While 3G has led to a plethora of apps and cheap handsets flooding the Indian market, the question is whether demand for these devices be channeled to prevent misuse of 3G services.
Best Practices for smartphone usage:
The anticipation around 3G and the final coming in of this technology into the Indian market has led to a sudden sharp rise in smartphone usage, and coupled with the availability of cheaper high-end handsets, this has also led to the increasing popularity of apps and apps stores, with a high market demand for the same.
According to IDC India, the Indian smartphone market, saw sales growth of 34.2%, in the Q3 2010, and a y-o-y increase of 294.9% from 2009 figures. Remarked Anirban Banerjee, AVP, Research, IDC India, “The Indian mobile handsets market got even more crowded and fragmented in the lower- and mid-market segments with the further entry of new players offering innovative models at attractive price points to lure buyers.”
While this may be good news for carriers and service providers, the easy smartphone access with high data speeds, has also led to a sharp rise in cybercrime, with almost 40% of websites taking one to smutty spots, as a result of which viewing of adult content has already increased by 30% in the last year alone. In order to tackle this, the Central Cyber Crime department has mentioned that it will be putting forth new laws to prevent cyber crime in the 3G era.
However, what can apps developers, operators and handset manufacturers do to promote safe viewing and security of private data, especially with 3G giving unlimited access to enterprises and impressionable individuals?
Security-as-a-Service enables operators to monetize on new revenue streams and increase customer retention by offering security services on top of communication services. This solution also addresses the needs of small and mid-sized enterprise customers that do not have in-house expertise and resources to manage their own security solutions.
The Nokia Siemens Networks solution involves a detailed security analysis comprising a risk assessment and selection of safeguards. According to Kanika Atri, head marketing, NSN India, The Mobile Device Management and Smartphone Security solution combines endpoint and network-based security – thus allowing for services like device monitoring and control, loss and theft (lock & wipe), data backup and restore and additional services like anti-virus protection or firewalling.”
While companies like Trend Micro offer special antivirus and malware software for Apple iPhone, and iPod Touch devices, which are most susceptible to these security threats, according to Anandan Jayaraman, Chief Product and Marketing Officer, Connectiva Systems, Device manufacturers and service providers can: 1) provide subscribers appropriate tools for managing parental controls and limiting access to restricted web sites, 2) Provide granular controls for disabling specific types of content capabilities on devices and subscriber accounts. 3) Provide inbuilt tools that can auto-detect and filter consumption of adult content. Application and content filtering should be a core part of the subscriber navigation experience, and app stores need to provide security and filtering controls at multiple levels to enable this.”
Talking about the role of a service provider in ensuring security for smartphone access, Alpna Doshi, CIO, Reliance Communications, says, We as a service provider shall be implementing sophisticated firewalls and ISO-level security policies to prevent the misuse of 3G. We have an internal mechanism to assist investigating machinery to track cybercrimes. Besides this, security algorithms like RSA and AES encryption codes can be implemented to provide enhanced security features.”
So does this mean that 3G will in some way promote cybercrime, if not tackled responsibly? Explains Amit Nath, Country Manager, Trend Micro India & SAARC, Real time monitoring mechanism should be implemented by the security agencies of the country. 3G networks will likely be the target of an increasing number of attacks for two reasons. One is””they are now more accessible because they are interconnected with other IP data networks and the second reason is that mobile operators possess information that criminals want (for example personal details of the subscribers) or the operators themselves are the object of extortion or defrauding.”
Corporate use of smartphones demands a universal, platform-agnostic approach to security best practices, which treat all smartphones as uncontrolled endpoints. Organizations should strongly consider implementation of best practices, using currently available technologies such as SSL VPNs and next-generation firewalls with application intelligence and control.
Some of these best practices include establishing a corporate smartphone policy, treating all smartphones as uncontrolled endpoints, establishing SSL VPN access to corporate resources, secure SSL VPN, comprehensively scan all smartphone traffic, control encryption and decryption of smartphone traffic, maximize firewall throughput to eliminate latency, establish controls over smartphone application traffic, establish smartphone wireless access security, manage smartphone VoIP traffic, and manage smartphone traffic bandwidth.
According to K. Purushothaman, Assoc Director, Protiviti, In case of enterprise customers, it could be driven and enforced by stringent Corporate security protocols. For a retail user, one needs to be careful on the nature of downloads and applications (including executable) files downloaded on the phones which could compromise with the information. Access sites with a certified digital certificate.”
In big enterprises, monitoring use of high-speed Internet by employees has been a matter of concern for some time now. With 3G-enabled handsets or desktops, this situation could only get worse. Therefore, apart from the usual monitoring tools that IT has in place to track what is being downloaded from the Internet through the corporate network, and whether data passing through the system is secure, password and authorization security is of paramount importance in securing network access at the gateway.
A smartphone that can access the network via a wireless access point represents the same kind of threat as any other endpoint. The only difference in the problem is that a phone is less likely to be running a security software. A somewhat uncommon threat is the possible compromise of a phone via its Bluetooth connection. This requires physical proximity and a lot of specific knowledge. However, if the ultimate target is a larger network, this may be worth the effort for a perpetrator,” remarks Subhomoy Biswas, country director, SonicWALL India.
Some of the solutions offered by leading service providers for enterprises and personal use include Blue Coat’s K9 Web Protection Browser for iOS for Apple iPads, iPhones and Web-enabled iPod Touch devices, which provides protection from content that is not appropriate for family viewing, while simultaneously protecting against phishing and malware.
Check Point Mobile Access Software Blade provides users with an intuitive business portal that allows secure connectivity to their intranet, corporate email and web applications, via enterprise-grade remote access through SSL VPN.
For Android Tablets and smartphones, LogMeIn recently released its remote access app, LogMeIn Ignition, which include capabilities like Wake-On-LAN, remote sound, multi-monitor support, and more.
With every new technology comes added risks, and with them come bundled solutions for maximum security, with minimum hassles. However, a smart approach to smartphone and apps usage will no doubt go a long way in establishing smartphones as the boon they ought to be and not as a bane.