Podle společnosti Gartner by mělo v letošním roce být prodáno téměř 2,2 miliardy smartphonů a tabletů koncovým uživatelům a analytici odhadují, že do tří let bude 75% narušení bezpečnosti mobilních zařízení způsobeno špatnou konfigurací mobilních aplikací, nikoli přísně technickými útoky na mobilní zařízení. Další podrobnosti najdete v přiloženém textu, který je také k dispozici online na http://www.gartner.com/newsroom/id/2753017. (TZ)
Gartner Says 75 Per Cent of Mobile Security Breaches Will Be the Result of Mobile Application Misconfiguration
Analysts to Discuss Mobile Security Threats and Trends at the Gartner IT Infrastructure & Operations Management Summits 2014, 2-3 June in Berlin, Germany, and 9-11 June in Orlando
Egham, UK, 29th May, 2014 — Nearly 2.2 billion smartphones and tablets will be sold to end users in 2014 according to Gartner, Inc. While security incidents originating from mobile devices are rare, Gartner said that by 2017, 75 per cent of mobile security breaches will be the result of mobile application misconfiguration.
“Mobile security breaches are — and will continue to be — the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices,” said Dionisio Zumerle, principal research analyst at Gartner. “A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organisation remains unaware of for the majority of devices.”
With the number of smartphones and tablets on the increase, and a decrease in traditional PC sales, attacks on mobile devices are maturing. By 2017, Gartner predicts that the focus of endpoint breaches will shift to tablets and smartphones.
To do significant damage in the mobile world, malware needs to act on devices that have been altered at an administrative level.
“The most obvious platform compromises of this nature are ‘jailbreaking’ on iOS or ‘rooting’ on Android devices. They escalate the user’s privileges on the device, effectively turning a user into an administrator,” said Mr Zumerle.
While these methods allow users to access certain device resources that are normally inaccessible (in fact, in most cases they are performed deliberately by users), they also put data in danger. This is because they remove app-specific protections and the safe ‘sandbox’ provided by the operating system. They can also allow malware to be downloaded to the device and open it up to all sorts of malicious actions, including extraction of enterprise data. ‘Rooted’ or ‘jailbroken’ mobile devices also become prone to brute force attacks on passcodes.
The best defence is to keep mobile devices fixed in a safe configuration by means of a mobile device management (MDM) policy, supplemented by app shielding and ‘containers’ that protect important data.
Gartner recommends that IT security leaders follow an MDM/enterprise mobility management baseline for Android and Apple devices as follows:
-
Ask users to opt in to basic enterprise policies, and be prepared to revoke access controls in the event of changes. Users that are not able to bring their devices into basic compliance must be denied (or given extremely limited) access.
-
Require that device passcodes include length and complexity as well as strict retry and timeout standards.
-
Specify minimum and maximum versions of platforms and operating systems. Disallow models that cannot be updated or supported.
-
Enforce a “no jailbreaking/no rooting” rule, and restrict the use of unapproved third-party app stores. Devices in violation should be disconnected from sources of business data, and potentially wiped, depending on policy choices.
-
Require signed apps and certificates for access to business email, virtual private networks, Wi-Fi and shielded apps.
IT security leaders also need to use network access control methods to deny enterprise connections for devices that exhibit potentially suspicious activity.
“We also recommend that they favour mobile app reputation services and establish external malware control on content before it is delivered to the mobile device,” said Mr Zumerle.
Mr Zumerle will further discuss the future of mobile security at the Gartner IT Infrastructure & Operations Management Summit 2014, 2-3 June in Berlin, Germany. More information about the Summit can be found at www.gartnerevent.com/eu/iominfo. Members of the press can register for the event by contacting laurence.goasduff@gartner.com.
Mobile security trends will also be discussed at the Gartner IT Infrastructure & Operations Management Summit 2014 taking place from 9 to 11 June in Orlando, Fla. More information on the Orlando event can be found at www.gartner.com/us/iom. Members of the press can register for the event by contacting janessa.rivera@gartner.com.
Additional information from the Summits will be shared on Twitter using #GartnerIOM.
About Gartner IT Infrastructure & Operations Management Summit 2014
As organisations move toward a digital business, IT is playing an increasingly proactive role in contributing to the process. Infrastructure and operations (I&0) is key to supporting and progressing business agility; equally demonstrating business value and cost-efficiency has never been more vital. At the Summit, analysts will assess how mobility, cloud and analytics can enhance business performance, and explore the new opportunities in data centre innovation. They will also examine the value of IT operations excellence through I&O metrics, process framework adoption and organisation structures.
About Gartner
Gartner, Inc. (NYSE: IT) is the world’s leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is a valuable partner in more than 14,000 distinct organizations. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyse and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 6,100 associates, including more than 1,460 research analysts and consultants, and clients in 85 countries. For more information, visit www.gartner.com.