Smartphone security a concern but inaction remains

Consumers view security as an important component when buying a mobile device but few do something to mitigate the risks because there has yet to be a major attack on mobile platforms, according to Juniper Networks.

According to a new survey commissioned by the networking vendor, four out of five respondents highlighted level of security as a top or high priority when buying or using smartphones and tablet computers. Released Tuesday, the study also revealed that over half of all respondents said they were anxious about losing their mobile devices, as well as about protecting their identities and families with parental controls.

Despite the concerns, more than 76 percent used their smartphones or tablets to access sensitive personal or business information. Almost 43 percent used their devices for both personal and business purposes, while fewer than 5 percent used them strictly for business.

The survey, which was conducted in October across 16 countries, including Singapore, China, India, Australia, Japan, the United States and United Kingdom, noted that over 44 percent of smartphone and tablet users feared losing their devices and not being able to recover the data and information. Some 53 percent of all respondents found parental controls very important features.

C.K. Lam, regional enterprise solutions manager at Juniper Networks, said: "Smartphones and tablets have become the new onramp for information, applications and commerce, yet, they are quickly becoming an onramp for security threats as well.

"Fortunately users are growing very aware of the security, identity and privacy issues involved. The industry now needs to step up and make security an integrated part of the mobile experience, not an optional afterthought," he told ZDNet Asia in an interview.

With the proliferation of smartphones driving connectivity, more users are accessing their corporate networks via personal devices where 81 percent of respondents said they did so without their employer's knowledge or permission. Some 58 percent accessed their corporate networks on a daily basis, according to the survey.

Smartphone and tablet users in the United States were most conservative, with only 52 percent admitting to unauthorized access, while Brazil was the most aggressive at 94 percent.

Of the 16 countries surveyed, India topped the list with 90 percent of users very concerned with mobile security issues, followed by Brazil and Russia at 88 percent, Germany at 86 percent.

IT consumerization brings higher risk

Juniper Networks noted that the line between personal and corporate devices is blurring, and this consumerization of IT poses a huge risk to enterprises' data and confidential information.

Lam explained: "It is no secret that personal mobile devices are quickly becoming the de facto means for access to corporate networks, making them one of the most valuable but also most vulnerable portals to sensitive personal and professional information."

He noted that while the threats on mobile devices are real and increasing, users in general remain unconcerned as there has not been a major attack on mobile devices.

"Smartphone users who are part of an enterprise may be receptive toward antivirus, partly due to knowledge and also constant education by their employers," he said. "Enterprises can even set up rules to block access when devices are not secured."

"Consumers, on the other hand, will take a while to understand the importance of security. Some users don't even know the need to update their security patches on the computers," Lam added. "Consumers will need to be educated. People will only become more proactive after suffering an attack such as unauthorized access to bank accounts and theft of passwords."

Jeff Wilson, principal analyst for network security at Infonetics Research, said in a statement: "Consumers and business users rely on smartphones for e-mail, contacts, mobile banking and other applications that require sensitive personal data. But most users don't have a full understanding of what would happen if their phone was lost or stolen."

Juniper Networks is looking to make it easier for smartphone users to ward off attacks with its new Juno Pulse Mobile Security. Launched globally Tuesday, the security suite comes with antivirus protection, personal firewall, antispam and parental tools to control a child's communications content.

It remotely backs up and restores data, and is also able to locate devices when they are reported lost or stolen. An alert can be sent out when a SIM has been removed, swapped or replaced.

Lam added that the cloud-based service also enables users to remotely erase data and access rights contained in the lost or stolen device, and enterprises can also leverage the system to enforce policies to manage devices that access the network.

"With the large number of stolen devices every year, enterprises are concerned with potential risks of criminals hacking into their secure networks," he explained."[With Juno Pulse], once a phone is reported lost, the system sends an SMS message to the phone and it will be locked immediately."

Dedicated mobile security team
According to Lam, Juniper Networks has a team of security professionals at Columbus, Ohio, that works alongside the Mobile Security Gateway that serves as an interface for the features. He added that this was "the first and only threat and research focus center focused exclusively on mobility".

He said the professionals are divided into four teams, focusing on research of new malware, exploit resolution, security analysis and device testing. The Juno Pulse suite currently supports mobile platforms such as Google's Android and Research In Motion's Blackberry, with Apple's iOS to be included in the first half of 2011.

Enterprises interested in purchasing the security suite will have to fork out US$3,375 for 50 users or US$468,750 for 25,000 users for a year's subscription.

Lam said Juniper Networks is currently in talks with several enterprises in the Asia-Pacific region that have expressed an interest deploying the system.

While it remains an enterprise-centric application, the vendor said service providers may also resell the tool to consumers. British Telecom is the first telco that has signed up with Juniper to offer the Juno Pulse suite to consumers.