Vodafone: A Bid to Protect Smartphone Security
Smartphones are an enormous convenience and an unavoidable fact of life. Mobility should be a boon for IT as well. But security worries have made mobile devices a leading IT headache. Vodafone hopes that "Secure SIM" will help alleviate this worry.
Secure SIM is the company's name for a SIM card for smartphones that is intended to protect network security. The technology also protects phone calls against tapping and provides encryption for email and text messages. However, the real mobile security challenge is the culture of personal mobile devices. And it is not clear that any pure technology solution can fully solve this problem.
As reported by Mikael Ricknäs at InfoWorld, the SIM card will provide a secure login for employees. When an employee logs into the enterprise network, the card and server trade encryption key data and the user enters a PIN code. Only when these have been checked and accepted does the user get network access.
Vodafone says that starting in June, Secure Login will become the first service to use Secure SIM, offered as an alternative to conventional smartcards. No additional software is needed for Secure SIM to function, and according to Markus Lause, director of sales consulting and services in Germany, the card will work for about 90 percent of smartphones.
However, security on iOS devices will be less than on Android devices, because Apple declined to provide full access to the iOS operating system.
Hoover's identifies Vodafone competitors as including Deutsche Telekom, Orange, and Telefonica Europa. In global perspective, the major US carries could all be added to this competitive environment. And all are under pressure to provide more secure mobile communications.
The BYOD Challenge
The problem for IT managers and security specialists, however, is not a purely technical one. Thus ensuring adequate security for mobile devices may not have a purely technological solution.
At the heart of the IT mobile device security challenge lies not technology but culture. Employees regard their smartphones (and other mobile devices, such as tablets) as personal to them. Office desktops were never seen this way, nor even laptops that went out of the office.
In principle, firms could simply provide employees with company smartphones for business use. (The US federal government does exactly this.) But employees want the convenience of using their own personal devices. And these employees notably include people in the C-suite, so they usually get what they want. Thus the emergence of a bring-your-own-device (BYOD) culture. For IT, this means devices that IT does not fully control. A company-owned laptop can be remotely wiped clean if its security is compromised. An employee's personal smartphone, not so much.
Technologies such as Secure SIM will help raise IT managers' comfort level, but they can only go so far. BYOD will continue to pose a complex puzzle for IT security.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.