The rapid growth in numbers of apps, cloud services and personal devices able to access corporate data is presenting a huge problem for organisations trying to protect their enterprise from damaging malware attacks.
So after hearing about Mojave Networks's unveiling of enterprise level mobile cloud security, ITProPortal caught up with Garrett Larsson, the company's co-founder and CEO, to talk all things mobile security.
What are the main security threats facing mobile today?
"While Android malware receives a lot of attention, the most common threats are still through the browser (73 per cent of them according to McAfee) and that's what we see. These can be phishing websites, malvertising (malicious advertisements), or just generally unwanted websites. We block over 750 websites a day that exhibit some type of unwanted behaviour. We're seeing an increase in Android malware (which we scan for) but it's still small in the US."
How does Mojave combat these?
"We uniquely inspect all data for these threats before it is delivered to the device through our globally distributed data centres. By doing it at the network level, we can identify and block more threats than traditional on-device approaches."
How is a cloud-based approach to mobile security better?
"Similar to the response above, we can see more threats than traditional approaches. Traditional methods rely on an app on the device that scans the device for malware. Due to the sandboxed approach of Apple and Android, it's really difficult to see everything occurring on the device through an app and identify threats, especially ones that originate through the browser.
With our approach, since we see all of the data at the network, we can identify malicious activity before it even reaches the device.
We can also model expected usage based on past behaviour, so when usage deviates from the normal, we can raise it as a red flag to IT administrators. For example, if a user starts uploading massive amounts of data to a location in China which they have never done before, then that is something a company should probably know even if the upload site is not flagged as a known threat."
What’s your take on BYOD and mobile payment technologies? Do you think that the security risks outweigh the benefits?
"For BYOD, we believe it's a trend that's here to stay. Consumers are getting more accustomed to choosing their devices and even software and it's something that IT has to adapt to. BYOD does bring security risks, and it will be the role of vendors like us to develop technology to adapt to this new model. We are already building technology to handle this balance between BYOD and the needs of the company for data security.
For mobile payment technologies, we don't do too much here right now, but in general we think the security part will be addressed and it will be a big part of the payment ecosystem in the future."
What’s the biggest challenge the team came up against when developing the mobile device program?
"When developing our technology, the biggest challenge was building a global network that was built to handle traffic from mobile devices. This means that data transfers have to be very fast, work around the world, work on low bandwidth (3G) networks, and contain minimal resources on the smartphone or tablet. We've spent over 2 years building this infrastructure and continue to invest a lot of resources into it."