- Android devices are an increasingly rich target for mobile malware writers, which makes securing those devices as they are used in the workplace a key element of any BYOD or COPE program.
- IT security pros should insist any BYOD program require the most up-to-date mobile OS versions and ensure the anti-malware protections included in any MDM or MEM deployment are top notch.
Now that all smartphone and tablet Christmas presents are making their way into the enterprise, it is important to examine the security protections put in place to secure their access to enterprise applications and data. Beyond authentication, passwords, remote lock and wipe, and other basic security measures provided in enterprise mobile management suites, anti-malware for those mobile endpoints is a key element that should be carefully scrutinized.
With Android pulling away as the dominant mobile OS, the rise of malware targeting Android has been swift and appears to be accelerating. Android garnered a 79% market share in Q2 2013, with iOS trailing as the second largest market share owner with 13%, according to one estimate. Ironically, the U.S. government estimated in a recent study that 79% of all mobile malware is aimed at Android. In the private sector, researchers at anti-malware vendor Trend Micro found last year that malware targeting Android was growing at a rate of about 350%.
So, as enterprises grapple with creating policies and programs around BYOD, IT security pros should lobby to require that those endpoints employ solid ant-malware protections. Policies should also dictate that employees using their Android smartphones and tablets at work maintain the most up-to-date versions of the mobile OS to ensure known security issues have been patched. At the same time, as enterprise IT shops evaluate MDM or mobile enterprise management tools – whether for the first time or as they rethink their requirements – one of the key elements of any purchase should be the level of effectiveness of the anti-malware tools included in those suites. How deep are the research capabilities of the organization selling the mobile anti-malware? How does its mobile anti-malware stack up in independent tests? How much visibility into the endpoint does it afford to IT security pros? Such endpoints are more often than not the entry point for data-stealing malware that seeks to make its way into the corporate data center.