IBM: Mobile phone, cloud security issues can impact IT

By , Network World |  Security, IBM

IBM says IT staff need to pay extra attention to use of mobile devices and cloud infrastructure on business networks because both technologies are still young, and security can be sketchy.

Businesses should know that jailbreakers who figure out how to gain root access to mobile phones are causing trouble. While some phone owners want this type of access so the phones can support applications manufacturers didn't intend them to, attackers benefit from jailbreaking toolkits. Attackers can modify the code into a tool to gain unauthorized root access, according to a new report from IBM's security watchers, "IBM X-Force 2010 Trend and Risk Report."

OTHER CONCERNS: Social networking security threats taken too lightly

"We aren't seeing a lot of widespread attack activity targeting these vulnerabilities today," the report says, "because mobile devices likely do not represent the same kind of financial opportunity that desktop machines do for the sort of individuals who create large Internet botnets."

Even so, individual phones may contain enough valuable information to warrant a targeted attack. "Malicious software on the devices can be used to spy on users, access sensitive information on the phones, and reach back into corporate networks. Therefore, enterprises should take the risk of targeted malware on phones seriously," the report says.

IBM X-Force recommends a bare minimum of security measures including a firewall, anti-malware, strong passwords, lock-out and data removal after multiple failed logins, use of gateways between devices and the enterprise network, and configuring Bluetooth so devices link only to other safe devices.

Businesses should also consider encryption of sensitive data as it sits on mobile devices. Not all data need be encrypted, but valuable corporate data should, the report says.

A powerful potential source of smartphone malware is legitimate application stores. Without the resources to fully vet all submitted apps, these stores may sell applications that are actually malware. "It is likely that malicious behaviors in what appear to be trustworthy applications may provide an easy vector," the report says.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness