Applications and devices security As technology improves on daily basis, security also needs to be upgraded to ensure the security

of the information stored in the machines and the customers database. Many organisations have decided to use mobile devices such as, tablets and smart phones in their enterprise and this may be putting corporate information at the risk (Hirschheim 1985). In case one looses a smart phone that is not password protected, or information in corporate email or business applications transmitted wirelessly but not encrypted, can all-too-easily expose confidential corporate data (Sybase 2011). Sometimes the story is different, for example, Gary Coverdale, chief information security officer and assistant CIO for Napa County said Like many businesses and government agencies today, the county has employees who love to use iPhones and iPods so much, in fact that they insist on bringing these devices to work. As much as these devices may be portable and one can work at any station, there are high risks of exposing confidential details to unauthorised persons . The need of IT departments to support a wide range of mobile devices is increasing. This is due to the ever changing lifestyle of individuals where one does not necessarily has to be at his working station in order to work. Most people prefer nowadays to work at their own convenient places. The most important aspect here is the production of an individual as this bails most organisations from the challenge of working space (Sybase 2011). While some of these mobile devices are provided to employees by the corporation, many are personally owned devices that employees are using to access corporate information (Sybase 2011). For example, Napa Countys IT department allows employee to use the mobile device of their choice (Tucci 2011). Sybase (2011) point out that, smart businesses around the world are embracing this trend and gaining the numerous rewards inherent in growing mobile access to important business data.

Most organisations have not been able to control the mobile devices at the work place. These devices have been proved to be able to access confidential database and emails at the working place. IT experts have had a big challenge in trying to control the security of the cooperate information . There have been incidences where an IT expert reveals some information to the public if the organisation fails to pay the agreed amount of money. It is for this reason that the IT professionals play an important role in developing mobility strategy (Tucci 2011). Moreover, IT teams have had numerous expressions bottlenecks to deliver applications and services that meet the requirements of the dynamic workforce and provide protection of sensitive corporate data and email stored on the mobile device (Sybase 2011). In todays era, it is very easy to break through a system as most people are developing technological knowhow. Jail broken, which means to get out of a restricted mode of operation (Freedman 2011) or stolen mobile phones, along with viruses and malware sent via mobile mail applications, can pose significant threats to enterprise information security. Mobile phones by nature are highly portable and can store large amounts of data. Since they are relatively easy to steal or lose, an unauthorized intruder can gain access to confidential information on an unprotected mobile device in a blink of an eye. Unsecured wireless transmissions can also be captured without the user ever knowing a security breach has occurred (Hirschheim 1985). This white paper will outline possible mobile device security threats and review how IT can effectively manage and secure a fleet of devices, whether they are personally owned or corporate owned. By following the strategies outlined in this paper, IT managers will learn what the greatest security risks are for mobile devices and how to effectively protect end users, their devices, and the network infrastructure from attack, harm, or lost data.

Despite the risks, enterprise mobile access through the cloud will undoubtedly change the game for many firms in one way or another. There is no pain if additional wireless services are incorporated to the service (Hirschheim 1985). This gives the operators a better chance to work from any position and anywhere at their own conveniences. It is vital, however, to secure the services that are based online. As this mobile revolution occurs, enterprise support of these devices has reached critical mass. IT departments are faced with a variety of handheld units constantly connecting to an internal network that may or may not be equipped to deal with the security issues surrounding mobile devices. More importantly, an IT department without a comprehensive security plan has no way to ensure whether these devices are authorized to access network resources . Whether IT is ready or not, however, users are connecting to the office network. According to a recent study, Collaboration Needs Will Fuel A Smartphone Surge, (Forrester Research Inc. study, published January 2010), three-quarters of information workers are using or are interested in a Smartphone for accessing or wanting to accesscorporate information. Most companies are for the opinion of allowing their employees to use mobile devices because of their importance and besides, the employees pay for the devices themselves and thus reducing operational costs in the organisation. This system has led to the realisation of increased productivity among the employees as they are able to access important information at any point and act accordingly. Mobile Security Risk For many years, mobile security has been a big issue and its security has been at risk. As the tablets and mobile devices increases, security risk becomes an important issue to be analysed.

This was confirmed by the head of internet security firm Kaspersky when he reported to (BBC News 2011).According to Morgan Stanley report (2009); the number of mobile devices connected to the internet will overtake the number of users desktops by 2014. Mobile devices, due to their wireless nature and internet connection (BBC News 2011), are vulnerable to malware, trojans, worms, viruses, botnets, spyware, phishing and drive by downloads (Lohman 2010). Although mobile phones have not yet been targeted by hackers to the extend that laptops have been attacked, Smartphone are certainly not protected (Sybase 2011). At the present, attacks on mobile devices in the enterprise are mostly unusual. Most of analysts and security experts agree that the next few years could be very different than now especially if IT departments are unprepared or slow to implement mobile security strategies (Sybase 2011) (BBC News 2011). Most of the employees believe that Smartphone are safer to use while accessing information from the web. This makes the number of Smartphone vulnerable to online viruses higher as opposed to that of desktops. From a research conducted by Trend Micro, it was realised that, at least 44% of employees use their Smartphone to access company information. Additionally, 23% of the survey respondents stated that they did not use security on their mobile devices, even though it was preinstalled (Trend Micro 2009). This makes their devices risky as any person can easily access the information. Attack by Application As much as people tend to think that security codes on their devices are enough, there has been evidence of people unlocking the devices making the information on the device very much vulnerable . Although an off-the-shelf iPhone or Android phone is quite safe, the applications a user selects to put on the phone can render it risky. Security specialists expect that iPhone and BlackBerry users to be far less prone to attack than other mobile devices, mostly due to their

