Security vendors turn eyes to smartphones

Security software makers begin to flood the market with products aimed at helping protect enterprise users' increasingly powerful mobile devices

Symantec, McAfee, and a swarm of rival security software makers are beginning to ship a wider number of products designed specifically to protect smartphones, the more PC-like handhelds that are finding their way into a growing number of enterprises.

Sales of smartphones grew by roughly 66 percent to 81 million units in 2006, according to estimates published by researchers Gartner, in Stamford, Conn.

And while the devices haven't yet penetrated the United States market to the same extent they've found homes with business users in areas of Asia and Europe, market watchers are predicting that a vast majority of large U.S. companies will distribute at least a handful of the handhelds to workers before the end of 2007. Many will buy hundreds.

Based on the growing proliferation and complexity of smartphones -- which offer wireless e-mail, Internet access, and mobile business applications along with their calling functions -- security applications vendors see range of opportunities to carry the same tools they've been selling on the desktop onto the emerging mobile platforms.

On March 26, Symantec launched its new set of security applications for smartphones running on Microsoft's Windows Mobile operating system.

In addition to adding Microsoft's flagship device OS to its stable, which also includes coverage for high-end handhelds based on software made by Palm and Symbian, the package introduces new VPN (virtual private network), data encryption, anti-spam features.

Symantec and its rivals are betting that companies will soon want to license robust suites of mobile security applications just as they buy many forms of desktop software today.

"Beyond the protection of the environment itself, people are already going a step further; they already know that they need to protect bits that make up the data now that some of the most valuable data a company can have is on the hips of c-level executives around the globe," said Paul Miller, managing director for Mobile Security at Cupertino, Calif.-based Symantec.

Experts admit that few mobile viruses have plagued smartphone users yet despite the known existence of a sizeable number of proof-of-concept attacks, but some predict that handheld malware is coming.

Miller said that Symantec is convinced that there will even be widespread attacks that spy on not only data, but also phone conversations. So-called snoopware applications, used to listen-in on audio input received by a device's microphone, are very real and may be used in targeted ways to listen-in on specific individuals, he said.

On the same day, Symantec's closest rival, Santa Clara, Calif.-based McAfee, announced a new program to inspect and certify mobile content and applications for network operators and other wireless carriers. The idea is to keep unapproved software from finding its way onto the operators' networks.

In his initial rounds of interviews after being named McAfee's new chief executive on March 5, David DeWalt cited mobile security as one of the primary areas where he's expecting the firm to grow in the next few years.

"We have a Nokia executive on our board, and I constantly see endpoint device security opportunities," DeWalt told InfoWorld. "It's a high-growth market with opportunities to sell to mobile providers, and there is more content and applications on the devices all the time. I see all sorts of filtering and virus protection opportunities."

Also launched on March 26 was a set of smartphone management and security tools made by Trust Digital, based in McLean, Va., that will be resold by operators including Verizon Wireless.

One enterprise company already using Trust Digital's array of smartphone firewall, authentication, encryption and management applications is plastics manufacturer Chevron PetroChemical, based in Houston.

Jonathan Perret, IT remote connectivity analyst for Chevron PetroChemical, said his company couldn't distribute over 130 Windows Mobile devices made by Motorola and Samsung to employees without using aftermarket protection.

The firm previously banned employee use of smartphone devices including the Research In Motion BlackBerry because the company didn't have adequate support in place to control or secure the handhelds.

"Security slowed down previous adoption of PDAs and even our current smartphone deployment because we were waiting for new security tools; we were limiting devices because of an inability to secure them," Perret said. "These devices are originally targeted at the retail market and their frequency of change does not happen at the same speed as the enterprise moves."

Before a smartphone carrying important corporate data is ever lost, broken or infected in the field, an IT department must know that it can protect information onboard and mitigate companies' risks, he said.

"You don't see the same vulnerabilities that desktops have, but we're limiting the capabilities of the device, encrypting the data and enforcing what devices can access on the network," said Perret. "We have to take the basic precautions against anything that can happen; there might be some e-mail virus in the future specifically designed to function on these devices, and hopefully we'll stop those at the perimeter, not at the device level, but the key is to have layers in place."

Copyright © 2007 IDG Communications, Inc.

How to choose a low-code development platform