Thorsten Schneider, head of security practice at Nokia Siemens Networks, discusses why operators should make security a key differentiator.
Eurocomms.com: What is the latest situation regarding the security risks of smart devices?
Thorsten Schneider: Eighty four percent of subscribers already use smart devices to manage sensitive data in both their private and business lives. This makes smart devices attractive for thieves and hackers as the financial value of stolen information can be high.
According to the European Network and Information Security Agency, the biggest threat to information on the phone is currently from data leaks from lost or stolen devices, but familiar threats from the PC environment, such as viruses and Trojans, are on the rise as they use the open app marketplace as a means of entry into the smartphone world.
The Juniper Mobile Threat Center reported a 155 percent increase in mobile malware across all platforms at the end of 2011 compared to the previous year. These findings also showed that during the last seven months of 2011 alone, malware targeting the Android platform rose by an incredible 3,325 percent.
How are users being affected and how are they reacting to these threats?
Users are not yet prepared and there is a gap between awareness and reality. Eighty nine percent are concerned about security; however, while nearly nine out of 10 PC users protect their computers, only 23 percent of users protect their smart devices.
According to Confident Technologies, less than half of consumers use keypad locks (PIN) or passwords on their phones. More than 60 percent of users download applications without checking if they are from a trusted source, Ponemon Institute has found.
Enterprises are also concerned. According to Yankee Group, nearly two out of three enterprises are worried about loss of confidential data and intellectual property and more than 60 percent want secure access to the Intranet for employees working remotely or using smart devices.
Where does this leave operators in your view?
Users tend to link their phones and services closely with their operator – something they tend not to do with their home computers – so it is in the operators’ best interest to ensure their customers’ devices are protected from security threats.
Is security just about devices?
No, it is not sufficient to look at smartphone security as purely a device issue. In order to protect smart devices against security threats, it is necessary to take a holistic approach where networks and device-based security complement each other.
Operators are in a unique position to combine protection on the network, service and device layers. They can provide a “killer combination” of security and convenience by bundling security together with data and voice services.
When a phone is lost or stolen, for example, operators can minimise the damage by taking steps to remotely lock the phone or wipe the content.
The network-based solution can protect users from malicious websites by providing URL filtering and blocking advertisements, and filtering out spam and malware messages.
What opportunity do you see this presenting operators with exactly?
Operators can foster new business and significantly increase customer loyalty by offering Security-as-a-Service on top of mobile broadband subscriptions. A secure environment also encourages the uptake of other innovative services.
In contrast to vendor-specific solutions offered by the likes of RIM, Apple or Google, operators can provide consistent security policies that cover a range of different smart devices. This is particularly important for enterprises.
Furthermore, operators also protect their own network and operations and secure their position as a trusted partner for end users, establishing a stronger position in the overall value chain. Customers who feel protected and secure are less likely to churn.
Last but not least, customer care and technical support costs are reduced as there are less smartphone security issues.