Latest Posts

Latest Comments


Is corporate mobile security the new black?


Posted by |

The recently launched Blackphone, claiming to offer robust or device driven security and privacy, has set tongues wagging in the mobile world. It's near namesake BlackBerry chipped into the argument recently saying that their end-to-end approach to security is far more suited to business mobile.

With the continuing rise of BYOD, we think this new market entrant and Blackberry's response raises an interesting question. Should security be centered on the device or 'endpoint' and its user, or on the corporate network that it's linked to?

Historically organisations controlled the privacy features on their employee's mobile devices. Concerns about loss of or unauthorized access to devices saw the rise in Mobile Device Management (MDM) solutions as a way to protect mobile data. It may have taken a while to bed in but now we see organisations increasingly seeking MDM alongside their newly introduced BYOD policies.

But the Snowden effect has also made consumers more conscious of 'official' access to their personal data. What's followed is the creation of a number of 'secure' communication platforms and devices that claim to protect the user from snoopers; the Blackphone being positioned as the most secure of these on the market.

Most recently secure calling services have promised to provide encrypted communications to protect users. In fact, Silent Circle (pre-loaded on the Blackphone) recently announced that members would now be able to call non-subscribers around the world while taking advantage of the encrypted network. Considered to be a private and secure version of Skype, Silent Circle provides encrypted phone, text and email to subscribers. By opening it up to non subscribers, the company is demonstrating the widening appeal and demand by consumers.

With more and more BYOD policies appearing in the business world we think developments like this and the Blackphone in particular are useful extra measures when considering corporate device security. In fact for those enterprises requiring high levels of privacy - lawyers, product developers, financial services and so on - the encryption facilities are ideal. Features that include smart disabling of unsecure WiFi hotspots, remote wipe and in-built anti-theft certainly also help to ensure the device in isolation remains as secure as possible.

But we don't think secure devices like Blackphone should be an outright replacement for MDM. We'd strongly advise organisations against removing other security measures and simply relying on the phone's features to do this job. It should be considered as a secondary back up measure against unauthorised access of a specific device rather than the network as a whole.

Interestingly since I started to write this blog, news reaches me that it took hackers at DefCon just five minutes to hack the Blackphone. While the manufacturer, SGP Technologies, has responded by saying that the flaws that were exploited have been patched, what this demonstrates is that there is no one single solution to mobile security. Rather companies need to consider robust MDM solutions as well as secondary end-point measures.

As an increasing number of users bring smart devices on to the corporate network, the risk of that network and the data it holds being compromised grows. The Blackphone may not be the outright answer but it could certainly improve control of devices and the outlying perimeters of your network.



Post a comment

Comment submitted! Comments needs approval before being displayed.