Keep out the 'bad' mobile apps to defend corporate data says Gartner

Although security breaches originating from mobile devices are rare, says analyst Gartner, they will continue to be mainly caused by mobile application misconfiguration.

The analyst firm says that by 2017, 75 percent of mobile security breaches will be down to bad apps.

"Mobile security breaches are, and will continue to be, the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices," said Gartner analyst Dionisio Zumerle.

"A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organisation remains unaware of for the majority of devices," said Zumerle.

With the number of smartphones and tablets on the increase, and a decrease in traditional PC sales, attacks on mobile devices are maturing, Gartner said.

By 2017, Gartner predicts that the focus of endpoint breaches will shift to tablets and smartphones.

To do significant damage in the mobile world, Gartner says, malware needs to act on devices that have been altered at an administrative level.

"The most obvious platform compromises of this nature are 'jailbreaking' on iOS or 'rooting' on Android devices. They escalate the user's privileges on the device, effectively turning a user into an administrator," said Zumerle.

While these methods allow users to access certain device resources that are normally inaccessible, they can also put corporate data in danger.

This is because they remove app-specific security protection and the safe "sandbox" provided by the operating system. They can also allow malware to be downloaded to the device and open it up to all sorts of malicious actions, including extraction of enterprise data.

"Rooted" or "jail-broken" mobile devices also become prone to brute force attacks on pass codes.

The best defence, said Gartner, is to keep mobile devices fixed in a safe configuration by means of a mobile device management (MDM) policy, supplemented by app shielding and "containers" that protect important data.

Gartner recommends that IT security leaders follow an MDM/enterprise mobility management baseline for Android and Apple devices.

This involves asking users to opt in to basic enterprise policies, and be prepared to revoke access controls in the event of changes. Users that are not able to bring their devices into basic compliance must be denied or given extremely limited access.

Companies must also require that device pass codes include length and complexity as well as strict retry and time-out standards.

And firms should specify minimum and maximum versions of platforms and operating systems, disallowing models that cannot be updated or supported.

A "no jailbreaking/no rooting" rule should be enforced, and there should be restricted use of unapproved third-party app stores. Devices in violation should be disconnected from sources of business data, and potentially wiped, depending on policy choices.

Companies should also require signed apps and certificates for access to business email, virtual private networks, WiFi and shielded apps.

Gartner said IT security leaders needed to use network access control methods to deny enterprise connections for devices that exhibit potentially suspicious activity.