From a security standpoint, it seems inevitable that the mobile cloud is going to be an important enabler. Mobile device platforms, especially open-source smartphone platforms and tablets , are under increasing pressure from hackers and potential virus threats. The first security threats became visible in the mobile domain in 2004, but have been growing ever since. Earlier, mobile phones had limited feature sets and were relatively protected within the operators “walled gardens.” With the proliferation of smartphones this has changed enormously. There are now virtually hundreds of viruses and malware that can potentially infect smartphones and tablets.
Smartphone security vulnerabilities
To protect users, trust and confidence in the mobile platform, it is essential to protect user privacy and security of applications. This is not an easy task. In its “Threat Report: Fourth Quarter 2010”, McAfee indicate that the mobile malware trend is on a sharp uprise. According to the report, new instances of malware targeting mobile devices detected last year were up 46 percent over levels recorded in 2009. McAfee predicts that cyber criminals will increasingly target mobile devices with botnets, and exploits utilizing both Flash and PDF vulnerabilities.
One of the more widely-cirulated malware was the Android/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform. As the number of Internet-enabled handheld mobile devices continues to grow (including smartphones and tablets), web-based threats will continue to grow in number and sophistication. Not just viruses and botnets, but also phishing from malicious domains and social networks, identity theft and spam.
So the question remains: What can be done to protect mobile Internet users from these types of multiple and sophisticated security threats?
How the Mobile Cloud Can Help
Mobile cloud computing platforms represent a more secure way for provisioning applications and online services to users over mobile networks. Mobile cloud provisioning takes advantage of the inherent benefits of cloud computing though its monitoring, security detection and malware-prevention capabilities to protect its mobile customers.
That’s not to say that cloud-based applications and services are completely free from potential malware, but that it is more difficult for hackers to manipulate cloud service providers and their services than it is to distribute malware by creating and infecting individual applications in the various app stores. Having apps and services residing in the cloud mitigates the need for installing and maintaining highly complex virus-scanning and malware protection on the handsets themselves – although some on-device malware protection should always be considered.
Mobile cloud security
To prevent unauthorized access to mobile devices and to provide cloud-access protection, there are certain measures that can be taken, especially by organizations that maintain a number of smartphones for employees:
- Cloud-access protection: To use strong authentication to ensure that only personnel with authorization can access cloud-based services. By using one-time passwords, rather than locally stored passwords on the handsets, it’s possible to maintain a higher security level in the mobile cloud.
- Embedded device identity protection: It’s possible to embed an personalized configuration profile on each employee mobile device, thereby implementing a personal security token or credential on each mobile device. Hence, only employees with trusted devices that comply with corporate security policy can access corporate applications and data, e.g. in a private cloud setting.
These and other security features and policies can be enforced to maximize the security of mobile devices, especially in a corporate context. The mobile cloud is certainly an enabler for improving the security levels for smartphones and tablets that become increasingly more prevalent in business and everyday use.