stringent application distribution requirements compulsory at the Apple App Store and BlackBerry App World. Both Apple and RIM do not allow unapproved applications on their respective platforms, and developers apps have to be individually approved for distribution . However, if a user chooses to compromise unlock or jailbreakon the mobile device, then the phone is vulnerable to anything the user downloads, which could put all information stored on the phone, including corporate data and email, at risk. It is important for users to be very careful when selecting programs they wish to run on their mobile devices. According to Mayne in his article in SC magazine (2010), the first security hack via rogue applications have already happened. Moreover, there are some applications designed to steal banking credentials from users which were discovered in Googles Android Market online software store in early 2010. Developed by someone with the alias of Droid09, the apps were disguised as legitimate mobile banking apps and used bank names (without permission) to get users to download and install the application. Once loaded, the apps used phishing techniques and enticed mobile users to submit confidential account information to a bogus bank site (Mayne 2009). As result of Smartphone apps pose a risk, IT departments often select to deny access to corporate applications to mobile devices in the enterprise. A survey conducted by Zogby International survey shows that, 69.4% of participants felt that they had access to less than 10% of work data on their mobile device and about 72.3% felt they had less than 10% of access to their companys applications, such as email, spread sheets and Customer Relationship Management (CRM) tools (Zogby International survey 2010). One of the biggest risk related to attack by applications are the MMS and SMS functions as their massages can be sources of harm. For example, Nokia phone have been attacked in 2009 by a worm called the Sexy View which simply started with a text message inviting user to

view pictures (Hague 2010). When the users accepted the message, the worm was able to take over the phones much like a botnet takes over a computer. The users were dialled into a Trojan that captures subscriber, phone, and network information and transmits it to a Website (Jow 2010a). While these attacks were recognized and mostly removed, the incidents demonstrated the susceptibility of unwary Smartphone users to application-based as well as MMS and SMS-based attacks (Hague 2010). One of the main security issues with mobile devices is threat to information loss or stolen devices. More than 8 million mobile devices are lost each year(Fisher 2010), making mobile phones, especially Smartphone with corporate data, a security breach just waiting to happen. However, there is software called Find me from Apple which locate your iPad or iPhone and has the ability to display a message or play a sound to help you find the lost devices. The most important features on this software are the ability to set a pass code lock remotely. Also the software has feature called Remote Wipe which allows you to restore your devices to the factory settings (Find your iPhone or iPad 2011). Protecting data and devices The most important issue is to protect the data in a given device. While mobile security breaches happen from a diversity of reasons, the main challenge for IT departments with mobile devices in the enterprise is consistent: distant management and data protection (Jow 2010b). Protecting data on the devices needs IT to recognize the many ways security can be compromised (Security Trends 2011). The Security Trends report (2011) strongly suggests for companies using mobile devices to provide a concrete strategy for mobile security policies and functions, security aware employees, and a complete set of mobile device management tools . Applications and devices data access policies

It is vital for an organisation to come up with strategies on how they will protect their devices in order to secure their information from unwanted persons (Sybase 2011). One of the most important steps in protecting mobile devices in the enterprise is creating a mobile governance policy (Powell 2011). This policy should begin by IT clearly establishing, documenting, and enforcing a mobile governance and usage policy that includes all mobile devices and platforms (Security Trends 2011). When this is complete, IT must teach staff and help employees understand the mobile device usage policy. IT staff, management, and employees should all know what to do and how to respond to security issues and concerns related to their mobile devices (Sybase 2011). IT sections are no strangers in producing and applying rules and regulations. These can cover everything from how often employers need to change their passwords to what software needs to be installed on each workplace. These policies are important to protect the physical network and guarantee that intellectual property remains safe (Security Trends 2011). It is important for IT department to be proactive about managing mobile devices throughout their lifecycle, from activation out of the box all the way through to when they are taken out of production (Jow 2010b). Some organisations are using mobile governance as a strategic initiative, and it will more likely be accepted and followed by the users. However, some organisations dont have the policy document, so users may not understand when or why they have restricted access to corporate information (BlackBerry 2008). Once writing these policies, companies should consider provisioning by department or group. In todays workplace, individuals often fill a deferent of roles and responsibilities. The rapid growth of cloud computing combined with mobile technology is opening the door to significant opportunities that many organisations want to take full advantage of. A slew of investors are exploring cloud

options while Amazon and Google already have important cloud offerings and companies such as Microsoft and IBM are investing billions of dollars. There is little doubt that enterprise data access through the cloud has the potential to transform organisational performance. Corporations need to evolve with technology in order to remain competitive. However, undergoing a change of this nature requires significant assessment and analysis of the potential challenges involved. Decision makers need to be prepared for the worst and implement proactive measures to manage the mobile enterprise. As Pointed out, enterprise mobility will clearly play an important role in the future of IT strategies of many firms.