Sprint Only Carrier On Mobile Security Council

Wireless carrier Sprint Nextel is so far the only carrier serving on a new industry panel called the Mobile Security Council, which seeks to collaborate to protect against mobile network threats and respond to attacks when they occur. The council met for only the second time last week during the Sprint Open Solutions Conference in Santa Clara, Calif.

The Mobile Security Council is responding to a growing trend where security threats on traditional networks connecting PCs, servers and laptops are migrating to mobile networks because mobile is where the market is growing, says Mark Yarkosky, director of product development for Sprint. Yarkosky pointed to a threat assessment report for the second quarter of 2011 from anti-virus vendor McAfee that cited a 76% growth in the amount of malware targeting mobile devices using the Google Android operating system, from just the first quarter.

"The rapid rise in Android malware in Q2 indicates that the platform could become an increasing target for cybercriminals," McAfee stated in an Aug. 23 news release. In line with that threat, Sprint is stepping up efforts to secure Android-powered devices along with those running Microsoft, RIM and Apple iOS mobile operating systems, said Yarkosky. Sprint last month became the third major U.S. carrier to start selling the popular Apple iPhone.

As iPhones, Androids and other brands of smartphones become connected to corporate networks, carriers work with OS providers and manufacturers to secure the extension of enterprise networks to mobile devices, he said, whether they are devices provided to employees by their employer or employees’ personal devices that they now use for work. Network administrators seek both to manage corporate network access from mobile devices and provide an extra layer of security. "In the enterprise space [security] it’s a little bit of a perplexing problem for IT managers. How do ... they extend their security policies that they have from a corporate perspective down to the device?" Yarkosky said.

One way Sprint does that is by offering support for a few of the many specification requirements for Microsoft Active Sync, the mobile client that allows remote workers to access from their smartphones their Exchange email server on their corporate network, he said. Sprint also delivers remote lock and wipe, a feature that locks a smartphone if it’s lost or stolen so that if the phone falls into the wrong hands, it can’t be opened. The feature also remotely wipes corporate data from the device.

Sprint also partners with Good Technology to offer additional security protection for mobile devices. In addition, it offers mobile security solutions from Lookout Mobile and McAfee and is moving toward a similar partnership with Symantec, Yarkosky said. "Our open philosophy is not to select one and force customers to use it. We want customers to be able to go with the names that are familiar," he said.

The Mobile Security Council, co-founded by Sprint, also includes industry leaders such as Cisco Systems, IBM, Juniper Networks, Lookout, Motorola and Samsung. Although Sprint is the only carrier on the council, a spokesperson said they expect other carriers to eventually join.

The goal of the council is for the different players in the mobile space to work together and share information about watching for security threats and jointly responding to attacks when they occur, Yarkosky said. "It’s a collaborative effort of multiple companies and we ask them to take off their corporate hats when they walk in the room.

"Our doomsday scenario is that we have 10 million or 14 million Android devices out there and one day somebody knows how to brick them all," he said, referring to a colloquial term for an attack that renders a smartphone or tablet computer unusable. Once a threat is discovered by one antivirus software provider or one carrier, the council would share that information with their counterparts so that a plan could be devised to head off the threat.

See more on this topic by subscribing to Network Computing Pro Reports Mobile Device Security: Bring Your Own Disaster (subscription required).