, enterprise security professionals and CISOs are struggling with new security hazards and some are turning to their carriers for help.
Enterprises are swamped with a growing demand to allow employees to connect to the corporate network with their personal device, said Amanda Chesley, manager of managed mobility solutions at Verizon.
The problem most companies struggle with is how to leverage the investment their employees made personally in their device but continue to maintain a secure network. While larger enterprises seek their own in-house security technologies to address the problem, others are turning to their carriers for answers, Chesley said.
“Everybody is challenged with mobility growth, the device invasion and how to secure them and securely bring them onto the network,” she said. “It’s important to maintain that user experience that is driving the consumer to the device while at same time ensuring the platform is secure when that end user is connecting into the IT infrastructure.”
Capabilities are available to enable mobile device network carriers to provide parental controls on smartphones, but also enable corporate administrators to put in place email protections and user access rules, approving or denying access to specific content as well as policies that enable enterprises to meet financial services, health care and other sector-specific regulations.
In addition, a single carrier can provide capabilities to mobile devices regardless of what carrier network the device subscribes to, Chesley said. For example, Verizon can provide remote lock and wipe and other security features on almost any device available to consumers. It also has a development team that can create secure applications, which enable remote access to corporate applications.
Growing threats on mobile platforms
Mobile devices have so far been a minimal threat to enterprises, but experts say cybercriminals are beginning to target mobile devices in greater numbers. Some attacks can exploit vulnerabilities in mobile applications to gain access to device processes and ultimately steal sensitive information. SMS text messaging Trojans, designed to target almost any kind of mobile phone, have been around for years, but remain a minor issue. More powerful smartphones have the potential to contain more sophisticated malware and other security issues. Rogue applications, which began appearing late last year on Google Android devices, are beginning to cause alarm among security experts.
“What concerns me is the use of a personal device in a consumer environment that has a rogue application or infection that eventually connects to an enterprise network and gains access to corporate information.” said Andrew Hayter, antimalcode program manager for ICSA Labs, a security testing firm.
The concern is also rising among device owners, according to the AdaptiveMobile survey. More than 75% of those surveyed indicated they are concerned about the threat of rogue applications that steal data or collect information without their knowledge. In addition, more than 70% said malware infections and unexpected charges on their mobile bill was a rising concern.
“Midsize enterprises on down will struggle to have the knowledge, the capabilities and the investment in place to actually manage all these devices themselves,” Maclachlan said. “The carriers, because they have the knowledge of the mobile communications and they see the traffic, are ideally placed to be able to put solutions there for it.”